PROFESSIONAL STANDARDS MANUAL - Vermont

3y ago
11 Views
2 Downloads
2.61 MB
211 Pages
Last View : 8d ago
Last Download : 8m ago
Upload by : Rosemary Rios
Transcription

PROFESSIONALSTANDARDSMANUAL(Version 3.0)VERMONTOFFICE OF THE AUDITOROF ACCOUNTS

Douglas R. HofferSTATE AUDITORSTATE OF VERMONTOFFICE OF THE STATE AUDITORAugust 1, 2019Message from the Auditor:I am pleased to introduce the updated PROFESSIONAL STANDARDS MANUAL (PSM) forthe Vermont State Auditor’s Office. This version of the PSM reflects the 2018 changes togenerally accepted government auditing standards (GAGAS) promulgated by the U.S.Government Accountability Office. As required by the 2018 standards, this version of the PSMapplies to all performance audits beginning on or after July 1, 2019.As auditors we hold others to high performance standards and can expect no less from ourselves.To ensure that we meet these standards, we undergo a peer review process conducted by auditorsfrom other states in which the policies and procedures laid out in this manual are checked forcompliance with GAGAS. Peer review teams also check whether the audits themselves complywith GAGAS. We have received the highest peer review rating available in the past, and I amconfident that we will continue to do so using the processes and procedures outlined in thisrevised manual.I would like to express my thanks to the team of professionals who revised this manual to reflecttoday’s standards and the auditing goals of this Office. It provides a solid foundation for servicesthat will truly help the State of Vermont and its citizens.Sincerely,Douglas R. HofferVermont State Auditor132 State Street Montpelier, Vermont 05633-5101Auditor: (802) 828-2281 Toll-Free (in VT only): 1-877-290-1400 Fax: (802) 828-2198e-mail: auditor@vermont.gov website: www.auditor.vermont.gov

ContentsPageChapter 1Chapter 2Chapter 3Statutory Authority, Mission, and Core ValuesOverview1.1 Statutory Authority1.2 Mission Statement1.3 Core Values1.4 Purpose and Use of Manual1.4.1 Terminology1.4.2 TeamMate 1-11-11-21-21-31-41-5IndependenceOverview2.1 External Audit Organizations2.1.1 GAGAS Citation2.1.2 SAO Standard2.1.2.1 Independence for External Audit Organizations2.1.2.2 Independence When Performing Non-audit Services2.2 Staff Independence2.2.1 GAGAS Citation2.2.2 SAO Standard2.3 Independence of Other Auditors and Specialists2.3.1 GAGAS Citation2.3.2 SAO Standard2.4 Monitoring Compliance with SAO Policies2.4.1 GAGAS Citation2.4.2 SAO StandardAppendix 2.1 GAGAS Conceptual Framework for IndependenceAppendix 2.2 Non-audit Service Independence FormAppendix 2.3 Annual Statement of IndependenceAppendix 2.4 Engagement Statement of IndependenceProfessional CompetenceOverview3.1 Recruiting and Hiring3.1.1 GAGAS Citation3.1.2 SAO -102-102-122-132-152-173-13-13-13-18/1/19Page i

Contents3.2 Training3.2.1 GAGAS Citation3.2.2 SAO Standard3.2.2.1 Maintaining CPE Compliance3.2.2.2 Tracking and Supporting Documentation3.2.2.3 Reimbursement of Continuing Education, ProfessionalCertifications & Professional Organization Dues3.3 Performance Management3.3.1 GAGAS Citation3.3.2 SAO Standard3.3.2.1 Performance Management3.3.2.2 Expectations and Progress Report3.3.2.3 Performance Evaluation3.3.2.4 Awards and RecognitionAppendix 3.1 Staff Competency ModelAppendix 3.2 Audit Project Expectations and Performance Progress ReportChapter 4Work EnvironmentOverview4.1 Use and Protection of SAO Resources4.1.1 GAGAS Citation4.1.2 SAO Standard4.1.2.1 Allowable Use4.1.2.2 Protection of IT Resources4.1.2.3 Disposal of IT Equipment4.2 Records Management4.2.1 GAGAS Citation4.2.2 SAO Standard4.2.2.1 General Requirements4.2.2.2 Guidance Pertaining to Documents Obtained andDeveloped During Audits4.2.2.3 Audit Documentation and Recordkeeping4.3 Securing Sensitive Data and Documentation4.3.1 GAGAS Citation4.3.2 SAO 4-124-124-128/1/19Page ii

4 Breaks4.4.1 GAGAS Standard4.4.2 SAO Standard4.5 Alternative Work/Flex-Time Schedules4.5.1 GAGAS Citation4.5.2 SAO Standard4.6 Telework4.6.1 GAGAS Citation4.6.2 SAO CitationChapter 5Client Relations (Reserved)5-1Chapter 6Engagement Portfolio ManagementOverview6.1 Sources of Work6.1.1 GAGAS Citation6.1.2 SAO Standard6.2 Description of Type of Work Performed6.2.1 GAGAS Citation6.2.2 SAO Standard6.3 Risk Assessments of Potential Engagements6.3.1 GAGAS Citation6.3.2 SAO Standard6.4 Engagement Decision-making6.4.1 GAGAS Citation6.4.2 SAO Standard6.5 Referrals to Others6.5.1 GAGAS Citation6.5.2 SAO Standard6.6 Maintenance of Engagement Portfolio6.6.1 GAGAS Citation6.6.2 SAO 6-66-66-76-76-78/1/19Page iii

ContentsPage6-86-86-86-96.7 Staffing Engagements6.7.1 GAGAS Citation6.7.2 SAO StandardAppendix 6.1 Job Initiation Memorandum ExampleChapter 7Performance AuditsOverview7.1 Planning the Engagement7.1.1 GAGAS Citation7.1.2 SAO Standard7.1.2.1 Survey Phase7.1.2.2 Detailed Planning Phase7.2 Special Planning Considerations7.2.1 GAGAS Citation7.2.2 SAO Standard7.2.2.1 Internal Controls7.2.2.2 Information System Controls7.2.2.3 Laws, Regulations, Contracts and Grants7.2.2.4 Fraud, Waste, and Abuse7.2.2.5 Previous Audits and Attestation Engagements7.2.2.6 Use of Specialists7.3 Execution of the Audit7.3.1 GAGAS Citation7.3.2 SAO Standard7.3.2.1 Evidence7.3.2.2 Elements of a Finding7.3.2.3 Audit Documentation7.3.2.4 Supervision and Review7.3.2.5 Exit Conference7.3.2.6 Terminating Audits Prior to Completion7.4 Reporting7.4.1 GAGAS Citation7.4.2 SAO Standard7.4.2.1 Product Types7.4.2.2 Report 67-367-387-387-388/1/19Page iv

7-877-897-907-917-927.4.2.3 Message Meetings7.4.2.4 Report Structure and Required Elements7.4.2.5 Indexing and Referencing7.4.2.6 Report Review Process7.4.2.7 Obtaining the Views of Responsible Officials7.4.2.8 Final Review and Signoff7.4.2.9 Distribution7.4.2.10 Reporting Confidential or Sensitive Information7.4.2.11 Workpapers Associated with Reporting Phase7.5 Post-Issuance7.5.1 GAGAS Citation7.5.2 SAO StandardAppendix 7.1 Flowchart of Audit ProcessAppendix 7.2 Sample Job Announcement LetterAppendix 7.3 Suggested Background MaterialsAppendix 7.4 ReservedAppendix 7.5 Design MatrixAppendix 7.6 Documenting the Results of the Design MeetingAppendix 7.7 Internal Control AssessmentAppendix 7.8 Information System Control PlanningAppendix 7.9 ReservedAppendix 7.10 Documenting the Results of the Message MeetingAppendix 7.11 Report Quality ChecklistAppendix 7.12 Indexing ChecklistAppendix 7.13 Referencing Review Point SheetAppendix 7.14 Referencer’s ConsiderationsAppendix 7.15 Sample Letter for Transmitting a Report For CommentChapter 8Financial Audits (Reserved)8-1Chapter 9Other Work ProductsOverview9.1 Non-Audit Work Products9.1.1 GAGAS Citation9.1.2 SAO StandardAppendix 9.1 Administrative Checklist for Non-audit Products9-19-19-19-19-48/1/19Page v

ContentsChapter 10 Public AffairsOverview10.1 Dealing with the Media10.1.1 GAGAS Citation10.1.2 SAO Standard10.1.2.1 Report Distribution10.1.2.2 Guidelines for Media Relations10.2 Public Record Requests10.2.1 GAGAS Citation10.2.2 SAO Standard10.2.2.1 Public Records Statute10.2.2.2 Workpapers10.2.2.3 SAO Procedures for Responding to a PublicRecords RequestChapter 11 Tracking Audit RecommendationsOverview11.1 Tracking of Audit Recommendations11.1.1 GAGAS Citation11.1.2 SAO Standard11.2 Followup on Audit Recommendations11.2.1 GAGAS Standard11.2.2 SAO Standard11.2.2.1 Follow-up Process11.2.2.2 Supervisory Review and Reporting of ResultsAppendix 11.1 Recommendation Followup Letter to State OrganizationsChapter 12 Quality Control and AssuranceOverview12.1 System of Quality Control12.1.1 GAGAS Citation12.1.2 SAO Standard12.2 Quality Control Policies and Procedures12.2.1 GAGAS Citation12.2.2 SAO 12-112-112-112-112-212-212-28/1/19Page vi

Contents12.3 Documenting Compliance with Quality Control Policies and Procedures12.3.1 GAGAS Citation12.3.2 SAO Standard12.4 Monitoring of the System of Quality Control12.4.1 GAGAS Citation12.4.2 SAO Standard12.4.2.1 Annual Quality Control Review12.4.2.2 Treatment of Quality Control Comments12.5 Peer Review12.5.1 GAGAS Citation12.5.2 SAO StandardAppendix 12.1 Quality Control Review FormAppendix 12.2 Administrative Quality Assessment Checklist(AQA Checklist)Appendix 12.3 Engagement Quality Assessment Checklist(EQA 12-612-612-812-1012-11Chapter 13 Strategic Planning and Performance ReportingOverview13.1 Strategic Plan13.1.1 GAGAS Citation13.1.2 SAO Standard13.2 Performance Reporting13.2.1 GAGAS Citation13.2.2 SAO Standard13-113-113-113-113-313-313-3Chapter 14 Maintenance of Professional Standards ManualOverview14.1 GAGAS Citation14.2 SAO Standard14.2.1 Location of Manual14.2.2 Responsibility for Revisions14.2.3 Revision Process14.2.4 Version ControlAppendix 14.1 Change Management Form14-114-114-114-114-214-214-314-48/1/19Page vii

OITPSMQCSAOSOCVSAVSARAAgency of Digital ServicesAdministrative Quality AssessmentCommittee of Sponsoring Organizations of the TreadwayCommissionCertified Public AccountantContinuing Professional EducationDepartment of Human ResourcesEngagement Quality AssessmentGenerally Accepted Government Auditing StandardsGovernment Accountability OfficeInformation TechnologyProfessional Standards ManualQuality ControlState Auditor’s OfficeService Organization ControlVermont Statutes AnnotatedVermont State Archives and Records Administration8/1/19Page viii

Chapter 1Statutory Authority, Mission, and Core ValuesOverviewThis chapter describes the legal basis in State law for the authority and dutiesof the office of State Auditor (also known as “auditor of accounts”) anddescribes the primary mission and values of the Office. Lastly, this chapterdescribes how this manual is to be used as part of fulfilling our statutoryresponsibilities, mission, and core values.1.1Statutory AuthorityThe Office of State Auditor (Auditor of Accounts) was established by theVermont General Assembly before statehood in the 1770s to be a check onthe duties of State Treasurer, and later, by Constitutional Amendment in the1880s, the Auditor became one of five state officers to be elected on astatewide basis (§43).The primary statutory duties and authorities for the SAO can be found at 32VSA §163 and §167. 1 The bulk of the office’s work is covered by 32 VSA§163(1), which states that the office shall “annually perform or contract forthe audit of the basic financial statements of the state of Vermont and, at hisor her discretion, conduct governmental audits as defined by governmentalauditing standards issued by the United States Government AccountabilityOffice (GAO), of every department, institution, and agency of the stateincluding trustees or custodians of retirement and other trust funds held bythe state or any officer or officers of the state, and also including everycounty officer who receives or disburses funds of the state or for the benefitof the state or any county.”32 VSA §167, in turn, provides the State Auditor with broad authority toobtain and review records, stating “For the purpose of examination and auditauthorized by law, all the records, accounts, books, papers, reports, andreturns in all formats of all departments, institutions, and agencies of theState, including the trustees or custodians of trust funds and all municipal,school supervisory union, school district, and county officers who receive ordisburse funds for the benefit of the State, shall be made available to theAuditor of Accounts.”1In addition to the SAO’s statutory authority, the legislature periodically includes requirements insession law.8/1/19Page 1-1

Chapter 1Statutory Authority, Mission, and Core ValuesOther statutes outline advisory or procedural responsibilities for the StateAuditor, including:1.2 16 VSA §2177(b): Auditor or designee is a non-votingrepresentative to audit committee established by the Vermont StateColleges Board of Trustees. 16 VSA §2281(a): Auditor or designee is a non-votingrepresentative to the audit committee established by the Board ofTrustees of the University of Vermont and State AgriculturalCollege. 32 VSA §1001(d)(1): Auditor to be non-voting ex officio memberof the Capital Debt Affordability Advisory Committee.Mission StatementThe mission of the Auditor’s Office is to hold state government accountable.This means ensuring that taxpayer funds are used effectively and efficiently,and that we foster the prevention of waste, fraud, and abuse.1.3Core ValuesThe Vermont State Auditor’s Office is dedicated to providing governmententities, the Vermont Legislature, and the public with professional auditservices that are: useful; timely; accurate; objective; of high quality; done in a fair and ethical manner; and in accordance with generally accepted government auditing standards(GAGAS).8/1/19Page 1-2

Chapter 1Statutory Authority, Mission, and Core ValuesIn addition, we are committed to improving the professional skills of ourstaff, sharing our knowledge with others, and maintaining a workenvironment that is ethical, supportive, respectful, collaborative, andproductive.The SAO will play a key role in the financial and performance managementof State government and will help improve the efficiency, quality, andeffectiveness of services that the State provides. The basic premisesunderlying our mission and goals are:1.4 Public employees are responsible for the efficient, economical andeffective use of the resources entrusted to them by their constituenciesor by other levels of government. Public employees are accountable to those who provide the resourcesthey use to carry out government programs. The SAO should makeaudit results available both to other government levels that havesupplied resources and to the taxpayers and citizens of Vermont. Government audits provide key information to stakeholders and thepublic to maintain accountability; help improve program performanceand operations; reduce costs; facilitate decision making; stimulateimprovements; and identify current and projected cross-cutting issuesand trends that affect government programs and the people thoseprograms serve. The working relationship developed with the audited agency ordepartment is important to any audit’s success. The audit staff musthave a professional, positive, independent, and constructive approachin conducting the audit and in presenting audit results. Auditors must be aware that they have an analytic, not policy making,role. With this understanding, audits and audit reports are fair,objective, and unbiased.Purpose and Use of ManualThis manual is a key component in fulfilling our mission and being true toour statutory responsibilities and core values. It sets forth how our officemaintains its independence and objectivity as well as how we ensure that ouraudits are conducted with integrity and are managed in a way that ensuresthat appropriate conclusions are reached.8/1/19Page 1-3

Chapter 1Statutory Authority, Mission, and Core ValuesAll audits conducted by the SAO are expected to meet GAGAS requirementsas issued by the Comptroller General of the United States and the U.S.Government Accountability Office (GAO). These standards are herebyincorporated by reference and made part of this manual. The Director ofInformation Technology (IT) and Performance Audits is responsible foridentifying GAGAS amendments and interpretive guidance anddisseminating this information to SAO staff through updates to this manual orvia other means. (GAGAS 2.06)1.4.1TerminologyThis manual adopts the terminology protocol in GAGAS, which contains twotypes of requirements, (1) unconditional requirements and (2) presumptivelymandatory requirements. (GAGAS 2.02) Unconditional requirements are those in which audit organizationsand auditors must comply when the requirement is relevant.Unconditional requirements use the terms “must” or “is required.” Presumptively mandatory means that auditors are required to complywith these requirements in all cases where such a requirement isrelevant except in rare circumstances in which it is determined that itis necessary to depart from it. In such rare circumstances, auditorsshould perform alternative procedures to achieve the intent of therequirement. In addition, auditors must document their justificationfor the departure and how the alternative procedures performed in thecircumstances were sufficient to achieve the objectives of thepresumptively mandatory requirement. The need for the auditors todepart from a relevant presumptively mandatory requirement isexpected to arise only when the requirement is for a specificprocedure to be performed and, in the specific circumstances of theaudit, that procedure would be ineffective in achieving the intent ofthe requirement. (GAGAS 2.03, 2.04, 2.08) Presumptively mandatoryrequirements are denoted by the use of the term “should.”The 2018 GAGAS update explicitly identifies standards that are requirementsversus those that are application guidance. This manual cites all relevantrequirement standards. GAGAS application guidance provides furtherexplanation of the requirement standards, such as more precision about theirmeaning or intent or procedure examples. If deemed particularly important,this manual will also cite application guidance standards. Whether explicitlycited or not, SAO auditors are expected to read and understand all relevantGAGAS sections, including the application guidance. (GAGAS 2.05)8/1/19Page 1-4

Chapter 1Statutory Authority, Mission, and Core Values1.4.2TeamMate In early 2018, the SAO implemented an electronic workpaper solution,TeamMate . SAO auditors should consult the TeamMate user manual forhow the requirements and guidance in this manual have been operationalizedin this system.8/1/19Page 1-5

Chapter 2IndependenceOverview TIP . . . Auditorsmaintain independenceso that opinions,findings, conclusions,and recommendationswill be impartial, andviewed as impartial, byreasonable andinformed third parties.Auditors should avoidsituations that couldlead reasonable andinformed third partiesto conclude that theauditors are notindependent. (GAGAS3.19, 3.22) TIP . . .Independencecomprises (1)independence of mindand (2) independenceof appearance (GAGAS3.21).This chapter establishes general standards and provides guidelines forensuring the State Auditor’s Office and the individual auditor remain freefrom personal, external, and organizational impairments to independence andavoid the appearance of such impairments of independence. GAGAS 3.18states:“In all matters relating to the GAGAS engagement,auditors and audit organizations must be independent froman audited entity.”It is SAO policy that all audit personnel will act in the public interest and willbe familiar with and adhere to the independence rules, regulations,interpretations, and rulings issued by the Comptroller General of the UnitedStates, the American Institute of Certified Public Accountants, the State ofVermont Board of Accountancy 2, the Vermont Society of CPAs, 3 and statestatutes.For the office as a whole, the SAO has adopted the conceptual independenceframework promulgated by GAGAS. This framework is applied at the auditorganization, audit, and individual auditor levels to: (1) identify threats toindependence, (2) evaluate the significance of the threat, and (3) applysafeguards 4 as necessary to eliminate the threats or reduce them to anacceptable level. 5 (GAGAS 3.26 and 3.27) Appendix 2.1 contains a graphicthat illustrates this conceptual framework.2345Board of Accountancy Rules, Part 10, Professional Conduct.The Vermont

I am pleased to introduce the updated PROFESSIONAL STANDARDS MANUAL (PSM) for . Chapter 1 Statutory Authority, Mission, and Core Values . Overview 1-1 . 1.1 Statutory Authority 1-1 . Overview 9-1 . 9.1 Non-Audit Work Products 9-1 9.1.1 GAGAS Citation 9-1 .

Related Documents:

Vermont Tax Guide for Military and National Services Step 1: Determine if you are a resident or nonresident of Vermont Most military-affiliated persons will determine residency status using the general Vermont rules that follow. A. General Rule for Resident of Vermont Generally, a person is a resident of Vermont if one of the following applies: 1.

Vermont Special Education Rules (Revised: 2013) Page 2 of 169 STATE OF VERMONT GOVERNOR Peter Shumlin VERMONT AGENCY OF EDUCATION SECRETARY Armando Vilaseca VERMONT STATE BOARD OF EDUCATION 2013 Stephan Morse,

Appendix E: Vermont Health Information Technology Plan, Presentation to GMCB. Appendix F: Data Governance Charter, Green Mountain Care Board . Data Governance Implementation HIT e . Vermont Health Data Utility: Governance and Strategic Priorities Vermont Health Care Innovation Project / December 2016 5 1. Introduction The Vermont Health .

other insurance carriers in the appropriate field on your claim form. When the entire allowed amount is applied to the primary insurance deductible, the claim may be submitted to Vermont Medicaid but must be accompanied by an E xplanation of Benefit (EOB). Vermont Medicaid will consider payment based on the Vermont Me dicaid allowed amount after

Guide to Homeschooling State of Vermont Vermont Agency of Education Home Study Office 1 National Life Drive, Davis 5 Montpelier, VT 05620-2501 Secretary of Education Daniel French Staff in the Home Study Office Alicia Hanrahan AOE.homestudy@vermont.gov P: 802-828-6225 F: 802-828-6433

Vermont Department of Libraries. The award is named after Vermont’s state flower and is given annually to one of ten committee-nominated picture books that receives the most votes from Vermont children in grades K-4. This guide is meant to be a road map as you navigate the Red Clover Book Award Program in your library or classroom.

Vermont Public Radio 365 Troy Avenue Colchester, VT 05446 X X www.VPR.net X 1975 VT Listener-supported Vermont Public Radio has served the people of Vermont and the surrounding region since 1977 as Vermont's only statewide public radio network, VPR is a trusted and independent source for new

across Vermont through twelve regional academic centers and the use of technology, was founded by executive order of Governor Deane Davis. ! 1961: Vermont Legislature creates a public corporation known as the Vermont State Colleges, reinforcing the value of small colleges and building the strength of a larger public system.