Audit Glossary

Acts of fraud, waste, or abuse impact the resources of a government and its agencies. In the use of government funds or property, abuse is behavior that is deficient or improper when compared with behavior that a prudent person would consider reasonable and necessary given the facts and circumstances.

Due to the increased use of databases, the growth of access points on networks, and wireless technologies, virtually all entities subject to audits have some risk associated with access controls. Access controls are the rocedures designed to restrict access to online terminal devices, programs, and data. Access controls consist of “user authentication” and “user authorization.” User authentication typically attempts to identify a user through unique logon identifications, passwords, access cards, or biometric data. User authorization consists of access rules to determine the computer resources each user may access. Such procedures are designed to prevent or detect
    • unauthorized access to online terminal devices, programs, and data;
    • entry of unauthorized transactions;
    • unauthorized changes to data files;
    • use of computer programs by unauthorized personnel; and
    • use of computer programs that have not been authorized.

Accountability is the acknowledgment and assumption of responsibility for actions and decisions, and the obligation to report and respond to resulting consequences. According to Government Auditing Standards (also referred to as the Yellow Book), management and officials of government programs are responsible for providing reliable, useful, and timely information to ensure transparency and accountability of their programs. Government auditing is essential in providing accountability to legislators, oversight bodies, those charged with governance, and the public.

See also
• audit committee
• Financial Integrity Act
• Generally Accepted Government Auditing Standards (GAGAS)
• risk assessment
• transparency
• Yellow Book

The accrual basis of accounting method accounts for all of a government’s activities during an accounting period, measuring not just current assets and liabilities but also long-term assets and liabilities (such as capital assets, including infrastructure, and general obligation debt). It also reports all revenues and all costs of providing services each year, not just those received or paid in the current year or soon after year-end.

Government-wide financial statements are presented using the full accrual method.

See also
• asset
• government-wide financial statements
• liability
• modified accrual basis of accounting

See compliance requirements in a Single Audit. 

See types of financial statement audit report opinions.
See types of Single Audit compliance report opinions.

Agency funds are used to account for the assets held by the state for individuals, private organizations, and other governments. The State of Tennessee’s agency funds are the Local Government Fund, Contingent Revenue Fund, and Retiree Health Funds.

See also
• fund/fund accounting

See attestation engagements. 

See compliance requirements in a Single Audit.

American Institute of CPAs is the world’s largest member association representing the accounting profession, with more than 418,000 members in 143 countries, and a history of serving the public interest since 1887. AICPA members represent many areas of practice, including business and industry, public practice, government, education, and consulting.

The AICPA’s Professional Ethics Executive Committee sets ethical standards for the profession and the Auditing Standards Board (ASB) sets U.S. auditing standards for private companies; nonprofit organizations; and federal, state, and local governments. It develops and grades the Uniform CPA Examination, and offers specialty credentials for CPAs who concentrate on personal financial planning; forensic accounting; business valuation; and information management and technology assurance. It participates with the Financial Accounting Standards Board (FASB) and the Governmental Accounting Standards Board (GASB) in establishing accounting principles.

See also
• Auditing Standards Board (ASB)
• Certified Public Accountant (CPA)
• Financial Accounting Standards Board (FASB)
• Governmental Accounting Standards Board (GASB)

Amortization is the systematic allocation of the cost of an intangible asset (e.g., patent, trademark, or computer software) over its useful life. For example, if something valued at $100 is to be amortized over 10 years, the financial reports will include an expense of $10 for each of the 10 years.

See also
• asset
• depreciation

Analytical procedures are an important type of audit evidence. They consist of an analysis of plausible relationships among both financial and nonfinancial data. Analytical procedures can help identify unusual transactions or events and amounts, ratios, and trends that might have implications for audit planning.

Analytical procedures are performed at the three stages of an audit: risk assessment procedures at the beginning of the audit, substantive analytical procedures in the middle, and final analytical procedures. Risk assessment procedures help the auditor better understand the auditee and plan the nature, timing, and extent of audit procedures. Substantive analytical procedures are used to obtain evidential matter about particular assertions related to account balances or classes of transactions. Final analytical procedures are used as an overall review of the financial information in the final review stage of the audit.

See also
• assertions
• evidence
• risk assessment

Many local governments in Tennessee file an Annual Financial Report rather than an Annual Comprehensive Financial Report. The Annual Financial Report is not comprehensive in scope because it normally excludes a statistical section.

See also
• Annual Comprehensive Financial Report (ACFR)

Appropriateness of audit evidence refers to the measure of the quality of audit evidence; that is, its relevance and its reliability in providing support for the conclusions on which the auditor’s opinion is based.

See also
• evidence

Assertions are management’s implied or expressed representations to the auditor about certain aspects of the agency (e.g., all transactions have been recorded in the correct reporting period, all assets and liabilities have been reported, or the information in financial statements has been appropriately presented). Auditors test the validity of these assertions through a variety of audit tests, or analytical procedures.

See also
• analytical procedures

An asset is an accounting term for resources owned by a government that can be used to provide goods and services. Examples are cash, receivables, inventory, and equipment. Current assets are those that can reasonably be expected to be converted into cash, sold, or used in operations within a year. Examples are accounts receivable, prepaid expenses, and inventory. Longterm assets are resources that are expected to be held for at least a year. Examples are fixed assets (vehicles, land, buildings, office equipment, and computers); long-term investments (bonds, stocks, or notes); and intangible assets (patents and trademarks).

Auditors may conduct attestation engagements, which are not audits but are reports on whether a management’s assertion or the subject matter has been prepared in accordance with the appropriate criteria. Attestations include financial statement audits and reporting on forecasts, projections, pro-forma information,
effectiveness of internal control, or the client’s compliance with specified laws, regulations, contracts, or grants. Generally Accepted Government Auditing Standards (GAGAS) describe the three types of attestation engagements as follows:

• Examination: consists of obtaining sufficient, appropriate evidence to express an opinion on whether the subject matter is based on (or in conformity with) the criteria in all material respects, or whether the assertion is presented (or fairly stated), in all material respects, based on the criteria. Of all attestation engagements, examinations most closely mimic audits and provide the highest level of assurance.

• Review: consists of sufficient testing to conclude whether any information came to the auditors’ attention on the basis of the work performed that indicates the subject matter is not based on (or not in conformity with) the criteria or the assertion is not presented (or not fairly stated) in all material respects based on the criteria. Auditors
should not perform review-level work for reporting on internal control or compliance with provisions of laws and regulations.

• Agreed-Upon Procedures: consists of auditors performing specific procedures on the subject matter and issuing a report of findings based on the agreed-upon procedures. In an agreed-upon procedures engagement, the auditor does not express an opinion or conclusion, but only reports on agreed-upon procedures in the form of procedures and findings related to the specific procedures applied.

In Tennessee, the Comptroller’s Office uses attestation standards in its examinations of nursing homes. 

See also
• assertions
• criteria
• finding
• internal control

An audit is an independent, objective quality assurance activity designed to aid management of an organization to accomplish its objectives and improve its effectiveness. Audits provide a nonpartisan assessment of the stewardship, performance, or cost of government policies, programs, or operations, depending upon the type and scope of the audit. Internal auditing is conducted by a unit reporting to management (such as the internal audit division of a state agency), while external auditing is conducted by an independent organization (such as the Comptroller’s Office).

See also
• financial statement audit
• internal auditor
• performance audit 

The audit committee oversees an organization’s auditing and financial reporting and is a board’s tool for ensuring that top management is effectively managing the entity. The audit committee is the final control over top management, which, in the absence of an effective oversight structure, has the power to override the internal controls of the entity.

Through its oversight of top management, the audit committee also indirectly oversees the entity’s operations.

In Tennessee, any state governing board, council, commission, or equivalent body that has the authority to hire and terminate its employees or has the responsibility for the preparation of financial statements is required by Section 4-35-101 et seq., Tennessee Code Annotated, to create an audit committee.

See also
• Audit Committee Act of 2005
• internal control 

In recognition of the benefits of audit committees for government, the Tennessee General Assembly enacted legislation known as the State of Tennessee Audit Committee Act of 2005. Section 4-35-101 et seq., Tennessee Code Annotated, describes the requirement for and the responsibilities of audit committees in Tennessee state government. Any state governing board, council, commission, or equivalent body that has the authority to hire and terminate its employees or has the responsibility for the preparation of financial statements is required to create an audit committee.

At a minimum, audit committees should 

• develop a written charter that addresses the audit committee’s purpose and mission;
• formally reiterate, on a regular basis, to the board, agency management, and staff their responsibilities for preventing, detecting, and reporting fraud, waste, and abuse; 
• serve as a facilitator of any audits or investigations of the agency;
• develop a formal process for assessing the risk of fraud at the agency, including documenting the results of the assessments and assuring that internal controls are in place to adequately mitigate those risks;
• develop and communicate to agency staff their responsibilities to report allegations of fraud, waste, or abuse at the agency to the committee and the Comptroller’s Office, as well as a process for immediately reporting such information;
• immediately inform the Comptroller’s Office when fraud is detected; and
• develop and communicate to the board, agency management, and staff a written code of conduct reminding those individuals of the public nature of the agency and the need for all to maintain the highest level of integrity with regard to the financial operations and any related financial reporting responsibilities of the agency;

to avoid preparing or issuing fraudulent or misleading financial reports or other information; to protect agency assets from fraud, waste, and abuse; to comply with all relevant laws, rules, policies, and procedures; and to avoid engaging in activities that would otherwise bring dishonor to the agency.

See also
• audit committee
• internal control
• risk assessment

See working papers.

Section 8-4-109, Tennessee Code Annotated, requires state entities to report in writing to the Comptroller the actions that have been taken to implement the Comptroller’s audit recommendations. The Comptroller requires these follow-up reports to be submitted approximately six months from the date the audit report was
issued. If an entity fails to report at the six-month point or fails to implement the audit recommendations, the Comptroller is required to notify the Chairs of the Senate and House Finance, Ways and Means Committees of the Tennessee General Assembly.

See also
• audit report

The Auditing Standards Board (ASB) is the senior technical committee designated by the American Institute of Certified Public Accountants (AICPA) to issue auditing, attestation, and quality control statements, as well as standards and guidance to Certified Public Accountants (CPA) for non-public company audits.

See also
• American Institute of Certified Public Accountants (AICPA)

The purposes of audit reports are to (1) communicate the results of audits to those charged with governance, the appropriate officials of the audited entity, and the appropriate oversight officials; (2) make the results less susceptible to misunderstanding; (3) make the results available to the public, unless specifically limited; and (4) facilitate follow-up to determine whether appropriate corrective actions have been taken.

The findings and conclusions of the audit report should be based on sufficient, appropriate evidence.

See also
• finding
• objectives

Audit resolution is the process used to implement and monitor the actions management must take to remedy the audit findings.

The balance sheet is one of a government’s basic financial statements. This statement is presented in a format that shows all accounts are in balance. The format demonstrates that assets plus deferred outflows of resources equal liabilities, deferred inflows of resources, and fund balances.

See also
• asset
• Annual Comprehensive Financial Report (ACFR)
• deferred outflows/inflows of resources
• evidence
• fund balance
• liability

A basis of accounting is an accounting method that defines when transactions or events are recognized in the accounts of an entity and reported in its financial statements. Examples are the modified accrual basis of accounting and the accrual basis of accounting.

See also
• accrual basis of accounting
• modified accrual basis of accounting

Best practices are methods or techniques that have consistently shown results superior to those achieved through other means, and are used as a benchmark. Best practices may include policies, procedures, or internal controls and may be used as audit criteria, which are the standards against which audit evidence is judged.

See also
• criteria
• elements of a finding
• finding

Business-type activities are activities of a government that are accounted for similar to the way a business would account for the same transaction. Business-type activities are normally financed in whole or in part by fees charged for goods or services. Utilities operate as a business-type activity.

Capital asset is an accounting term for non-financial assets that have a useful life extending beyond one year. Examples are vehicles and buildings.

See also
• asset

See compliance requirements in a Single Audit. 

The Catalog of Federal Domestic Assistance (CFDA) is an online government-wide compendium of federal programs, projects, services, and activities that provides assistance or benefits to the American public. It contains financial and nonfinancial assistance programs administered by departments and establishments of the
federal government. 

In awarding grants, federal agencies are required to include the title and number listed in the CFDA for the program under which the award is made, to inform the recipient and make that information available to the auditor conducting the audit of the recipient that the Single Audit Act requires. 

CFDA provides a full list of all federal programs available to state and local governments (including the District of Columbia); federally recognized Indian tribal  governments; territories (and possessions) of the United States; domestic public, quasi-public, and private profit and nonprofit organizations and institutions; specialized groups; and individuals. The online catalog is maintained by the U.S. General Services Administration and is updated weekly.

CFDA contains detailed program descriptions for about 2,300 federal assistance programs.

A “federal domestic assistance program” may in practice be called a program, an activity, a service, a project, a process, or some other name, regardless of whether it is identified as a separate program by statute or regulation.

“Assistance” or “benefits” refers to the transfer of money, property, services, or anything of value, the principal purpose of which is to accomplish a public purpose of  support or stimulation authorized by federal statute. Assistance includes, but is not limited to, grants, loans, loan guarantees, scholarships, mortgage loans, insurance, and other types of financial assistance, including cooperative agreements; property, technical assistance, counseling, statistical, and other expert information; and service activities of regulatory agencies. 

The Government Finance Officers Association (GFOA) established the Certificate of Achievement for Excellence in Financial Reporting Program (the program) to encourage and assist state and local governments to go beyond the minimum requirements of generally accepted accounting principles to prepare annual comprehensive financial reports in a manner of transparency and full disclosure and then to recognize individual governments that achieve that goal. The goal of the program is not to assess the financial health of participating governments, but rather to ensure that users of their financial statements have the information they need to do so themselves.

Reports submitted to the program are reviewed by selected members of the GFOA professional staff and the GFOA Special Review Committee, which comprises  individuals with expertise in public-sector financial reporting and includes financial statement preparers, independent auditors, academics, and other finance professionals. In order to receive the certificate, the governmental entity’s annual comprehensive financial report must be completed and submitted to GFOA within six months of the state’s fiscal year-end. For Tennessee, this means that the state must submit the Annual Comprehensive Financial Report to GFOA by December 31 following the June 30 fiscal year-end. Tennessee strives to receive this certificate each year and has received the distinction all but one of the last 37 years.

See also
• Annual Comprehensive Financial Report (ACFR)

The Certified Fraud Examiner (CFE) credential denotes proven expertise in fraud prevention, detection, and deterrence. CFEs are trained to identify the warning signs that indicate evidence of fraud and fraud risk. CFEs help protect state and local governments by uncovering fraud and implementing processes to prevent fraud from occurring in the first place. CFEs combine knowledge of complex financial transactions with an understanding of methods, law, and ways of resolving allegations of fraud.

To become a CFE, an individual must pass a rigorous test on the four major disciplines that compose the fraud examination body of knowledge:

• fraud prevention and deterrence;
• financial transactions and fraud schemes; 
• investigation; and 
• law.

CFEs must also meet educational and ethical standards, as well as continuing professional education requirements. 

As of June 30, 2016, 94 staff members of the Department of Audit have a CFE certification.

See also
• continuing professional education (CPE)
• fraud

The Association of Government Accountants’ (AGA) Certified Government Financial Manager (CGFM) is a professional certification recognizing the unique skills and special knowledge required of government financial managers. It covers governmental accounting, auditing, financial reporting, internal controls, and budgeting at the federal, state, and local levels.

To earn the CGFM, individuals must apply for the program and meet the following requirements:

• ethics: read and agree to abide by AGA’s Code of Ethics;
• education: have a bachelor’s degree from an accredited college or university;
• examinations: pass three comprehensive CGFM examinations; and
• experience: have at least two years of professional experience in government financial management.

To maintain CGFM certification in active status, individuals must continue to abide by AGA’s Code of Ethics, renew the CGFM certificate annually, and earn 80 continuing professional education hours every two years.

As of June 30, 2016, 58 staff members of the Department of Audit have a CGFM certification.

See also
• continuing professional education (CPE)

A Certified Information Systems Auditor (CISA) is an individual who has passed the CISA examination and met additional education and experience requirements. The Information Systems Audit and Control Association (ISACA), an international professional association focused on information technology governance, administers the licensure of CISAs. The education, examination, and experience requirements are 

• successful completion of the CISA examination; and 
• a minimum of five years of professional information systems auditing, control, or security work experience (may be substituted by a variety of education and alternative work experience for up to three years of the five-year experience requirement).

Licenses are renewed annually, and holders of the CISA designation must 

• adhere to the Code of Professional Ethics;
• obtain at least 20 hours of continuing professional education annually, with a minimum of 120 hours over a fixed three-year period; and
• adhere to the Information Systems Auditing Standards as adopted by ISACA.

 As of June 30, 2016, 16 staff members of the Department of Audit have a CISA certification.

See also
• continuing professional education (CPE)

A Certified Public Accountant (CPA) is an individual who has passed the Uniform CPA Examination and met additional education and experience requirements. In Tennessee, the State Board of Accountancy governs the licensure of CPAs. To become a CPA in Tennessee, candidates must obtain 150 semester hours of education and must earn a baccalaureate degree from an accredited college or university. This must include 30 semester hours in accounting (24 of which must be in upper division courses) and 24 semester hours in business courses. The candidate must then pass the Uniform CPA Examination, pass an ethics examination given by the American Institute of Certified Public Accountants (AICPA) with a score of 90 percent or better, and complete one year of experience in accounting acceptable to the board.

Licenses are renewed biennially and require 80 hours of qualified continuing professional education and a board-approved two-hour state-specific ethics course designed to familiarize licensees with accountancy law and rules as well as professional ethics. 

As of June 30, 2016, 95 staff members of the Department of Audit have a CPA certification.

See also
• continuing professional education (CPE)

As referred to in a Single Audit, a cluster of programs means a grouping of closely related federal assistance  programs that share common compliance requirements, such as student financial aid. 

In order to determine major programs, a cluster of programs is considered one program. For example, the child nutrition cluster is made up of the School Breakfast Program, the National School Lunch Program, the Special Milk Program for Children, and the Summer Food Service Program for Children.

See also
• Single Audit

As referred to in a Single Audit, a cognizant agency is the federal agency that communicates and coordinates various aspects of federal grant administration on behalf of all federal agencies providing federal financial assistance to an entity. Typically, an entity that receives federal assistance will be assigned a cognizant agency for audit and a cognizant agency for indirect costs. The federal cognizant agency is usually the agency that provides the predominant amount of direct funding to the entity. 

Cognizant agencies’ audit duties include providing technical audit advice, considering auditee requests for extensions of audit due dates, obtaining or conducting quality control reviews, coordinating audits or reviews by federal agencies in addition to Single Audits, and communicating deficiencies to affected federal agencies.

A cognizant agency for indirect costs is the federal agency responsible for reviewing, negotiating, and approving cost allocation plans or indirect cost proposals developed on behalf of all federal agencies.

See also
• indirect cost rate
• indirect costs
• Single Audit

Combining financial statements are supporting schedules that present the detail behind columns in the fund financial statements that aggregate multiple funds. The combining financial statements report separate columns for individual funds or component units and are normally required in an Annual Comprehensive Financial
Report.

See also
• Annual Comprehensive Financial Report (ACFR)

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative of five private-sector organizations dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control, and fraud deterrence. COSO consists of the American Institute of Certified Public Accountants (AICPA), the American Accounting Association (AAA), the Institute of Internal Auditors (IIA), the Institute of Management Accountants (IMA), and the Financial Executives International.

See also
• American Institute of Certified Public Accountants (AICPA)
• fraud
• internal control

Comparative financial statements provide all of the information required by generally accepted accounting principles (GAAP) for two or more fiscal periods. If comparative statements are presented, the auditor must issue a separate audit opinion on each year presented.

See also
• generally accepted accounting principles (GAAP)

Compensating controls are used to offset, but not eliminate, the effects of an internal control deficiency. For example, segregation of duties is an internal control designed to prevent error and fraud by ensuring that at least two individuals are responsible for the separate parts of any task. To mitigate the risk of fraud and error in payroll management, a company might have one employee responsible for accounting and another responsible for signing the checks. However, entities with small staffs might not be able to segregate duties. In this case, compensating controls might include maintaining and reviewing logs and audit trails. 

See also
• internal control

A compliance audit is a program-specific audit or an organizationwide audit of an entity’s compliance with applicable compliance requirements.

See also
• compliance requirements in a Single Audit

See compliance requirements in a Single Audit. 

Compliance requirements are a series of directives provided by federal agencies that summarize hundreds of laws and regulations applicable to federal financial assistance programs, many of which are included in Tennessee’s Single Audit. Compliance requirements identify which requirements applicable to the program are subject to testing. Not all compliance requirements apply to all programs. 

There are 12 compliance requirements in the U.S. Office of Management and Budget’s (OMB) Uniform Guidance Single Audit, Subpart F, used in auditing federal assistance and federal grant programs for the state’s Single Audit. These are 

• Activities Allowed or Unallowed – Programs operate for a specific purpose and the federal funds provided to the recipient must be used only for activities that benefit that purpose.

• Allowable Costs/Cost Principles – The federal government determines those costs that are allowable or not allowable. If funds are used inappropriately, incurring unallowable costs, the federal government must be reimbursed. 

• Cash Management – Recipients of federal funds must minimize the time between receiving funds and disbursing those funds to payees.

• Eligibility – Only eligible individuals or organizations may participate in federal assistance programs. 

 • Equipment and Real Property Management – Equipment (tangible, non-expendable property) must be used in the federal program for which it was purchased (or for other federal programs when appropriate). Recipients of federal funding must keep equipment records, perform physical equipment inventories, and implement an internal control system to safeguard and maintain the equipment. Title to real property acquired by recipients with federal awards vests with the recipient. It must be used for the originally authorized purpose as long as needed for that purpose. 

• Matching, Level of Effort, Earmarking – Matching means that a grant recipient must contribute resources to a program that equals or exceeds a percentage of  amounts provided by the grantor. The Level of Effort component defines particular goals or objectives the recipient must achieve with the assistance received. The Earmarking component is a requirement that specifies a limit amount or percentage of the program’s assistance that must (minimum) or may (maximum) be used for specified activities.

• Period of Performance – Individual federal grants are awarded for a specified time period, usually one year. 

• Procurement and Suspension and Debarment – Procurement covers compliance of laws and regulations when obtaining goods or services from a vendor, supplier,
or provider.

• Program Income – Program income means gross income earned by the non-federal entity that is directly generated by a supported activity or earned as a result of the federal award during the period of performance. 

• Reporting – All recipients must submit reports (whether financial- or performance-related, or of special nature) to the federal government to monitor federal assistance activities and uses.

• Subrecipient Monitoring – Any non-federal recipient of federal grant funds that passes the assistance, whether in part or in total, to another recipient (known as passthrough entities and subrecipients, respectively) is responsible for monitoring the federal financial assistance activities of that subrecipient, as well as assuring that they are both complying with laws and regulations. 

• Special Tests and Provisions – Certain programs have unique compliance requirements that do not fit into the requirements listed above. The auditor must review the program’s contract and grant agreements and referenced laws and regulations to identify unique compliance requirements, and develop audit objectives and audit procedures.

See also
• Compliance Supplement
• Single Audit

The Compliance Supplement is a federal government guide created by the U.S. Office of Management and Budget  (OMB) and is used in auditing federal financial assistance and federal grant programs, as well as their recipients. 

This document identifies existing important compliance requirements that the federal government expects to be considered as part of an audit required by the 1996 amendments to the Single Audit Act. Without the supplement,  auditors would need to research many laws and regulations for each program under audit to determine which compliance requirements are important to the federal government and could have a direct and material effect on
a program. Providing the supplement is a more efficient and costeffective approach to performing this research.

See also
• compliance requirements in a Single Audit

An internal control is a physical or procedural mechanism that monitors and reduces risk in an organization’s financial and operational activities. The existence of a satisfactory system of internal control is one of the foundational concepts of auditing. Many audit findings involve deficiencies in internal control.

Auditors reviewing an entity consider these components of internal control:

• The control environment, which sets the tone of the organization influencing the effectiveness of internal controls. It is the foundation for all other components of internal control; provides discipline and structure; and encompasses both technical competence and ethical commitment.

• An entity’s required risk assessment, which identifies and analyzes risks that are likely to have an impact on the achievement of its objectives. This assessment provides the basis for developing appropriate responses to counter risks.

• The quality of the entity’s information system through which management and personnel communicate and which supports the internal control system.

• The entity’s control activities, or the structure, policies, and procedures that management establishes so that identified risks do not prevent the organization from reaching its objectives.

• The entity’s monitoring of controls, established and operated by management to assess the quality of performance over time and promptly resolve the findings of audits and other reviews.

See also
• finding
• internal control
• Standards for Internal Control in the Federal Government (Green Book)

A component unit is a legally separate entity that the Governmental Accounting Standards Board (GASB) requires to be reported in the financial statements of a government because of the entity’s close financial relationship with the government. An example for a local government would be an Emergency Communications District. Examples for the State of Tennessee are the Tennessee Housing Development Agency, the Tennessee Education Lottery Corporation, the Tennessee Board of Regents, and the University of Tennessee. 

A component unit may be reported discretely or in a blended presentation. Discrete presentation reports the component unit’s financial data in one or more columns separate from the financial data of the primary government. Some component units, despite being legally separate from the primary government, are so intertwined with the primary government that they are reported as part of the primary government, or in a blended presentation.

See also
• financial statements
• Governmental Accounting Standards Board (GASB)

Computer-assisted Audit Techniques (CAATs) are applications of auditing procedures using the computer as an audit tool. They are used to automate the auditor's data analysis process.

See Limited Official Use (LOU) reporting.
See public record.

A conflict of interest is any relationship that is, or appears to be, not in the best interest of the organization. A conflict of interest could prejudice an individual’s ability to perform his or her duties and responsibilities objectively. Sunset audits review the conflict-ofinterest policies and disclosure forms for boards and commissions. All Comptroller’s Office employees fill out a conflict-of-interest disclosure form annually.

To maintain knowledge, skills, and professional competence, auditors receive continuing professional education (CPE) applicable to the types of audits they perform. Auditing standards, state Certified Public Accountant (CPA) licensing boards, and organizations issuing other credentials require various types and amounts of CPE each year.

See also
• Certified Fraud Examiner (CFE)
• Certified Government Financial Manager (CGFM)
• Certified Information Systems Auditor (CISA)
• Certified Public Accountant (CPA)

A contract is a voluntary arrangement between two or more parties that is enforceable by law as a binding legal agreement.

A contractor is a person or entity that contracts to provide services, supplies, or other work.

See components of internal control.

See components of internal control.

Control risk is the risk that a material misstatement in the financial statements or material noncompliance with a compliance requirement will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control.

See also
• assertions
• detection risk
• fraud
• internal control
• material noncompliance
• risk

At the completion of the Single Audit, the auditee prepares a corrective action plan to address each audit finding included in the current year auditor’s reports. The corrective action plan identifies by name those responsible for corrective action, the corrective action planned, and the anticipated completion date. If the auditee does not agree with the audit findings or believes corrective action is not required, then the corrective action plan must include an
explanation and specific reasons.

See also
• finding
• Single Audit

The term cost principles refers to the accounting principle that goods and services purchased should be recorded at their historical cost and not at their current market value.

Criteria provide the standards against which the audit evidence is judged. They are a set of reasonable and attainable standards of performance. Criteria provide the "what should be" benchmark.

See also
• best practices
• elements of a finding
• evidence

Computer-generated data from outside sources are often central audit evidence. To obtain evidence about the reliability of computer-generated information, auditors may evaluate the effectiveness of information systems controls. If the auditor concludes that information systems controls are effective, the auditor may reduce the extent of direct testing of data.

See also
•evidence

Deferred outflows and inflows of resources are transactions that are recorded on government financial statements that have a financial effect on net position in a future period. The Governmental Accounting Standards Board (GASB) requires that certain defined transactions that do not qualify for treatment as either assets or liabilities be accounted for and reported on government financial statements as either deferred outflows of resources or deferred inflows of resources. A deferred outflow of resources is a consumption of net assets by the government that is applicable to a future reporting period. A deferred inflow of resources is an acquisition of net assets by the government that is applicable to a future reporting period.

See also
• balance sheet
• Governmental Accounting Standards Board (GASB)

Depreciation is an accounting tool used to systematically expense certain assets based on the asset's assigned useful life. This tool recognizes that certain assets such as vehicles and buildings lose value over time and should be expensed over time. Amortization is a similar term that applies to the expensing of intangible capital assets such as water rights and premiums paid on long-term debt.

See also
• amortization
• asset

Detection risk is the risk that the procedures performed by the auditor to minimize the risk of material  misstatement of the financial statements or noncompliance to an acceptably low level will not detect material misstatement or noncompliance that could be material, either individually or when aggregated with other
instances of misstatements or noncompliance.

See also
• control risk
• inherent risk
• misstatement/material misstatement
• noncompliance
• risk

Detective controls are internal controls designed to detect and correct, rather than prevent, undesirable events that have occurred in an entity’s operations. 

See also
• internal control

Disallowed costs are costs that a grantor determines the grant recipient spent outside the grant requirements and thus will not allow as reimbursable to the recipient. Disallowed costs are often identified when grantor agencies are resolving questioned costs in Single Audit reports.

See also
• Single Audit

Disaster recovery refers to the ability to respond to an interruption in services by implementing corrective actions to restore an entity's critical business functions. Disaster recovery is one portion of the larger concept of business continuity, the ability to maintain business functions in the event of natural disasters, hardware or software failure, or human error or abuse, to name a few. In general, disaster recovery involves anticipating potential failures such as those noted above, and having resources available to relocate and restore services with minimal impact on business functions.

See types of financial statement audit report opinions.
See types of Single Audit compliance report opinions.

Due professional care refers to the diligence a person who possesses a special skill would exercise under a given set of circumstances. Auditors exercise due professional care by planning, conducting, and reporting in accordance with all applicable auditing standards.

Auditors organize information in audit findings using the five elements of persuasion to assist management or oversight officials of the audited entity in understanding the need for taking corrective action. The five elements of a finding are as follows: 

Criteria – Criteria include the laws, regulations, contracts, grant agreements, standards, measures, expected performance, defined business practices, and benchmarks against which performance is compared or evaluated. Criteria identify the required or desired state or expectation with respect to the program or operation, and provide a context for evaluating evidence and understanding the findings. Criteria answer the question, “What should be?” 

Condition – A condition is a situation that exists and is determined and documented during the audit. Condition answers the question, “What is the problem?”

Cause ‑ The cause identifies the reason or explanation for the condition or the factor(s) responsible for the difference between the situation that exists (condition) and the required or desired state (criteria), which may also serve as a basis for recommendations for corrective actions. Common causes include poorly designed policies, procedures, or criteria; inconsistent, incomplete, or incorrect implementation; or factors beyond the control of program management. Cause answers the question,  “How did the condition happen?”

Effect or potential effect ‑ The effect is a clear, logical link to establish the impact or potential impact of the difference between the situation that exists (condition) and the required or desired state (criteria). The effect or potential effect identifies the outcomes or consequences of the condition. When the audit objectives include identifying the actual or potential consequences of a condition that varies (either positively or negatively) from the criteria identified in the audit, “effect” is a measure of those consequences. Effect or potential effect may be used to demonstrate the need for corrective action in response to identified problems or relevant risks. Effect answers the questions, “Why should the reader care about this condition? What is the impact?”

Recommendation ‑ Recommendations are actions to correct deficiencies and other findings and to improve programs and operations when the potential for  improvement in programs, operations, and performance is substantiated by the reported findings and conclusions. Recommendations should be addressed to parties that have the authority to act. Recommendation answers the question, “How can management solve the condition and/or the cause?” 

See also
• finding

See compliance requirements in a Single Audit. 

An emphasis of matter paragraph may be included in the audit report to draw attention to a matter appropriately  presented or disclosed in the financial statements that, in the auditor’s judgment, is of such importance that it is fundamental to users’ understanding of the financial statements. 

See also
• audit report
• financial statements

An engagement letter is written communication from the auditor to convey to those charged with governance an overview of the objectives, scope, and methodology, as well as the timing of the audit and planned reporting (including any potential restrictions on the report).

See also
• those charged with governance  

In governmental accounting, an enterprise fund is a proprietary fund type used to report an activity for which a fee is charged to external users for goods or services. Major enterprise funds in Tennessee are the Sewer Treatment Loan Fund and the Employment Security Fund. The state also has several nonmajor enterprise funds, such as the Teacher Group Insurance Fund, the Local Government Group Insurance Fund, and the Enterprise Loan Fund. 

See also
• Annual Comprehensive Financial Report (ACFR)
• fund/fund accounting

At the beginning of an audit, the audit team conducts an entrance conference with auditee management to outline audit objectives, approximate time schedules, types of auditing tests, and the process of reporting the results of the audit.

See also
• audit report
• exit conference
• objectives

See compliance requirements in a Single Audit. 

Evidence comprises the qualitative and quantitative facts that auditors use to assess program conditions. The evidence serves as the foundation for audit findings. According to Generally Accepted Government Auditing Standards, auditors should obtain sufficient, appropriate evidence that supports the findings, conclusions, and recommendations contained in the audit report. Audit evidence includes both information contained in the government records and other information.

The basic types of evidence are
• physical evidence obtained by auditors’ direct inspection or observation of people, property, or events, such as an inspection or count of a tangible asset such as inventory;
• documentary evidence obtained in the form of existing information, such as letters, contracts, accounting records, invoices, spreadsheets, database extracts, electronically stored information, and management information on performance; and
• testimonial evidence obtained through inquiries, interviews, focus groups, public forums, or questionnaires. 

See also
• appropriateness (of audit evidence)
• elements of a finding
• finding
• Generally Accepted Government Auditing Standards (GAGAS)
• relevance (of audit evidence)
• sufficiency (of audit evidence) 

See attestation engagements. 

The purpose of the exit conference is to share the auditor's findings, conclusions, and recommendations with the auditee and discuss other improvement suggestions that may not have risen to a formal recommendation.

See also
• entrance conference
• finding

In governmental accounting, the terms expenditure and expense both mean the use of governmental resources.  Expenditure is usually used to refer to payments in governmental funds such as general funds and special revenue funds. Expense is used to refer to payments in proprietary or business-like funds such as internal service funds.

The Federal Audit Clearinghouse operates on behalf of the U.S. Office of Management and Budget (OMB) to

• distribute Single Audit reporting packages to federal agencies,
• support OMB oversight and assessment of federal award audit requirements,
• maintain a public database of completed audits, and 
• help auditors and auditees minimize the reporting burden of complying with federal audit requirements.

See also
• compliance requirements in a Single Audit
• federal award
• Single Audit

A federal award is financial assistance from a federal agency to a recipient to carry out a program for the benefit of the public. Awards could be federal financial assistance and federal cost-reimbursement contracts that non-federal entities receive directly from federal awarding agencies or indirectly from pass-through entities. Federal awards do not include procurement contracts used to buy goods or services from contractors.

Examples in Tennessee include the Special Supplemental Nutrition Program for Women, Infants, and Children and the Child and Adult Care Food Program.

See also
• federal program

A federal awarding agency is a federal agency that provides an award to a recipient.

See also
• compliance requirements in a Single Audit
• federal award
• Single Audit

A federal program is a project, service, or activity provided by the federal government that directly assists domestic governments, organizations, or individuals in areas like education, health, public safety, public welfare, and public works. Examples of federal programs are the Special Supplemental Nutrition Program for Women, Infants, and Children and the Summer Food Program for Children.

See also
• major federal program

Fiduciary funds are used to report assets held in a trustee or agency capacity for others and cannot be used to support the government’s own programs. Tennessee has several fiduciary funds, including the Pension Trust Fund, Local Government Investment Pool, and TNInvestco. 

See also
• Annual Comprehensive Financial Report (ACFR)
• fund/fund accounting

The Financial Accounting Standards Board (FASB) is the independent, private-sector, nonprofit organization that establishes financial accounting and reporting standards for public and private companies and nonprofit organizations that follow generally accepted accounting principles (GAAP).

See also
• generally accepted accounting principles (GAAP)

The Financial Integrity Act (Section 9-18-102, Tennessee Code Annotated) requires each state agency and higher education institution, along with each county, municipality, and metropolitan government, to establish and maintain internal controls, which must provide reasonable assurance that the entity is 

• exhibiting accountability for meeting program objectives;

• promoting operational efficiency and effectiveness; 

• improving the reliability of financial statements;

• strengthening compliance with laws, regulations, rules, and contracts and grant agreements; and 

• reducing the risk of financial or other asset losses due to fraud, waste, and abuse.

By December 31 each year, the head of each state agency and higher education institution is required, on the basis of the evaluations conducted in accordance with guidelines prescribed under Section 9-18-103, Tennessee Code Annotated, to prepare and transmit to the Commissioner of Finance and Administration and the Comptroller of the Treasury a report that states that

• the agency or institution acknowledges its management’s responsibility for establishing, implementing, and maintaining an adequate system of internal control; and

• a management assessment of risk performed by the agency or institution provides or does not provide reasonable assurance of compliance with the objectives
of the assessment as specified in this chapter.

In the event that the agency’s or institution’s assessment does not provide reasonable assurance of compliance with the objectives of the assessment, the report must include a corrective action plan that identifies any significant deficiencies or material weaknesses in the system of internal control and/or the lack of risk mitigating control activity. The report should include the plan and the schedule for correcting the deficiencies. 

Auditors review agencies’ assessments as part of the audit planning phase. The assessments can point out internal control issues that need further examination.

See also
• internal control
• risk assessment

A financial reporting entity is the primary government, an organization for which the primary government is  financially accountable, or any other organization for which the nature and significance of their relationship with the primary government are such that exclusion would cause the reporting entity’s financial statements to be misleading.

See also
• financial statements

A financial statement audit is an examination designed to provide independent assurance that the financial statements of an entity are fairly presented, in all material respects, in accordance with generally accepted accounting principles (GAAP). Financial statement audits enhance the degree of confidence that intended
users can place in the entity’s financial statements.

See also
• financial statements
• generally accepted accounting principles (GAAP)

Financial statements present a summary of strategic numbers formatted to present an entity’s financial position or results of operations. The statement of financial position is presented as of a point in time such as June 30, 20XX. The results of operations are presented for a period of time such as the Year Ended June 30, 20XX.

See also
• comparative financial statements
• financial statement audit
• fund financial statements
• government-wide financial statements

Findings result from an evaluation of the collected audit evidence against audit criteria. Criteria provide a context for evaluating evidence and understanding the findings. Audit criteria may include laws, regulations, contracts, grant agreements, standards, measures, expected performance, defined business practices, and benchmarks against which performance is compared or evaluated.

In both financial audits and attestation engagements, findings may involve deficiencies in internal control; noncompliance with provisions of laws, regulations, contracts, or grant agreements; fraud; or abuse.

In a performance audit, auditors should present sufficient, appropriate evidence to support the findings and conclusions in relation to the audit objectives.

Clearly developed findings assist management and oversight officials of the audited entity in understanding the need for corrective action.

See also
• abuse
• attestation engagements
• elements of a finding
• financial statement audit
• fraud
• internal control
• performance audit

A fiscal year (FY) is a period that a company or government uses for accounting purposes and preparing financial statements. A fiscal year may not be the same as a calendar year. A fiscal year usually refers to a 12-month accounting, reporting, and budgeting period that does not end on December 31. (The accounting year of January 1 through December 31 is usually referred to as a calendar year.) In Tennessee, the fiscal year runs from July 1 through June 30.

Acts of fraud, waste, or abuse impact the resources of state government and its agencies. Fraud is any intentional act by one or more individuals (including management, those charged with governance, employees, or third parties) involving the use of deception that violates a law or the public trust to obtain an unjust or illegal advantage.

Since October 1983, the Comptroller's Office has provided a toll-free hotline for reporting fraud, waste, and abuse of government funds and property.

See also
• abuse
• fraud risk factors
• fraudulent financial reporting
• waste 

Fraud risk factors are events or conditions that are an incentive or pressure to commit fraud or provide an opportunity to commit fraud.

See also
• fraud

Fraudulent financial reporting refers to intentional misstatements, including omissions of amounts or disclosures in financial statements, to deceive financial statement users.

See also
• financial statements
• fraud
• fraud risk factors

Fund balance is the difference between assets and liabilities in a governmental fund. The fund balance in any given fund is essentially what is left over after the fund's assets have been used to meet its liabilities.

See also
• asset
• liability

Fund financial statements are basic financial statements presented for funds, in contrast to government-wide financial statements. 

See also
• financial statements
• fund/fund accounting

Fund accounting refers to the use of funds to account for specific government activities. Each fund includes a self-balancing set of accounts that present fund equity and results of the fund’s operations. Examples of funds used to account for specific activities include the General Fund, Highway Fund, Debt Service Fund, Education Funds, Utility Funds, and Capital Projects Funds.

See also
• financial statements
• fund type

Fund types are categories into which all individual funds can be categorized: governmental fund types (general fund, special revenue funds, debt service funds, capital project funds, and permanent funds); proprietary fund types (enterprise funds and internal service funds); and fiduciary fund types (pension and other employee benefit trust funds, investment trust funds, private-purpose trust funds, and agency funds).

A general fund is a type of governmental fund. It typically serves as the chief operating fund of a government and is used to account for all financial resources not accounted for in another fund.

See also
• fund/fund accounting  

Generally accepted accounting principles (GAAP) are the general guidelines and principles, standards and detailed rules, and industry practices that exist for financial reporting. The fact that these principles are generally accepted means that all governments preparing financial statements under GAAP would prepare similar financial statements. Financial statements prepared using these principles are considered to be fairly presented.

See also
• financial statements

Generally Accepted Auditing Standards (GAAS) are standards against which the quality of audits may be judged. Generally Accepted Government Auditing Standards (GAGAS) incorporate GAAS by reference for financial audits (including Single Audits and financial statement audits) and attestation engagements.

See also
• financial statement audit
• Generally Accepted Government Auditing Standards (GAGAS)
• Single Audit

Generally Accepted Government Auditing Standards (GAGAS) are the professional standards and guidance, issued by the U.S. Government Accountability Office (GAO), which provide a framework for conducting high quality audits with competence, integrity, objectivity, and independence. These standards are for use by auditors of government entities and entities that receive government grants. GAGAS contains requirements and guidance dealing with ethics, independence, auditors’ professional judgment and competence, quality control, performance of the audit, and reporting.

Audits performed in accordance with GAGAS provide information used for oversight, accountability, transparency, and improvements of government programs and operations. GAGAS contain requirements and guidance to assist auditors in objectively acquiring and evaluating sufficient, appropriate evidence and reporting the results. When auditors perform their work in this manner and comply with GAGAS in reporting the results, their work can lead to improved government management; better decision making and oversight; effective and efficient operations; and accountability and transparency for resources and results.

The provisions of laws, regulations, contracts, grant agreements, or policies frequently require that audits be conducted in accordance with GAGAS. In addition, many auditors and audit organizations voluntarily choose to perform their work in accordance with the standards. The requirements and guidance in GAGAS apply to audits of government entities, programs, activities, and functions, as well as to audits of government assistance administered by contractors, nonprofit entities, and other nongovernmental entities when the use of GAGAS is required or is voluntarily followed.

See also
• accountability
• transparency

The going concern principle in the governmental environment is the government's inability to continue to meet its obligations as they become due without substantial disposition of assets outside the ordinary course of governmental operations, restructuring of debt, submission to the oversight of a separate fiscal assistance authority or financial review board, or similar actions. According to Generally Accepted Auditing Standards (GAAS), a government is considered a going concern unless there is substantial doubt about the government's ability to continue to operate within the next twelve months beyond the financial statement date.

See also
• financial statements
• Generally Accepted Auditing Standards (GAAS)

The U.S. Government Accountability Office (GAO) establishes and publishes Government Auditing Standards, commonly referred to as the Generally Accepted Government Auditing Standards (GAGAS). GAO ensures a government is accountable to citizens by evaluating how well government policies and programs are working; auditing federal agency operations to determine whether federal funds are spent efficiently, effectively, and appropriately; and investigating allegations of illegal and  improper activities.

See also
• Generally Accepted Government Auditing Standards (GAGAS)

The Governmental Accounting Standards Board (GASB) is the ultimate standard-setting authority for state and local government accounting and financial reporting.

Governmental activities are programs carried out by a governmental entity that are primarily financed by  general revenues such as taxes, and intergovernmental revenues such as grants. 

Governmental funds are generally used to account for taxsupported activities on behalf of citizens, such as activities related to streets and highways, public safety, and public health and welfare. The governmental funds category, as used in the financial statements in Tennessee’s Annual Comprehensive Financial Report, includes general fund, special revenue funds, capital projects fund, debt service fund, and permanent funds.

See also
• Annual Comprehensive Financial Report (ACFR)
• financial statements
• fund/fund accounting
• general fund

Government-wide financial statements are financial statements that incorporate all of a government’s governmental and businesstype activities, as well as its nonfiduciary component units. There are two basic government-wide financial statements: the statement of net position and the statement of activities.

A government grant is a financial award given by the federal, state, or local government to an eligible recipient, or "grantee." Government grants are not expected to be repaid.

The term "grant" specifically applies to awards to administer programs and does not include other types of federal financial assistance such as technical assistance, loans or loan guarantees, interest rate subsidies, direct appropriations, or revenue sharing. Over 26 federal agencies administer more than 1,000 grant programs annually to provide funding for the arts, educational institutions, agricultural projects, and more. Government grants help fund ideas and projects that provide public services and stimulate the economy. Grants support critical recovery initiatives, innovative research, and other programs listed in the Catalog of Federal Domestic Assistance (CFDA).

Because government grants are funded by tax dollars, they require stringent compliance and reporting measures for ensuring the money is well spent. Grants from the federal government are authorized and appropriated through bills passed by Congress and signed by the President.

See also
• Catalog of Federal Domestic Assistance (CFDA)
• grantor

A grantee is a recipient or organization that receives a grant.

See also
• Catalog of Federal Domestic Assistance (CFDA)
• grant
• grantor 

A grantor refers to a state or federal agency that reviews grant applications and selects projects to be funded.

See also
• Catalog of Federal Domestic Assistance (CFDA)
• grant
• grantee

See Standards for Internal Control in the Federal Government (Green Book).

An improper payment occurs when grant funds go to the wrong recipient, when the recipient receives the incorrect amount of funds, or when the recipient uses the funds in an improper manner. These can be underpayments and overpayments. 

In all matters relating to the audit work, the audit organization and the individual auditor performing the audit must be independent.

Independence includes the following:

• Independence of Mind: The state of mind that permits the performance of an audit without being affected by influences that compromise professional judgment. Independence of mind allows an individual to act with integrity and exercise objectivity and professional skepticism.
• Independence in Appearance: The absence of circumstances that would cause a reasonable and informed third party, having knowledge of the relevant information, to reasonably conclude that the integrity, objectivity, or professional skepticism of an audit organization or member of the audit team had been compromised. 

Auditors and audit organizations maintain independence so that their opinions, findings, conclusions, judgments, and recommendations will be impartial and viewed as impartial by reasonable and informed third parties. Auditors should avoid situations that could lead reasonable and informed third parties to conclude that the auditors are not independent and thus are not capable of exercising objective and impartial judgment on all issues associated with conducting the audit and reporting on the work.

Generally, auditors should be independent from an audited entity during both the period of time covered by the financial statements or subject matter of the audit, and the period of the professional engagement.

See also
• audit
• audit report
• financial statements
• finding
• independent auditor (external auditor)
• professional judgment/professional skepticism

An independent, or external, auditor is independent, both in fact and appearance, of the entity being audited. Comptroller’s Office auditors are independent auditors.

See also
• independence
• internal auditor

An Independent Auditor’s Report is a formal letter communicating the results of an audit, which typically offers (or disclaims) an opinion on whether a set of financial statements is fairly presented in accordance with generally accepted accounting principles (GAAP) or in accordance with some other comprehensive basis of accounting. This opinion letter is included in the audit report along with the financial statements, notes, and other information.

See also
• audit report
• financial statements

The Independent Auditor’s Report on Internal Control and Compliance Over Financial Reporting is issued in conjunction with a financial statement audit performed in accordance with Generally Accepted Government Auditing Standards (GAGAS). In this report, the independent auditor reports on internal control deficiencies and instances of noncompliance discovered in the course of the financial statement audit, but does not offer an opinion on the operating effectiveness of internal control or compliance. 

See also
• financial statement audit
• financial statements
• independent auditor (external auditor)
• Independent Auditor’s Report
• internal control

The Independent Auditor’s Report on the Schedule of Expenditures of Federal Awards is the letter issued in conjunction with a Single Audit. In this report, the independent auditor does not express an opinion on the  fair presentation of the schedule in its own right, but rather only on its fair presentation in relation to the basic financial statements taken as a whole. 

See also
• financial statements
• independent auditor (external auditor)
• Single Audit 

In relation to federal financial assistance programs, the indirect cost rate is negotiated by the cognizant federal agency used for reimbursing indirect costs to the state or local entity administering a federal grant. (The federal cognizant agency is usually the agency that provides the predominant amount of direct funding to the entity.) An indirect cost rate is a method used to determine what proportion of indirect cost each program should bear. The rate may be applicable to an entire organization, on-site activities or off-site activities only, a particular site, or specified activities. The rate must be effective for the period for which reimbursement is claimed.

See also
• cognizant agency
• federal award
• indirect costs

In relation to federal financial assistance programs, indirect costs represent the expenses of doing business that are not readily identified with a particular grant, contract, project function, or activity, but are necessary for the organization's general operations and activities. Depending on the structure of each particular program, these costs may include items that are not project-specific such as certain supplies, salaries for administrative or support staff, rent, or utilities.

See also
• federal award
• indirect cost rate

Inherent risk is the risk of a material misstatement in the financial statements arising due to error or omission as a result of factors other than the failure of controls.

Inherent risk is generally considered to be higher where a high degree of judgment and estimation is involved or where transactions of the entity are highly complex.

See also
• control risk
• detection risk
• risk

In relation to federal financial assistance programs, the federal government may suggest or require that grant recipients expend nonfederal resources toward program and project objectives. One source for meeting requirements for a non-federal share is a "third party" in-kind contribution for goods or services that would have been allowable had an expenditure of cash been made.

In-kind contributions are resources (e.g., donations) provided at no charge to the program or project by some party other than the federal government or the grantee.

See also
• federal award
• grant
• grantee

An in-relation-to opinion is an indication in the Independent Auditor’s Report that the auditor is not offering an opinion on the fair presentation per se of certain information contained in the financial report, but is asserting that the information is fairly presented in relation to the audited financial statements. 

See also
• Independent Auditor’s Report
• types of financial statement audit report opinions
• types of Single Audit compliance report opinions

Internal auditors are those employed within departments or agencies to function as part of a government's comprehensive framework of internal 51 control. Typically, internal auditors assist management of individual departments or agencies in assessing risk; designing, implementing, and monitoring compensating controls; and correcting issues before they are discovered by independent (or external) auditors.

See also
• independent auditor (external auditor)

Internal control is a process, affected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. Internal control is also integral to detecting fraud. An internal control system provides reasonable, though not absolute, assurance that an entity's objectives will be achieved.

The staff of an organization makes an internal control system function. Management is responsible for establishing an effective internal control system, setting the entity's objectives, implementing controls, and evaluating the internal control system. Personnel throughout an entity play important roles in implementing and operating an effective internal control system.

Under Tennessee's Financial Integrity Act, state agencies, as well as units of local government, are required to establish and maintain effective internal controls, and report on them annually to the Commissioner of Finance and Administration and the Comptroller of the Treasury.

See also
• components of internal control
• Financial Integrity Act
• fraud
• Standards for Internal Control in the Federal Government (Green Book)

An internal control deficiency is a flaw in the design or operation of internal controls that hinders management or employees, in the normal course of performing their assigned functions, from preventing or timely detecting misstatements and noncompliance.

Design deficiencies occur when a control is missing entirely or when an existing control does not actually meet management's objective.

Operational deficiencies occur when an employee lacks the necessary competence or authority to execute the properly designed control.

See also
• internal control
• material noncompliance
• material weakness
• misstatement/material misstatement
• significant deficiency

An internal service fund is a proprietary fund-type (i.e., one that is used when a governmental entity acts similar to a business in some respects) used when a government provides goods and services to other funds, departments, or agencies of the primary government and its component units, or to other governments, on a cost-reimbursement basis. An internal service fund is accounted for on a cost-reimbursement basis. The State of Tennessee has 14 internal service funds, including Risk Management, General Services Printing, Employee Group Insurance Funds, Human Resources, and Edison.

See also
• fund/fund accounting

See compliance requirements in a Single Audit. 

Liabilities are obligations to sacrifice resources that the government has little or no discretion to avoid. Examples would be trade accounts payable and general bonded debt.

See also
• expenditure/expense

When certain information is classified or otherwise prohibited from general disclosure by federal, state, or local laws or regulations, auditors may issue a separate classified or limited official use report containing such information and may distribute the report only to persons authorized by law or regulation to receive it. If certain pertinent information is prohibited from public disclosure or is excluded from a report due to the confidential or sensitive nature of the information, auditors disclose in the report that certain information has been omitted and the reason or other circumstances that make the omission necessary.

For example, Section 10-7-504(i), Tennessee Code Annotated, specifically prohibits publishing information that would allow a person to obtain unauthorized access to confidential information or to government property. The law clarifies that "government property" includes electronic information processing systems, telecommunication systems, or other communication systems of a governmental entity.

Maintenance of effort is a component of the level of effort requirement contained in a federal program’s authorizing legislation or program regulations stating that, in order to receive federal grant funds, a recipient must  agree to maintain a specified level of financial effort (using a specified baseline period, such as the year prior to the initiation of grant support) for the grant from its own resources and other non-federal sources.

See also
• compliance requirements in a Single Audit
• federal award
• federal program

For purposes of the state’s Single Audit, auditors categorize federal programs according to size and risk, in accordance with federal requirements, designating those that are to be tested in the Single Audit as major federal programs. 

See also
• cluster of programs
• compliance requirements in a Single Audit
• federal program
• Single Audit

A major fund is a governmental fund or enterprise fund reported as a separate column in the fund financial statements and is subject to a separate opinion in the Independent Auditor's Report because of its significance to the government. Major funds represent the government's most important funds and are determined by a mathematical calculation.

See also
• Annual Comprehensive Financial Report (ACFR)
• fund/fund accounting
• Independent Auditor’s Report
• nonmajor fund

The management’s discussion and analysis is required supplementary information prepared by management that  introduces the basic financial statements and provides an analytical overview of the government’s financial activities.

See also
• Annual Comprehensive Financial Report (ACFR)
• financial statements
• required supplementary information

See compliance requirements in a Single Audit.

In the context of financial reporting, materiality is the threshold above which missing or incorrect information in financial statements is considered to have an impact on the decision making of users of the financial statements. Evaluation of a particular item's materiality is complex, involving both quantitative and qualitative considerations and requiring auditors' professional judgment.

In performance auditing, materiality is also referred to as significance.

See also
• financial statements
• performance audit
• professional judgment/professional skepticism
• significance

For major federal programs, material noncompliance is a failure to follow federal statutes, regulations, or award terms and conditions that- either individually or when combined with other noncompliance-is quantitatively or qualitatively material. Material noncompliance is noncompliance that is pervasive throughout the entity.

See also
• major federal program
• material/materiality

A material weakness is a deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented, or detected and corrected, on a timely basis. In financial statement audits, material weaknesses occur in internal controls over financial reporting. In compliance audits, material weaknesses occur in internal controls over compliance.

See also
• compliance requirements in a Single Audit
• financial statements
• internal control deficiency
• material/materiality
• material noncompliance
• significant deficiency 

Methodology describes the nature and extent of audit procedures for gathering and analyzing evidence to address the audit objectives. Audit procedures are the specific steps and tests auditors perform to address the audit objectives. Auditors design the methodology to obtain reasonable assurance that the evidence is sufficient and appropriate to support the auditors' findings and conclusions in relation to the audit objectives and to reduce audit risk to an acceptable level.

In a performance audit, auditors should identify significant assumptions made in conducting the audit; describe comparative techniques applied; describe the criteria used; and, when sampling significantly supports the auditors' findings, conclusions, or recommendations, describe the sample design and state why the design was chosen, including whether the results can be projected to the intended population.

See also
• evidence
• finding
• objectives
• risk
• sampling

A misstatement in an audit occurs when there is a difference between the reported figures in a financial statement and what is expected to be reported for the financial statements to be fairly presented (or show a true and fair view). Misstatements can arise from fraud or error. A material misstatement in the auditor’s professional judgment causes the financial statements not to be presented fairly in all material respects.

See also
• control risk
• detection risk
• financial statements
• fraud
• inherent risk
• risk

The purpose of modified accrual accounting is to measure flows of current financial resources in governmental fund financial statements. The method, commonly used by government agencies, modifies the accrual basis of accounting in two important ways: (1) revenues are not recognized until they are measurable and available, and (2) expenditures are recognized in the period in which governments normally liquidate the related liability rather than when the liability is first incurred (if earlier).

See also
• accrual basis of accounting
• expenditure/expense
• liability
• modified opinion
• revenue
• types of financial statement audit report opinions
• types of Single Audit compliance report opinions

Monitoring is an ongoing process directed by management, involving evaluation of an entity's system of quality control that is designed to provide reasonable assurance that it is operating appropriately and effectively. Auditors assess the effectiveness of management's monitoring and evaluation activities.

See also
• internal control

Net position is the residual of all other financial statement elements presented in a statement of financial position. 

Noncompliance is the failure or refusal to comply, as with a law, regulation, or term of a contract.

Nonmajor funds are all governmental funds or enterprise funds that are not significant enough to be reported in a separate column. These funds are combined in a single column for presentation in the fund financial statements and are subject to a separate opinion in the Independent Auditor's Report.

See also
• fund/fund accounting
• Independent Auditor’s Report
• major fund

The notes to the financial statements are an integral part of the basic financial statements. Notes to financial statements are essential to a user’s understanding of financial position or inflows and outflows of resources. Notes provide descriptions of the accounting and finance-related policies’ underlying amounts recognized in financial statements, more detail about or explanations of amounts recognized in financial statements, and additional information about financial position or inflows and outflows of resources that do not meet the criteria for recognition. Notes may be narrative or quantitative with appropriate explanations and may include measures other than dollars.

See also
• financial statements

Objectives form the basis of the audit. The objective states the subject matter under examination and how performance will be assessed. An example of an audit objective for a performance audit is “The objective is to determine whether the agency conducted restaurant inspections consistent with its established plans and procedures."

An observation is an issue discovered during an audit that does not warrant an audit finding but is still a cause for concern, or may be of interest to the reader. The Comptroller's Office's performance audits include observations, which may report concerns such as weak practices or internal controls.

See also
• methodology

The federal Office of Management and Budget (OMB) is the  largest component of the Executive Office of the President. It is the implementation and enforcement arm of presidential policy. One of its many responsibilities is oversight of agency performance, federal procurement, financial management, and information technology (including paperwork reduction, privacy, and security). OMB’s Uniform Guidance provides guidance on administrative requirements, cost principles, and audit requirements for federal awards.

See also
• Uniform Guidance

An opinion unit is a reporting unit, or aggregation of reporting units, of the governmental entity on which the auditor expresses an opinion.

An other-matter paragraph contains additional information that is relevant to an audit, but is not directly presented or disclosed in the audit’s financial statements. Other-matter paragraphs are either required by Generally Accepted Auditing Standards (GAAS) or are included at the auditor’s discretion. For example, an othermatter paragraph may disclaim an opinion on other information that was presented for the purpose of additional analysis and was not part of the basic financial statements.

A pass-through entity receives federal money, but is not the ultimate recipient of the funds. Rather, the entity “passes through” the funding as a subaward to a subrecipient that carries out the federal program. For example,  the Tennessee Department of Heath functions as a pass-through entity by directly receiving federal grant funds for public health. In turn, the department passes the funds on to a local clinic (a subrecipient) to administer the public health program to citizens in that local area.

See also
• subaward
• subrecipient

Peer Review is the evaluation of an audit organization by audit professionals to determine if the quality control system ensures compliance with audit standards.

Government Auditing Standards require an audit organization to obtain an external peer review at least once every three years and to make its most recent peer review report publically available.

The Comptroller's Office's Department of Audit undergoes an external review of its quality control system every two years by the National State Auditors Association. Section 8-4-102, Tennessee Code Annotated, states:

Previous to the convening of each biennial general assembly, the speaker of the senate and the speaker of the house jointly may contract for the services of an independent public accounting firm to audit or review the operations of the office of the comptroller, or may call upon the director of the division of state audit to review with them a current audit of the comptroller of the treasury. The speakers may appoint a committee of the general assembly for the purpose of such review.

The most recent review was performed in July 2016 by Certified Public Accountants from several local, state, and federal audit organizations, as well as other executive-level posts in federal and state governments. The purpose of the review was to ensure that the Department of Audit is meeting its responsibility to perform audit work in accordance with government auditing standards generally accepted in the United States of America. The report of the peer review for the year ended June 30, 2016, rendered a pass opinion on the department's system of quality control, meaning that our quality control system is designed appropriately and our working papers demonstrate compliance with auditing standards. The 2016 peer review report on the Comptroller's Department of Audit is posted to the Comptroller's website.

Unlike financial and compliance audits, which test for compliance with laws and audit financial statements, performance audits evaluate whether state agencies and departments are effectively administering their programs. Performance audits provide objective analysis to help management and those charged with governance improve program performance and operations, reduce costs, facilitate decision making, and contribute to public accountability. In Tennessee, performance audits are conducted as deemed necessary by the Comptroller and as defined in the Tennessee Governmental Entity Review Law.

See also
• sunset audit
• Tennessee Governmental Entity Review Law (Sunset Law)

Performance measures are a composite of key indicators of a program’s inputs, outputs, outcomes, productivity, timeliness, and quality. They are a means of evaluating policies and programs by measuring results against agreed- upon program goals or standards. The Comptroller’s sunset audits often include a review of an entity’s performance measures. 

See also
• compliance requirements in a Single Audit
• Period of Performance requirements
• sunset audit

A permanent fund is a type of governmental fund that is legally restricted in that only earnings, and not principal, may be used for purposes that support the government’s programs. Because the principal is never used, the fund exists permanently. The State of Tennessee’s main permanent fund is the Chairs of Excellence Fund. Although the principal is kept intact, interest is used to endow professorships, or chairs, that incentivize top scholars to relocate to Tennessee public colleges and universities. By funding these positions with interest from the permanent fund,  colleges and universities do not need to pay for them out of their operating budgets.

See also
• fund/fund accounting

A population is the entire set of data about which the auditor wishes to draw conclusions, such as all travel expenditures for a period of time. In order to be cost effective, auditors usually test a representative sample of the population, rather than the entire population, to draw conclusions.

See also
• sampling 

Preventive controls are actions taken to deter undesirable events from occurring. Examples include review and approval of an invoice prior to paying a vendor for services, thereby preventing overpayments or payments made in error.

A primary government may be a state government, a general local purpose government, or a special purpose government that is legally separate and fiscally independent from other state or local governments (e.g., a utility district). The primary government is the focus of the financial reporting entity. For example, the State of Tennessee, and not its component units, is the focus of the financial reporting entity.

See compliance requirements in a Single Audit.

Exercising professional judgment and skepticism are integral parts of the audit process. When using professional judgment, an auditor acts with reasonable care—in accordance with all applicable standards and ethical principles —while questioning and critically assessing evidence. In adopting a mindset of professional skepticism, auditors assume that management is neither dishonest nor of unquestioned honesty. Professional judgment is used to evaluate whether evidence is appropriate and sufficiently supports the audit’s findings and conclusions. It involves both the professional judgment of individual auditors and the application of the collective knowledge, skills, and experiences of all the personnel involved with an audit. Professional judgment is the application of relevant training, knowledge, and experience, within the context provided by auditing, accounting, and ethical standards, in making informed decisions about the courses of action appropriate in the circumstances of the audit. 

Program income is income earned by a grant recipient that is directly generated by a supported activity or earned as a result of the award. Program income must be spent according to the terms of the award. In most cases, it must be put back into the program.

See compliance requirements in a Single Audit.

In governmental accounting, a proprietary fund is a fund that focuses on the determination of operating income, changes in net position, financial position, and cash flows. There are two types of proprietary funds: enterprise funds and internal service funds. 

See also
• fund/fund accounting

All records, regardless of form, made or received pursuant to law or in connection with any governmental agency's official business are public. However, some records are designated as "confidential public records," meaning information or matters within the record is considered to be privileged and access to the general public is statutorily denied.

See types of financial statement audit report opinions.
See types of Single Audit compliance report opinions.

In the context of the Tennessee Governmental Entity Review Law, the entities that do not require full audits are provided with questions developed by Comptroller’s Office audit staff and based on review of the relevant statutes, prior audit reports, annual reports, and other available information. Questions typically address an entity’s purpose, statutory duties, membership, staff, administrative attachment, revenues, expenditures, legislative changes, accomplishments, standard reports, meetings, and disclosure of conflicts of interest. Other questions may be tailored to specific activities of an entity. The entity appears at a public hearing before the Government Operations Committee of the General Assembly to present the answers to the questions.

See also
• sunset hearing
• Tennessee Governmental Entity Review Law (Sunset Law)

Questioned costs are auditee expenditures that the auditor has determined might need to be returned to the federal government. These are costs that:

• resulted in a violation (or possible violation) of federal statutes, regulations, or award terms and conditions; 
• at the time of the audit, were not supported by adequate documentation; or 
• would not appear necessary and reasonable to a prudent person.

Questioned costs are reported in Single Audit reports. Federal grantor agencies are responsible for the resolution of questioned costs.

See also
• questioned costs resolution
• Single Audit

The federal government makes the final determination of when questioned costs identified in an audit have been resolved. The federal government may choose to disallow the questioned costs in part or in full, which would require the auditee to return the disallowed amount. Based on additional information and documentation submitted by the auditee, the federal government may also decide that the questioned costs are allowable after all. 

See also
• audit resolution
• disallowed costs

A financial audit is not a guarantee that the financial statements are free from material misstatement, nor is a performance audit a guarantee that there is no noncompliance, because absolute assurance is not attainable. Rather than attempting to provide absolute assurance, an audit provides reasonable assurance, which
is a high level of assurance.

Factors affecting reasonable assurance include:

• the inherent limitations of an audit, that is, the failure of audit procedures to detect material misstatements in financial statements because of: 

○ the use of testing (application of procedures on samples);
○ the inherent limitations of accounting and internal control systems; and
○ the persuasive, rather than conclusive, nature of audit evidence; 

• the auditor’s judgment in gathering evidence and drawing conclusions; and
• the existence of other limitations such as related parties.

An auditor works within economic limits. To be economically useful, the audit opinion must be formed within a reasonable time and at a reasonable cost. The auditor must exercise professional judgment to decide whether the evidence available within time and cost limits is sufficient to justify an opinion.

An internal control, no matter how well designed and operated, cannot guarantee that an entity’s objectives will be met because of inherent limitations in all internal control systems. Internal controls are a process implemented by management to provide reasonable assurance regarding achievement of objectives in the following categories: effectiveness and efficiency of operations; reliability of reporting for internal and external use; and compliance with applicable laws and regulations.

See also
• internal control

A recipient is a non-federal entity, such as a state, municipality, or nonprofit organization, that receives federal awards directly from the federal government to carry out a federal program.

See also
• federal award
• subrecipient

A recommendation is a course of action suggested by the auditor relating to correcting problems defined in an audit finding.

See also
• elements of a finding
• finding

Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.

See compliance requirements in a Single Audit. 

A representation letter is a written statement to the auditor from a management position in the governmental entity being audited, such as the mayor, city manager, state department commissioner, agency executive director, or chief financial officer. A typical representation letter confirms that the financial statements are presented fairly, and reinforces management’s responsibilities for the financial statements, internal controls, and other information. Management’s representations provide the auditor with audit evidence that management has fulfilled its responsibility as set out in the terms of the audit engagement letter. 

The representation letter is not included in the auditor’s report but is maintained within the audit working papers. The letter is dated at the date of the auditor’s report.

See also
• working papers

Required supplementary information (RSI) is information that a designated accounting standards setter requires to accompany an entity's basic financial statements. RSI is not part of the basic financial statements; however, it is considered to be an essential part of financial reporting for placing the basic financial statements in an appropriate operational, economic, or historical context. The auditor applies certain limited procedures to the RSI but does not express an opinion or provide any assurance on the information because the limited procedures do not provide sufficient evidence to do so.

See also
• financial statements

Revenue is the income attributable to a designated fiscal accounting period that will affect the balance (surplus) or deficit resulting from the operations of that period.

See attestation engagements.

Risk, specifically audit risk, is the possibility that auditors' findings, conclusions, recommendations, or assurances may be improper or incomplete, as a result of insufficient, misleading, or omitted evidence due to misrepresentation or fraud. Audit risk includes the risk that auditors will not detect a mistake, inconsistency, significant error, or fraud in the evidence supporting the audit. Audit risk can be reduced by taking actions such as increasing the scope of work; adding specialists, additional reviewers, and other resources to perform the audit; changing the methodology to obtain additional evidence, higher quality evidence, or alternative forms of corroborating evidence; or aligning the findings and conclusions to reflect the evidence obtained.

The two components of audit risk are the risk of material misstatement (i.e., inherent risk and control risk) and detection risk.

See also
• control risk
• detection risk
• evidence
• finding
• fraud
• inherent risk
• methodology
• misstatement/material misstatement
• scope

A risk assessment is a systematic process for identifying risks that may be involved in a particular program or entity. The assessment includes evaluating the likelihood that an identified risk will occur and its potential impact. Risks can result from, for example, new and complex entity programs or prior audit findings.

Risk assessment helps management achieve the entity's goals and objectives and prevent loss of resources. Risk management also helps ensure effective reporting and compliance with laws and regulations, and helps avoid damage to the entity's reputation and associated consequences.

See also
• Financial Integrity Act
• Standards for Internal Control in the Federal Government (Green Book)

Risk of material misstatement is the risk that an entity's financial statements are materially misstated prior to the audit. This risk may stem from two factors: inherent risk, which may result from complex transactions or estimation; and control risk, or weak internal controls.

See also
• control risk
• detection risk
• inherent risk
• internal control
• misstatement/material misstatement
• risk

Risk of material noncompliance is the risk that an entity, due to either error or fraud, has failed to comply with grant compliance requirements and the noncompliance is considered pervasive. Examples of risks of material noncompliance include an entity with a history of poor recordkeeping for its federal programs and an entity that is experiencing financial difficulties and could divert federal funds for unauthorized purposes.

Sampling is the examination of less than 100 percent of the items within a population to provide the auditor with a reasonable basis on which to draw conclusions about the entire population. There are two general approaches to audit sampling: nonstatistical and statistical. Both approaches require the auditor to use professional judgment in planning, performing, and evaluating a sample and in relating the audit evidence produced by the sample to other audit evidence when forming a conclusion about the related account balance, class of transactions, or processes.

See also
• evidence
• population
• professional judgment/professional skepticism
• sampling risk

Sampling risk is the probability that the auditor has reached an incorrect conclusion because an audit sample, rather than the whole population, was tested. While sampling risk can be reduced to an acceptably low level by using an appropriate sample size and selection method, it can never be eliminated.

The Schedule of Expenditures of Federal Awards (SEFA) is a required Single Audit schedule prepared by state and local governments and nonprofit entities each year. The SEFA lists the expenditures for each federal grant during the period covered by the organization’s financial statements and includes: 

• a list of individual federal programs by federal agency;
• the name of each pass-through entity and the identifying number assigned by the pass-through entity for federal awards received as a subrecipient;
• the total federal awards expended for each individual federal program; and
• the Catalog of Federal Domestic Assistance (CFDA) number or other identifying number when the CFDA number is not available.

See also
• Catalog of Federal Domestic Assistance (CFDA)
• pass-through entity
• Single Audit
• subrecipient

The Schedule of Findings and Questioned Costs is a component of the Single Audit Report that includes: 

• the type of opinion (unmodified, qualified, adverse, or disclaimer) on the financial statements and each major program;
• significant deficiencies and material weaknesses in internal control disclosed by the audit of the financial statements and major programs; 
• material noncompliance with federal statutes, regulations, or the award terms and conditions related to a major program;
• significant instances of abuse, as well as known and likely fraud, affecting federal awards; and
• known and likely questioned costs greater than $25,000 for a type of compliance requirement for a major federal program.

See also
• abuse
• compliance requirements in a Single Audit
• federal award
• financial statements
• fraud
• internal control
• major federal program
• material noncompliance
• material weakness
• questioned costs
• significant deficiency
• Single Audit
• types of financial statement audit report opinions

Scope defines the subject matter that auditors will assess and report on, such as a particular program; the necessary documents or records; the period of time reviewed; and the locations that will be included.

According to Generally Accepted Governmental Auditing Standards (GAGAS), a limitation on the scope of the audit occurs when the auditor does not receive all information and explanations necessary to complete the audit. Examples of scope limitations include an entity restricting or limiting an auditor's access to accounting records or destroying records. Limitation of scope means the auditor cannot give an objective conclusion. Auditors issue modified opinions for scope limitations (i.e., disclaimer of opinion).

See also
• types of financial statement audit report opinions
• types of Single Audit compliance report opinions

Segregation of duties is the division of responsibilities within an organization in order to reduce the potential for fraud or theft. For example, management should assign different people the responsibilities of authorizing transactions, recording transactions,  and maintaining custody of assets. Segregation of duties reduces the opportunity for one person to both perpetrate and conceal errors or fraud.

See also
• fraud

Service organizations provide services that are relevant to user entities’ internal control for financial reporting.

Service organization control (SOC) reports meet the needs of a broad range of users that need information and assurance about the controls at a service organization that affect the security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. Examples of stakeholders who may need  SOC reports include management or those charged with governance of the user entity or service organization; customers of the service organization; regulators; business partners; suppliers; and others who have an understanding of the service organization and its controls.

SOC 1 reports are performed using the AICPA’s Statements on Standards for Attestation Engagements (SSAE) 16 standard and are intended to give a user organization information about the processes used by its service organization when performing financial reporting controls that may impact it. These reports concern the service organization’s controls that are relevant to the user organization’s financial statement assertions. 

SOC 2 reports focus on internal controls not related to financial reporting. These reports can help clients better understand internal controls at the service organization related to its system’s security, availability, processing integrity, confidentiality, and privacy. 

SOC 3 reports do not require a detailed description of the controls and the distribution of the report is not restricted. SOC 3 reports simply report on whether the service organization achieved one or more of the trust services principles and criteria. 

See also
• internal control 

Shared services refers to the consolidation of business operations that are used by multiple parts of the same organization.

Shared services are cost efficient because they centralize back-office operations that are used by multiple agencies of the same government and eliminate redundancy. Today, most states employ a shared services model for finance, human resources management, and information technology. The goal of a shared services delivery model is to allow each agency to focus its limited resources on activities that support the agency's goals. Technology has often been the driver for shared services within an organization because it can be expensive to purchase, maintain, and train employees to use.

The Strategic Technology Solutions Division provides centralized computer and data services for the State of Tennessee.

Significance is the relative importance of a matter within the context in which it is being considered, including quantitative and qualitative factors. Quantitative factors have a concrete measure or amount. Qualitative factors cannot be measured in amounts, such as the nature and effect of the matter, the relevance of the matter, the needs and interests of an objective third party with knowledge of the relevant information, and the impact of the matter to the audited program or activity. Professional judgment assists auditors when evaluating the significance of matters within the context of the audit objectives.

In the performance audit requirements, the term “significant” is comparable to the term “material” as used in the context of financial statement audits. 

See also
• material/materiality

A significant deficiency is a deficiency (or combination of deficiencies) in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance. 

See also
• internal control deficiency
• material weakness
• those charged with governance

The Single Audit is performed annually in accordance with the federal Single Audit Act of 1984 (as amended) and the Office of Management and Budget's (OMB) Uniform Guidance. Rather than individually auditing each federal grant or award, the Single Audit Act allows or requires governments (depending on the amount of federal assistance received) to have one audit performed to meet the needs of all federal grantor agencies. The Single Audit is a rigorous, organization-wide audit or examination of an entity that expends $750,000 or more of federal financial assistance (commonly known as federal funds, federal grants, or federal awards).

As part of the Single Audit, the auditor must prepare and submit three individual reports to the recipient and to the federal government. The first report is an opinion, or a disclaimer, on whether the recipient's financial statements are presented in accordance with generally accepted accounting principles. The second report addresses the status of internal controls relative to the financial statements and major programs. The third report is an opinion, or a disclaimer, on the degree to which the entity receiving federal funds has complied with the laws, regulations, and terms and conditions of the federal financial assistance awards.

If the Single Audit produces audit findings, the auditor must prepare the Schedule of Findings and Questioned Costs.

See also
• Compliance Supplement
• federal award
• questioned costs
• Schedule of Findings and Questioned Costs
• types of Single Audit compliance report opinions

A software application is a program used to direct the operation of a computer.

An auditor's specialist is an individual or organization possessing expertise in a field other than accounting or auditing, whom an auditor might rely on to obtain sufficient, appropriate audit evidence. A specialist may be either internal (someone within the auditing agency) or external. The Comptroller's Office occasionally uses internal specialists in its audits.

A special revenue fund is a governmental fund type whose funds come from specific revenue sources and are restricted or committed to finance particular activities of the government. Special revenue funds cannot be used for debt service or capital projects and are kept separately from resources held in trust for individuals, private organizations, or other governments. 

The State of Tennessee has two major special revenue funds—the Education Fund and the Highway Fund—and several nonmajor special revenue funds, including the Criminal Injuries Compensation Fund and the Environmental Protection Fund. Funding for the Education Fund is accomplished primarily from the dedicated sales and services taxes and federal monies received from the U.S. Department of Education. Funding for the Highway Fund comes primarily from dedicated highway user taxes and funds received from the various federal transportation agencies.

See also
• fund/fund accounting 

See compliance requirements in a Single Audit.

The U.S. Government Accountability Office’s Standards for Internal Control in the Federal Government, known as the “Green Book,” sets the standards for an effective internal control system for federal agencies. Internal control helps an entity run its operations efficiently and effectively, report reliable information about its operations, and comply with applicable laws and regulations. 

Tennessee has adopted the Green Book as a model for state agencies. State agencies should consider the guidance offered in the Green Book, including the increased emphasis on fraud and the role of change both inside and outside the agency.

See also
• internal control

The statement of activities is one of the basic financial statements that presents activities accounted for in governmental funds by function and activities accounted for in enterprise funds by different identifiable activities. 

See also
• Annual Comprehensive Financial Report (ACFR)
• enterprise fund
• governmental funds 

The statement of cash flows is one of the basic financial statements for proprietary funds. The focus of the statement is the changes in cash flows during the year in the following categories: operating, noncapital financing activities, capital and related financing activities, and investing activities.

See also
• Annual Comprehensive Financial Report (ACFR)
• proprietary fund 

The statement of changes in fiduciary net position is the basic statement of resource flows for fiduciary funds.

See also
• Annual Comprehensive Financial Report (ACFR)
• fiduciary funds

The statement of fiduciary net position is the basic statement of financial position for fiduciary funds. The statement must be presented using a net position format ([assets + deferred outflows of resources] - [liabilities + deferred inflows of resources] = net position).

See also
• Annual Comprehensive Financial Report (ACFR)
• fiduciary funds

The statement of net position is the basic statement of financial position for proprietary funds and government-wide financial statements. 

See also
• Annual Comprehensive Financial Report (ACFR)
• government-wide financial statements
• proprietary fund

The statement of revenues, expenditures, and changes in fund balances is the statement of resource flows for governmental funds.

See also
• Annual Comprehensive Financial Report (ACFR)
• governmental funds

The statement of revenues, expenses, and changes in fund net position is the statement of resource flows for proprietary funds.

See also
• Annual Comprehensive Financial Report (ACFR)
• proprietary fund

A subaward is a federal grant or award that is first given to a passthrough entity, such as a state agency, which then passes the award on to a subrecipient. The subrecipient, which may be a local government or a nonprofit entity, is the ultimate recipient of the award and carries out the federal program.

A subrecipient is not a contractor who provides services to the passthrough entity.

See also
• pass-through entity
• subrecipient 

A subrecipient is an entity that is a secondary or ultimate recipient of federal financial assistance. These federal funds are distributed, under contract or grant agreement, by a state or local government to the subrecipient and are used to carry out federal financial assistance 81 programs, usually at the local level.

An example of a subrecipient is a municipality that receives federal Housing and Urban Development Community Development Block Grant funds from the Tennessee Department of Economic and Community Development or a nonprofit receiving grants for the U.S. Department of Agriculture's Child and Adult Care Food Program from the Tennessee Department of Human Services.

See also
• compliance requirements in a Single Audit.
• pass-through entity
• Subrecipient Monitoring requirements

Subsequent events occur between the date of the entity’s financial statements and the date of the auditor’s report. Subsequent events provide additional evidence about conditions that existed at the balance sheet date, such as the bankruptcy of a customer with a history of financial difficulty. The financial statements are adjusted to reflect this evidence. Evidence about conditions that did not exist at the balance sheet date, such as a fire that destroyed the client’s plant after the balance sheet date, does not require adjustment of the financial statements but may be so significant as to require disclosure.

Sufficiency of audit evidence is a measure of the quantity of audit evidence needed to support auditor conclusions. The independent auditor’s objective is to obtain sufficient, appropriate evidence to provide a reasonable basis for forming an opinion. The quantity of the audit evidence needed is affected by the auditor’s assessment of the risks of material misstatement and also by the quality of such audit evidence.

See also
• misstatement/material misstatement

A sunset audit is a type of performance audit used by the Tennessee General Assembly's Government Operations Committees to recommend whether an entity should be continued, restructured, or terminated.

See also
• performance audit
• sunset hearing
• Tennessee Governmental Entity Review Law (Sunset Law)

When an entity reaches its termination date specified in statute, the subcommittees of the Joint Government Operations Committee hold sunset public hearings. The subcommittees review and take action on sunset audit reports and agency responses to questions issued by Comptroller's Office auditors to determine whether the entity should be continued, restructured, or terminated.

See also
• Question and Answer Review Process
• Tennessee Governmental Entity Review Law (Sunset Law)
• termination date

Supplementary information is information presented outside the basic financial statements, excluding required supplementary information, that is not considered necessary for financial statements to be fairly presented in accordance with the applicable financial reporting framework. Supplementary information adds to the reader’s understanding of the entity’s financial status. 

An example of supplementary information in the Single Audit is the Schedule of Expenditures of Federal Awards (SEFA). Supplementary information in the Annual Comprehensive Financial Report includes the combining statements. These statements, although not required by generally accepted accounting principles, are required by the Government Finance Officers Association in order for the government to receive the Certificate of Achievement for Excellence in Financial Reporting.

See also
• Certificate of Achievement for Excellence in Financial Reporting Program
• Annual Comprehensive Financial Report (ACFR)
• Schedule of Expenditures of Federal Awards (SEFA)

See compliance requirements in a Single Audit.

Tax abatement is a reduction in tax revenues that results from an agreement between one or more governments and an individual or entity in which (a) one or more governments promise to forgo tax revenues to which they are otherwise entitled and (b) the individual or entity promises to take a specific action after the agreement has been entered into that contributes to economic development or otherwise benefits the governments or the citizens of those governments. 

Section 4-29-101 et seq., Tennessee Code Annotated, requires each agency, board, commission, and other entity to be reviewed at least once every eight years by the legislative Joint Government Operations Committee to determine whether that entity should be continued, restructured, or terminated. 

The subcommittees of the Joint Government Operations Committee hold sunset public hearings to review and take action on sunset audit reports and agency responses to questions issued by Comptroller’s Office auditors. 

See also
• Question and Answer Review Process
• sunset hearing
• termination date

As specified by the Tennessee Governmental Entity Review Law, all state agencies, boards, commissions, and other entities exist only as long as they are authorized by statute. To continue operations, agencies must be periodically reauthorized by the legislative Joint Government Operations Committee. The committee establishes termination dates for all entities— from one to eight years in the future based on the recommendation of a subcommittee.

If an entity is not reauthorized or restructured at its termination date, it enters a wind-down period and has a specified amount of time to finish wrapping up before ceasing operations. 

See also
• sunset audit
• sunset hearing
• Tennessee Governmental Entity Review Law (Sunset Law)
• wind-down period

Those charged with governance refers to the person(s) responsible for overseeing the strategic direction of the entity and obligations related to the accountability of the entity. This includes overseeing the financial reporting process, subject matter, or program under audit, including related internal controls. Depending on the circumstances, those charged with governance could be management, oversight bodies, members or staff of legislative committees, boards of directors, audit committees, or parties contracting for audits. During an audit, auditors communicate with those charged with governance. 

Transparency is the clear disclosure of information, rules, plans, processes, and actions. Simply making information available is not sufficient to achieve transparency. Information needs to be relevant and accessible as well as timely and accurate. Transparency leads to more trust in government leaders and missions; improved workplace culture and employee morale; and more efficient problem-solving. An example of transparency would be making financial information available online.

See also
• accountability

In an auditor's report, the auditor expresses an opinion as to whether generally accepted accounting principles have been followed and applied on a basis consistent with that used the preceding year.

An unmodified opinion indicates that the financial statements are, in all material respects, presented fairly in accordance with generally accepted accounting principles.

Modified opinions include the following:

• qualified: with the presence of sufficient, appropriate audit evidence, misstatements are material but not pervasive to the financial statements; or, with the absence of sufficient, appropriate audit evidence, the possible effects on the financial statements of undetected misstatements could be material but not pervasive;
• disclaimer: the auditor is unable to obtain sufficient, appropriate audit evidence but concludes that the possible effects on the financial statements of undetected misstatements could be both material and pervasive; or 
• adverse: with the presence of sufficient, appropriate audit evidence, misstatements are both material and pervasive to the financial statements.

See also
• material/materiality
• misstatement/material misstatement 

In a Single Audit Report, the auditor is required to express an opinion, or a disclaimer, on the degree to which the recipient of federal financial assistance has complied with laws, regulations, and the terms and conditions of the federal financial assistance awards.

An unmodified opinion signifies the audited entity complied in all material respects with laws, regulations, contracts and grant agreements.

Modified opinions include the following:

• qualified: compliance deviations are material but not widespread;
• disclaimer: the auditor is unable to obtain sufficient, appropriate evidence to determine program compliance with laws, regulations, contracts and grant agreements; or
• adverse: compliance deviations are widespread.

See also
• material/materiality

When auditing a grant recipient’s spending to determine compliance with a grantor’s requirements, an auditor identifies unallowable costs when the grant recipient has failed to spend grant funds in accordance with the grant requirements. These costs may ultimately be officially classified as disallowed costs by the federal grantor.

See also
• compliance requirements in a Single Audit
• disallowed costs

A uniform chart of accounts is the account numbering system used by county governments to classify transactions on financial statements. Since the majority of counties use this numbering system to classify financial information, accounting for transactions is generally uniform across the state. 

The federal Office of Management and Budget's (OMB) Uniform Guidance establishes uniform cost principles and audit requirements for federal awards to nonfederal entities and administrative requirements for all federal grants and cooperative agreements.

See also
• compliance requirements in a Single Audit
• Compliance Supplement
• Office of Management and Budget (OMB)
• Single Audit

See types of financial statement audit report opinions.
See types of Single Audit compliance report opinions.

Unrestricted net position is one of three components of net position that must be reported in both government-wide and proprietary fund financial statements. It is the difference between total net position and its two other components (net investment in capital assets and restricted net position).

See also
• Annual Comprehensive Financial Report (ACFR)

User permissions are rights granted to users that allow them to update, edit, or delete files in the computer system.

Acts of fraud, waste, or abuse impact the resources of a government and its agencies. Waste is the mismanagement, inappropriate actions, and inadequate oversight that results in taxpayers not receiving reasonable value for money in connection with any government-funded activity. Since October 1983, the Comptroller’s Office has provided a tollfree hotline for reporting fraud, waste, and abuse of government funds and property.

See also
• abuse
• fraud

When an entity has reached its termination date and is abolished, rather than reauthorized or restructured, in accordance with the Governmental Entity Review Law, it has until June 30 of the next calendar year to finish its affairs. This period is referred to as the wind-down period, after which the entity will no longer exist. 

See also 
• sunset hearing
• Tennessee Governmental Entity Review Law (Sunset Law)
• termination date

Working papers are audit documentation auditors create or gather to show the work they have done, the methods and procedures they have followed, and the conclusions they have developed in an audit of financial statements or other type of engagement. Audit working papers are used to provide reasonable assurance that the audit was performed in accordance with relevant auditing standards.

Tennessee law states that the Comptroller's Office's working papers are confidential and are not open for public inspection.

See also
• evidence

The U.S. Government Accountability Office (GAO) issues professional standards and guidelines for conducting government audits. Formally titled Government Auditing Standards, the standards are often referred to as the Yellow Book because of the cover on the print version of the standards. Audits performed by the Comptroller’s Office follow the Yellow Book’s standards and guidelines.

See also
• Generally Accepted Government Auditing Standards (GAGAS)
• Government Accountability Office (GAO)

CFE ................................................. Certified Fraud Examiner
CGFM .................Certified Government Financial Manager
CISA......................... Certified Information Systems Auditor
CPA ............................................. Certified Public Accountant

AAA................................. American Accounting Association
AGA......................Association of Government Accountants
AICPA.................................... American Institute of Certified Public Accountants
COSO.................... Committee of Sponsoring Organizations of the Treadway Commission
GFOA.................. Government Finance Officers Association
IIA.............................................. Institute of Internal Auditors
IMA............................Institute of Management Accountants
ISACA...................................Information Systems Audit and Control Association

ACFR.....................Annual Comprehensive Financial Report
CFDA......................Catalog of Federal Domestic Assistance
SEFA............... Schedule of Expenditures of Federal Awards