Expert: Consuelo Herrera, International Accountant and Fraud Examiner - 6/25/2009

Question
I completed an audit of a N.C. governmental unit under Government Auditing Standards.  The attorney for the unit (with the blessing of the unit) has requested a copy of my workpapers for his files.  They have stated that there is no concern or issue, but would like to review my workpapers.  These workpapers have actually been peer reviewed and I have nothing to hide.  I would like to know the current rules on custody of workpapers and if I am required to give the attorney a complete copy of my workpapers.

Answer
Dear Greg,


Thank you for contacting me.


The document below could give you some insight regarding your concern. In addition the PCAOB AU section 339A would be useful in clarifying your question.


In addition, for a better understanding this link will take you to an article in the CPA Journal with great content about audit documentation.

http://www.nysscpa.org/cpajournal/2005/605/essentials/p30.htm

Finally, keep in mind that I am not an attorney and that you should discuss your concerns with the agency's counsel or the senior auditor.


..All requests for access to working papers, whether routine or nonroutine, must be made in writing, with a general description of the purpose of the request.  Nonroutine requests must further state the specific working papers requested and the desired use.

.....Permit access to working papers for nonroutine requests only after obtaining approval from the appropriate management of both the Office of the Budget and affected agency(ies).

.....Reply to all nonroutine requests in writing.


Audits performed in accordance with Government Auditing Standards are often subject to review by other auditors and by oversight officials.  Federal, state and local governments and other organizations may cooperate in auditing programs of common interest, and therefore, use of other auditors' work will avoid duplicate audit efforts.  Arrangements should be made so that working papers will be made available, upon request, to other auditors.

Outside parties may also request access to audit documentation.  This usually occurs when the party attempts to obtain information indirectly from the auditor that it is unable to obtain from the audited entity.  Government Auditing Standards require audit organizations to develop policies and criteria to deal with such situations.

Comptroller Operations Directive (COD) 2300.2 - "Release of Audit Work Papers to Third Parties," provides policy, responsibilities and procedures for the release of audit working papers and related audit reports to requesting third parties.  Comptroller Operations audit offices should provide access to their audit working papers in accordance with generally accepted auditing standards, and criteria discussed within COD 2300.2.

To fulfill responsibilities for controlling access to audit working papers, Comptroller Operations audit offices should receive, review and subsequently approve or disapprove all requests from third parties.  All requests must be made in writing, with a general description of the purpose of the request.

Enclosure 1 to COD 2300.2 details criteria for determining access to audit work papers by third parties.  Generally, approval for access to working papers is encouraged and should be granted except in the following situations:

·   Access would not be in the best interests of the Commonwealth; or

·   A greater purpose would be served by denying, rather than approving access; or

·   Legitimate interest or need for access has not been demonstrated; or

·   Access would jeopardize the Commonwealth’s position in litigation; or

·   Disclosure of requested information would violate confidentiality or sensitivity standards, or would jeopardize legitimate confidences, or security regulations or provisions.

When approval is granted, access should be controlled.  Only those specific working papers necessary to satisfy the third party request should be provided.  Where possible, arrangements should be made to have a responsible audit staff member available during the review of the audit working papers to prevent the loss, alteration or destruction of such documents and to preclude possible misinterpretation of the audit working paper content.  While there generally should be no objection to copying or taking abstracts of working papers, original documents should never be out of the control of a responsible audit staff member.

Certain requests for access to working papers are considered nonroutine, as defined in COD 2300.2.  Nonroutine requests include those requests from third parties outside the Commonwealth or from Commonwealth organizations not under the Governor’s jurisdiction, except for (1) those requests made to avoid duplication of audit or investigative effort where the requesting party has a clear right to the information or (2) requests where the audit working papers do not contain sensitive, unusual or confidential findings and recommendations.

Nonroutine requests must not only state the general purpose of the request, but must further state the specific working papers being requested and the desired use. In instances of nonroutine requests for access, release of working papers and confidential information is contingent upon the approval of the Deputy Secretary for Comptroller Operations, Comptroller or Bureau Director, Office of the Budget Chief Counsel, and where appropriate, the affected Agency Head and Agency Counsel.  All replies to nonroutine third party requests for access must be made in writing, informing them of approval or disapproval.


Hope it helps.

I wish you success in your endeavors.


Sincerely,


Consuelo Herrera, CAMS, CFE