Local government agencies and quasi-public organizations (local auditees) that receive $500,000 or more in revenues and other sources (local government agencies) or state and/or local assistance (quasi-public organizations) are required to provide an annual audit report to the Louisiana Legislative Auditor (LLA). For more information about the types of reports local auditees are required to provide to LLA, see What Kind of Report Does My Agency Need To Provide To the Legislative Auditor?
Audits result in a report, and include a document that is prepared by the CPA and referred to as the auditor’s opinion, which states whether the auditor believes the financial statements are materially correct.
A clean or unmodified opinion does not mean that the auditor is certifying that the financial statements are free of errors, or that no fraud occurred. In order to give this type of assurance, the auditor would need to test every transaction that occurred during the year. This would be costly to the agency, and make it difficult to issue the audit in a time frame so that the information would be relevant to users of the report.
In order to balance efficiency with effectiveness, generally accepted auditing standards allow CPAs to test a representative sample of transactions during an audit. The sample that is chosen is based on the CPA’s judgment, and is normally based on factors such as the dollar amount of the transaction and the likelihood that the transaction may be misstated, whether due to error, or due to someone trying to cover up a fraud or misappropriation.
For instance, in an audit of a utility district that receives a lot of cash payments, the CPA may spend a large part of the time budget testing utility receipts. There are sound reasons for this methodology – utility receipts make up the majority of a utility district’s revenue; cash is portable and easily convertible for the needs of a utility clerk or other employee who is not entitled to it; and, depending upon the controls the district has in place, it may be possible for an employee who takes cash utility receipts to conceal the theft through manipulation of the accounting records.
In order to adequately test utility receipts but still get the audit completed in a timely manner, the auditor of a utility district may decide to spend less time testing areas of a lower dollar amount or that he or she perceives to be less prone to risk of misstatement due to error or fraud. For example, the auditor may decide that travel expenses are not a significant area of risk, due to the relatively low dollar amount of the account balance and the controls the executive director says have been put in place. Consequently, travel expenses are not audited in the same manner as utility receipts are – maybe for years.
Then one year, the auditor notices that the travel expense account balance is unusually large. Upon further investigation, the auditor discovers that the district’s director is charging off his personal travel expenses through the district’s travel account. It has been going on for years, but because the amount of the account balance has always been low compared to the rest of the expense account balances, it was never detected. But this year, because the director got greedy or careless, the matter came to the attention of the auditor.
As unbelievable as it may seem to non-CPAs, the audits in which the director’s actions were not detected may have been adequately performed in accordance with generally accepted auditing standards – but that is little comfort to taxpayers who all too often see persons using public funds for private purposes.
LLA regularly receives complaints about what is called the expectation gap - the difference in what people think a CPA tests during an audit and what a CPA actually tests. In order to address these concerns, LLA considered other types of engagements in which the CPA could be required to take a more careful look at areas that might not end up in the representative sample tested in an audit engagement, and that may have caught, for example, what the hypothetical director of the utility district was doing.
One of these types of engagements is an agreed-upon procedures engagement. In an agreed-upon procedures engagement, the CPA performs procedures that are determined or agreed upon before the engagement begins. This type of engagement is not an audit, but can be structured to examine accounts that may not get much scrutiny during a normal audit.
In February 2017 the LLA promulgated a statewide agreed-upon procedures engagement that must be performed for almost every local auditee that is required by R.S. 24:513 to provide for annual audited financial statements, beginning with fiscal years ending on or after June 30, 2017. The objective of the statewide agreed-upon procedures is to correct internal control processes of local entities in order to lessen their risks of fraud, waste, or abuse in the future. The current statewide agreed-upon procedures engagement addresses these 14 areas:
- Written Policies and Procedures
- Board or Finance Committee
- Bank Reconciliations
- Collections
- Non-Payroll Disbursements
- Credit, Debit, Fuel, and/or Purchase Cards
- Travel and Travel-Related Expense Reimbursements
- Contracts
- Payroll and Personnel
- Ethics
- Debt Service
- Fraud Notice
- Information Technology (IT) Disaster Recovery/Business Continuity
- Prevention of Sexual Harassment
The CPA performs the statewide agreed-upon procedures engagement in accordance with attestation standards established by the American Institute of Certified Public Accountants and Government Auditing Standards, and in conjunction with their audit engagement, and issues a report with any exceptions noted. The statewide agreed-upon procedures report, along with management's responses and corrective actions is issued with the local auditee's audit report.
Beginning with reports submitted on or after March 1, 2023, auditors will report whether any exceptions were found for each of the agreed-upon procedures performed, except the IT Disaster Recovery/Business Continuity procedure, by responding "Yes", "No", or "N/A" (Not Applicable). This information is reported in the Local Government Reporting System (CPA portal) under the Submit Questions section.
The list of statewide agreed-upon procedures to be performed, a sample engagement agreement, a sample representation letter, an example AUP report, and answers to frequently asked questions may be found on LLA’s website.
Questions:
- Many of the areas the statewide agreed-upon procedures cover – such as bank reconciliations and payroll and personnel – look like areas that the CPA should be testing during their audit. Wouldn’t that be duplication of effort?
- Are nonprofits that report to LLA required to have the statewide agreed-upon procedures performed?
- My agency is required by R.S. 24:513 to provide an annual compilation report to LLA. However, we voluntarily provide an audit. Are we required to have the agreed-upon procedures engagement performed?
- What gives LLA the authority to require local auditees to provide for the statewide agreed-upon procedures engagement in addition to their statutorily required audit?
- Aren’t the statewide agreed-upon procedures engagements going to be expensive for local auditees?
- In performing Procedure 6, Credit Debit, Fuel and/or Purchase Cards, the only exception found from the 50 transactions I observed was that one itemized receipt did not include written documentation of the business/public purpose. Do I have to answer "Yes" to the entire procedure, even though no exceptions were found in 49 of the 50 transactions?