Federal auditing encompasses multiple frameworks and organizational structures designed to ensure accountability, compliance, and proper stewardship of taxpayer resources. Understanding the different audit types, GAGAS standards, and how the appropriations process works is essential for federal auditors and oversight professionals.
- Three primary audit structures exist within the federal government: the Government Accountability Office (GAO), Offices of Inspector General (OIGs), and internal review functions, each with distinct independence levels and jurisdictional scope.
- GAGAS standards (the Yellow Book) require federal auditors to perform with integrity, objectivity, and independence, with the 2024 edition placing significant emphasis on internal controls evaluation.
- The appropriations process flows from agency budget submissions through congressional review and approval, culminating in the issuance of appropriation warrants that authorize federal agencies to access and spend allocated funds.
This lesson is a preview from our Government Auditor Level I Certificate Program. Enroll in a course for detailed lessons, live instructor support, and project-based training.
This is a lesson preview only. For the full lesson, purchase the course here.
So within the federal government, there are three different ways that audits and inspections can be done, and these are part of the government, not the external auditors, which we're not going over the ones that do the annual financial reports. But within the government, of course, the largest is the Government Accountability Office, and that's known as GAO, or author of the yellow book. They're the congressional watchdog, and they audit anything from financials to compliance, performance, you name it.
They audit DOD components and federal agencies, so basically anything belonging to the federal government, GAO has accountability over. Then you have your different offices of inspector generals, known as OIGs or IGs, and they audit the federal agencies to which their OIG is attached. Now, they are independent, meaning they don't report to the agency head, but they do incrementally perform audits within their agencies.
And then you have internal review, and for the past couple of decades, those have really been phasing out. The reason for that is they're not independent. They're within the agency, and they complete reviews or audits within that agency, and the agency head is over those reviews.
So there's not a lot of independence there. Where you will find that office is in DOD components. Commanders often want their programs reviewed.
As you well know, commanders are responsible for anything that goes on under them, so their careers are on the line, and it's best to just continuously have your organization reviewed and apply fixes to it before audit or inspections comes in and finds something. So the different types of audits, of course, you've got financial audits, and that's a review of the financial records, statements, systems, transactions, obligations, all of that. Then you have performance audits, and they evaluate the federal programs.
They're really looking at whether the programs are running efficiently and effectively, whether they're achieving their goals, and whether taxpayer money is being spent correctly without fraud. Then you have compliance audits, and they ensure the laws, regulations, and contracts within the agencies are followed, and those normally are part of either a performance audit or financial audit anyway because you're looking at compliance regardless of what type of audit that you do. Then lastly are the IT systems audits, and those are being reviewed for security and effectiveness, and that really takes a specialty.
I don't think any kind of auditor could just go in and look at an IT system. I think that depending on the agency and the technicality of that system, you'd really have to have in-depth knowledge of that to be able to audit those systems. So GAGIS audit standards are the yellow book.
The latest version is 2024, and that's what we're covering within this course. The edition before that is the 2018, and between the two what I noticed was there was a lot in 2024, there's a lot of reference to internal controls. Chapter 8 itself really is heavy with internal controls telling an auditor what needs to be looked at, how that needs to be incorporated into the audits.
6 and 7 also touch on internal controls within the yellow book, and the yellow book basically is requiring federal auditors and any contractors that are in the federal environment that are auditing federal organizations or financial statements are obviously required to perform with integrity, being objective, and independent, and you know emphasizing the public interest ethics and accountability when using taxpayer funds should be the primary focus according to the GAO. So in specifics, paragraph 1.02 of the latest GAGIS, and since this is a law just sort of read that if you want to follow along, and that deals with accountability of public resources and government authority being the key to our nation's governing processes. Management and officials entrusted with public resources are responsible for carrying out functions and providing service effectively, efficiently, economically, ethically, and equitably.
I guess we could call that the five E's or within the context of the statutory boundaries of their specific program. What does that mean? Basically, it means the government relies on officials being responsible for how they use public money. Then you got paragraph 1.09, and this really lays it out here according to the Inspector General Act of 1978, it requires all federal IGs to comply with GAGIS for audits of any federal organization, program, activity, or function.
The act also requires IGs to take appropriate steps to assure that the work performed by the non-federal auditors also complies with GAGIS, and you know coming to mind there would be contractors that are hired to do annual financial audits for the annual financial report requirement to report to Congress that has to be independent and external to the government. So those are contractors, and since they are auditing contractor programs and financials, then they are required to specifically go by the yellow book as well. And then GAGIS paragraph 1.12 provides standards used by a wide range of auditors and organizations over government entities and any entity receiving government awards.
So in specific, subparagraph a requires contract auditors to use GAGIS when completing their audits and reporting. What is a federal appropriation? So under article 1 of the Constitution, Congress has authority to spend tax dollars using federal appropriations to allocate money for all federal entities, DOD components, and federal agencies every fiscal year. A fiscal year runs from 1 October to 30 September of the next year.
For example, fiscal year 2026 is going to cover 1 October of 2025 through 30 September 2026. So the appropriations process starts, and this is a real basic overview, I mean of course it's a lot more detailed than this, but the process starts with the President's budget request to Congress. The submission is required by law on the first Monday of every year in February.
Now I don't think that those standards are met very much, but I haven't ever seen any repercussions from not getting those into Congress from federal agencies by that deadline. But once those are turned in, Congress has hearings, they develop, they consider a high-level budget plan, and once that's approved, the Appropriations Committee crafts appropriation bills. And now there are 12 appropriation bills in the budget, and obviously there are a lot more federal agencies and DOD components than that, so they're grouped in to the different specific appropriations.
So just a little diagram of what we just went over. So the federal agencies submit the program and budget requirements to the President, and basically that's going straight to Office of Management and Budget under the President, OMB, and OMB then submits to Congress. Congress then passes the budget and appropriates the funding back to the federal agencies, so you just have a complete circle there.
All right, getting into the FAR. The U.S. Code of Federal Regulations, Title 48, is what the FAR is known by officially, and it contains federal appropriations law. So what is federal appropriations law? It's the rules and statutes over authorization and allocation of any treasury funds to federal agencies and DOD components.
It really specifies how these funds are going to be spent, for what purpose they're for, the amounts, the time frames they have to be spent in, whether it's multi-year, single-year, it will specify that in the law. So the creation of the FAR actually happened in October, October 1st of 1984, and it was accomplished by the Federal Acquisition Regulatory Council, otherwise known as the FAR Council. It established the federal statute, and if you see at the bottom of the slide there, it actually shows you where to go, Title 41, if you wanted to look that up, but it works, the council works with the Office of Federal Procurement Policy, OFPP, to guide the Federal Acquisition Regulation, or FAR, to create a unified procurement system.
So they all work in tandem with each other, and so the FAR Council is actually composed of the heads of GSA, General Services Administration, DOD, Department of Defense, and NASA. There is no information that I could ever find on why these specific agency heads were selected to be the council, but they are, and they have been, and they still are. And the key functions of the council is to provide leadership, to provide the policies, they review individual supplements from fellow agencies, and definitely ensure that there's no conflict overall with the FAR.
And GAO is responsible for the FAR as far as making the actual changes, and that's why they're known as the author. So the FAR will always include up-to-date Federal Acquisition Circulars, and if you're looking for a circular, starting in fiscal year 2019, the circulars were changed to reflect the fiscal year so that you could more easily find the circulars within the FAR, and they're codified by, the fiscal year will come first, like 2025 in the example on the slide, and if it's the sixth circular that they've put out that year, it'll be dash 06, dash 10, dash 12, whatever that may be.