What Are the GAGAS Standards for Government Auditing?

Generally Accepted Government Auditing Standards (GAGAS) provide a framework for conducting audits of government entities and those receiving government funds. Issued by the U.S. Government Accountability Office (GAO), these standards are designed to ensure that audits are performed with competence, integrity, objectivity, and independence. Often called the “Yellow Book” because of the historical color of its cover, GAGAS promotes accountability and transparency in the use of public resources. A 2024 revision of the Yellow Book is effective for audits of periods beginning on or after December 15, 2025, with early implementation permitted.

Scope and Applicability of GAGAS

The requirements of GAGAS extend to a wide range of auditors and organizations. Federal auditors, such as those within the GAO and various Offices of Inspectors General, are required to follow these standards. The applicability also includes auditors at state and local government levels who often adopt GAGAS for their own audit work, either by law or policy.

GAGAS is not limited to government employees. External auditors and public accounting firms contracted to perform audits of government organizations must also comply with the Yellow Book. This mandate frequently extends to audits of non-governmental entities that are recipients of government financial assistance. For instance, a nonprofit organization, university, or for-profit company that expends $1,000,000 or more in federal awards in a fiscal year may be subject to an audit conducted under GAGAS, often as part of a “Single Audit.”

The trigger for a GAGAS audit is typically established by law, regulation, or the terms of a contract or grant agreement. An agency providing a grant may explicitly state in the agreement that any required audit must adhere to GAGAS. Similarly, federal law mandates that audits of federal agencies and certain recipients of federal funds follow these standards.

Foundational Principles and General Standards

GAGAS is built on five ethical principles that guide an auditor’s work.

• The public interest, which frames the auditor’s ultimate responsibility to serve the citizenry.
• Integrity, which requires auditors to be straightforward and honest.
• Objectivity, which demands they remain free from conflicts of interest and bias in their findings and conclusions.
• Proper use of government information, which means auditors must not use nonpublic data for personal gain.
• Professional behavior, which requires adherence to all relevant standards and laws.

Independence is a standard within GAGAS, and auditors must be independent in both mind and appearance. Independence in mind refers to the auditor’s actual state of mind, enabling them to perform an audit without being affected by influences that compromise professional judgment. Independence in appearance is the avoidance of circumstances that would cause a reasonable third party to conclude that the auditor’s integrity or objectivity has been compromised. GAGAS provides a conceptual framework for auditors to identify, evaluate, and apply safeguards to mitigate threats to their independence.

Competence is a general standard, requiring that the audit team collectively possess the necessary skills and knowledge for the engagement. GAGAS mandates specific Continuing Professional Education (CPE) for auditors who perform work under its standards. Auditors must complete at least 80 hours of qualifying CPE every two years, with a minimum of 24 hours dedicated to subjects directly related to the government environment or government auditing. At least 20 hours must be completed in each year of the two-year period.

GAGAS requires every audit organization to establish and maintain a system of quality management. The 2024 Yellow Book requires this system to be designed and implemented by December 15, 2025. To enforce this, audit organizations conducting GAGAS audits must undergo an external peer review at least once every three years. This review, performed by an independent team from another audit organization, assesses whether the reviewed organization’s quality management system is suitably designed and operating effectively. The results of the peer review are made publicly available.

Types of GAGAS Engagements

The three primary types of GAGAS engagements are financial audits, attestation engagements, and performance audits.

Financial audits performed under GAGAS provide an opinion on whether an entity’s financial statements are presented fairly, in all material respects, in accordance with generally accepted accounting principles. These additional requirements focus on areas of heightened public accountability.

Attestation engagements involve an auditor issuing a report on a specific subject matter, or an assertion about that subject matter, which is the responsibility of another party. These engagements can take several forms, such as an examination, a review, or the performance of agreed-upon procedures. Examples relevant to the government sector include reporting on an entity’s compliance with specific laws or regulations, or providing assurance on the effectiveness of an organization’s internal controls over its compliance processes.

Performance audits are a significant category of work under GAGAS, providing findings and recommendations to improve government programs and services. Unlike financial audits that focus on historical financial data, performance audits provide objective analysis on topics such as program effectiveness, economy, and efficiency. They can assess whether a program is achieving its stated goals, whether it is doing so at a reasonable cost, and whether it is complying with relevant laws and regulations related to its performance. These audits are forward-looking and aim to help decision-makers enhance government operations and reduce costs.

Specific Fieldwork and Reporting Standards

For financial audits, GAGAS supplements the fieldwork standards of the AICPA. Auditors are required to plan and perform procedures to test for compliance with provisions of contracts or grant agreements that could have a direct and material effect on the financial statements. Auditors must also gain an understanding of the entity’s internal control over compliance with these provisions, assessing the potential for material noncompliance.

The reporting standards for GAGAS financial audits are more extensive. In addition to the standard opinion on the financial statements, the auditor is required to issue a separate report, or a separate section within their main report, on internal control over financial reporting and on compliance with laws, regulations, and agreements. This report describes the scope of the auditor’s testing of internal controls and compliance and discloses any significant deficiencies or material weaknesses in internal control, as well as any instances of noncompliance or fraud.

Performance audit fieldwork standards require auditors to adequately plan and supervise the engagement, obtain sufficient, appropriate evidence to support their findings and conclusions, and prepare comprehensive audit documentation. The evidence must provide a reasonable basis for the auditor’s judgments. The standards emphasize linking the audit’s objectives, findings, conclusions, and any recommendations directly to the evidence gathered during the engagement.

The report for a performance audit communicates the results to management, oversight bodies, and the public. GAGAS requires these reports to include the audit’s objectives, scope, and methodology. The report must also present the findings, which are the core of the audit, along with the auditor’s conclusions. When applicable, the report should also contain recommendations for action to improve program operations, which should be logical, practical, and directed at the parties responsible for implementation.