Auditor Fraud Resources

Fraud Guidance

Photo of fleet of shipsDoD employees must disclose any known fraud, abuse, corruption, mismanagement, or waste to the appropriate DoD, Federal government, other appropriate official, or hotline. DoD employees are also encouraged to report any suspected irregularities indicating that fraud, waste, abuse, corruption, or mismanagement may have occurred or may be ongoing.  Individuals should be able to make all disclosures without the fear of reprisal. 

DoD auditors or non-Federal government auditors performing audits1 for DoD have additional responsibilities.  DoD expects auditors to be proactive in identifying and referring to the appropriate investigative organization known or potential fraud, abuse, or corruption; no matter the work being performed.  By maintaining a high level of fraud awareness and appropriately assessing fraud risk during the planning and execution phases, the auditor is taking the proper approach to uncover fraudulent acts.  DoD auditors should live up to their fiduciary responsibilities to DoD, the Federal government, and the public.

 

Environment Conducive to Fraud

MoneyAn auditor should understand under what circumstance fraud is most likely to occur.  The conditions can be summarized in two words, opportunity and motive, which apply separately and jointly to individuals and the organization, whether government or non-government. 

Much emphasis is given to individuals committing fraud against organizations for personal benefit.  However, auditors must be able to recognize organizational fraud, fraud committed for the direct benefit of the organization, and, therefore, the indirect benefit of the individual. 

Auditors should remember that individuals who commit organizational fraud may be motivated differently than those who directly benefit from fraud.  In the case of organizational fraud, the individual may benefit through bonuses, raises, promotions, or job retention.  A more subtle motivation relates to increased self-esteem, co-worker/supervisor praise or envy, a feeling of power, or control over the organization or parts of it as well as staff

[Go Top]

Auditor Responsibilities

AuditorAuditors who perform independent audits and attestation engagements of DoD organizations, programs, activities, and functions are required by DoD Instruction (DoDI) 7600.02, “Audit Policies,” to comply with the GAGAS issued by the Comptroller General of the United States. The GAGAS require auditors when performing financial and performance audits and examination-level attestation engagements (work that requires a positive assurance) to:

  • identify risk factors (indicators),
  • assess the risk associated with those factors (indicators),
  • design and perform appropriate steps and procedures to address the risk areas,
  • document the process, and
  • include information on any potential fraud that might have a material impact on the audited subject matter in the report.

The auditor should design procedures to obtain reasonable assurance of detecting fraud, noncompliance with provisions of laws, regulations, contracts, or grant agreements, and abuse that could materially affect the audit or examination. For review-level (work that provides negative assurance) and agreed-upon procedures-level (provides no opinion or assurance) attestation engagements, the auditor is not required to assess fraud risk factors or design steps to address those risks.

The auditor must perform procedures when they find information or indicators that fraud may have occurred that could materially impact the subject matter under review.  In those cases, the auditor should determine whether the fraud was likely to have occurred and, if so, determine the effect on the results of the engagement. GAGAS requires auditors to comply with any legal requirements to report known or likely fraud, noncompliance with provisions of laws, regulations, contracts, or grant agreements, or abuse directly to parties outside the audited entity.

DoDI 7600.02, paragraph 6.3, establishes the requirement that auditors shall refer to the appropriate investigative organization any indications of potential fraud or other criminal acts discovered while performing audit work.

[Go Top]

DoD Expectations

AuditorsDoD expects its auditors to follow the Comptroller General philosophy that GAGAS represents only minimum requirements and audit organizations should strive to exceed them.  DoD auditors should implement the standards relating to assessing the risk of fraud, designing and performing appropriate steps or procedures to disclose fraud indicators, identification of fraud indicators, and referring potential fraud by considering the significance of individual risks or fraud indicators identified as well as the combined total of the risk factors or fraud indicators. 

The auditor should not simply use monetary impact, significance, or value when determining risk or evaluating findings.   In some situations, the auditor may be unable to determine the materiality or dollar impact of the identified risks or fraud indicators.  When the risk factors or fraud indicators relate to the safety, morale, or welfare of service members or civilians, the auditor should use a substantially lower threshold for considering an area high risk.  DoD expects its auditors to live up to their fiduciary responsibilities to DoD, the Federal government, and the Public. 

Fraud, noncompliance with provisions of laws, regulations, contracts, or grant agreements, and abuse can occur anywhere, anytime, and in any activity.  Auditors should maintain their professional skepticism and mindset that potential fraud could be present regardless of any past experience with the entity or any belief about management’s honesty or integrity.  However, auditors must not automatically conclude that every entity commits fraudulent acts or that every fraud indicator denotes that fraud has occurred.  The auditor must maintain an attitude that includes a questioning mind and critical assessment of audit evidence.

When an auditor identifies indications of potential fraud, the auditor should discuss the indicators and possibilities of the occurrence of fraud with their supervisor and, when warranted, follow their organization’s procedures for reporting the potential fraud indicator(s) to the appropriate investigative organization.  Additionally, prior to notifying a DoD or other Federal government organization’s management of a potential fraud, the auditor should confirm with the appropriate investigative organization that doing so will not compromise an investigation.  The auditor should also never include information in their report relating to potential fraud without consulting with the appropriate criminal investigative agency official.  Auditors are not responsible for proving fraud, just for reporting indicators of possible fraud; it is the investigator’s job to prove whether fraud occurred.  For additional guidance on this topic, please see “Fraud Referrals.”

[Go Top]

Best Practices

Photo of Agents Best practices for DoD audit organizations include identifying and assessing potential fraud risks factors during the planning phase for review-level and agreed-upon procedures attestation engagements similar to what the auditor does for other audit services or work.  When risk factors are identified during the planning phase, the auditor should discuss with their supervisor or higher-level management whether the requested or planned review-level or agreed-upon-procedures-level engagement is appropriate. 

With audit management approval, the auditor should discuss with the requestor the fraud risk factors and whether an alternative type of audit or attestation engagement would be more appropriate.  When the auditor identifies fraud indicators or other information that strongly points to a high probability of fraud during the planning phase, the auditor, after consulting with their management, should raise their concerns to the appropriate oversight or investigative organization. 

Best practices also include designing some steps or procedures to address identified risk factors for a review-level attestation engagement.  While DoD auditors are required to comply with GAGAS, other auditing standards may provide insight into best practices or other approaches to assessing fraud risks or identifying fraud indicators.  The GAGAS incorporates the American Institute of Certified Public Accountants (AICPA) standards for fieldwork and reporting for financial audits and attestation engagements. 

The AICPA auditing standards for financial audits and the GAGAS for financial and performance audits provide specific steps that are not included in the AICPA or the GAGAS for attestation engagements such as inquiring of management about potential fraud.  Auditors may find these specific steps useful when considering how to best implement GAGAS for attestation engagements.  Similarly, audit organizations may learn about other audit organizations’ approaches and methods for assessing fraud risks and identifying and detecting fraud indicators and adapt best practices when feasible.

[Go Top]

Audit Planning and Execution

AuditorsInitial Planning Stage.  Early in the initial planning stages of the audit, the auditor should identify and assess any fraud risks factors that could be associated with the specific organization, its environment, its employees, and type of audit.  Auditors should also become familiar with and assess the fraud risk factors generally applicable to all audits and upper management.  Next, the auditor designs an audit program that reflects the risk assessment by developing steps to address any risk factors identified as being material or significant to the audit scope, subject matter, or objectives.  The team should discuss among themselves and with the supervisor how and where the audited organization might be susceptible to fraud.  

Additional Planning Steps.  Prior to beginning the field work phase, either at the entrance conference or another time, the auditor should identify the appropriate management officials and ask them what fraud or other criminal activity they are aware of within their organization.  The auditor could also inquire as to what fraud risks the organization’s management has identified and what actions they have taken.  Instead of discussing the fraud risks for each audit separately, the auditor could choose to discuss these issues with the organization’s management during the audit organization’s annual planning process. 

Execution Phase.  The fraud risk assessment process does not end with the development of the audit program.  During the execution phase, the auditor should remain alert to potential fraud indicators.  Auditors may also decide that, depending on the audit scope, they should make inquiries of other personnel at the audited organization.  These inquiries could include what fraud risks could exist and whether the employee has any knowledge or suspicions of fraud.  An auditor should not ask every employee or manager these questions; however, based on information or a response to another question from an employee or manager, the auditor could decide that such follow-up questions are appropriate.  When an auditor finds fraud indicators during the audit, they should address the indicators by performing additional audit steps or expanding transaction testing.  The auditor should revise the audit program accordingly, document the fraud indicators found, and the additional work performed to address them.

Discussions on Potential Fraud.  When an auditor identifies indications of potential fraud, the auditor should discuss the indicators and possibilities of the occurrence of fraud with their supervisor.  Auditors may also consult with other auditors, supervisors, or managers who have more experience or knowledge relating to the identified potential fraud scheme or indicators.  Additionally, auditors may discuss their concerns and findings with investigators, agency counsel, and other agency staff responsible for fraud prevention or detection programs or activities.  Any advice received should be documented in the audit project documentation.  Prior to discussing with or notifying a DoD or other Federal government official, except for those mentioned above, of a potential fraud, the auditor should confirm with the appropriate investigative organization that doing so will not compromise an investigation.  An auditor should never discuss potential fraud related to a contractor’s activities with contractor personnel unless they have obtained approval to do so from the lead criminal investigative organization.  A best practice would be to obtain written approval from a manager within the lead criminal investigative organization versus verbally from the investigator. 

Documentation.  Auditors should document the entire process in the audit project documentation files, to include:

  • the fraud risk assessment process,
  • any fraud risks factors originally identified,
  • how the fraud risk factors were reflected in the audit program,
  • any fraud risk factors or potential indicators identified during the audit,
  • how the audit program was expanded to address the risk factors,
  • any discussions with other parties on whether to make a referral, and
  • any fraud referral steps considered or taken.

Auditors should continuously maintain a high level of fraud awareness and appropriately assess fraud risk during the planning and execution of the audit in order to uncover potential fraudulent acts and protect the Government's interests.

[Go Top]

Reporting Audit Results

Photo of hands exchanging cardsDoD auditors should coordinate with the lead criminal investigative organization or other appropriate legal authority and obtain their agreement with any disclosure or discussion of potential fraud in their report.  This coordination is necessary to avoid any compromise of an ongoing criminal investigation or other legal proceeding and is especially important for publicly available reports. 

In certain situations, auditors may have to suspend work or reporting on a particular finding to avoid interfering with a criminal investigation or other legal proceeding.  The auditor may incorporate information that is already publicly available.  This requirement may supersede GAGAS reporting standards that generally require the auditor to include in their report all instances of fraud and noncompliance unless inconsequential and material violations of contract or grant agreement provisions and abuse. 

Auditors should also coordinate with the lead criminal investigative organization and/or appropriate agency attorney or fraud counsel prior to complying with GAGAS external reporting requirements.  The GAGAS reporting standards also include requiring auditors to report known or likely fraud, noncompliance with provisions of laws, regulations, contracts, or grant agreements, or abuse directly to parties outside the audited entity when the organization’s management does not report such information to external parties as specified in law or regulation.  The auditor must first report management’s failure to do so to its governance body.  When its governance body also fails to take action, the auditor should report the information directly to the appropriate external parties and/or the funding agency. 

The auditor’s primary objective should be to not compromise any investigation or legal proceeding while still accurately reporting their findings.  When an auditor is unable to do so, they should defer issuing the report until it will not impede the investigation or legal proceeding.

[Go Top]

Fraud Referrals

Photo of calculatorRequirements to Refer Fraudulent Activities.  Executive Order 12731, “Code of Ethics – Principles for Ethical Conduct for Government Officers and Employees,” requires all Executive Branch employees to report fraud, waste, abuse, and corruption to appropriate authorities.  DoD audit organizations and their auditors have additional requirements.  For all audit work, GAGAS requires auditors to comply with any legal requirements to report known or likely fraud, noncompliance with provisions of laws, regulations, contracts, or grant agreements, or abuse directly to parties outside the audited entity.  DoD Instruction 5505.2, “Criminal Investigations of Fraud Offenses,” requires the Secretaries of the Military Departments, Heads of DoD Components, the Directors of Defense Agencies, and Commanders of the Combatant Commands to ensure the prompt referral of all allegations of fraud involving DoD personnel or persons affiliated with DoD and any property or programs under their control or authority to the appropriate DoD Criminal Investigative Organizations.  DoD Instruction 5505.2 also requires the Director of the Defense Contract Audit Agency (DCAA) to establish procedures to ensure the prompt referral to the appropriate Defense Criminal Investigative Organization (DCIO) of suspicions of irregularity or referrals of suspected fraud arising from DCAA audit activities.  The DoD Instruction 7600.02, paragraph 6.3, establishes the requirement that auditors shall refer to the appropriate investigative organization any indications of potential fraud or other criminal acts discovered while performing audit work. 

Process for Making Referrals.  All DoD audit organizations should have a process or procedures for referring indications of potential fraud for investigation.  Auditors should make fraud referrals in accordance with their organizations’ guidance.  Auditors should discuss the irregularities or potential fraud indicators with their supervisor and management prior to making a referral.  In general, the Military Department auditors should refer potential fraud to their respective military criminal investigative organizations (MCIOs).  Defense agency auditors and non-Federal government auditors performing audit services for DoD should refer potential fraud to the Defense Criminal Investigative Service (DCIS).  Finally, an auditor always has the option of contacting the Defense Hotline with information directly, including those situations when a supervisor or higher-level manager declines to issue a fraud referral. 

Written Fraud Referrals.  Fraud referrals should be in writing and marked as “For Official Use Only” or with another appropriate warning.  Written referrals can enhance discussions between auditors and investigators by:

  • eliminating potential miscommunications;
  • formalizing the auditor’s concerns and findings on potential fraud;
  • documenting the auditor’s compliance with reporting requirements;
  • allowing the audit organization and other interested parties to more easily track the status and outcome of the referral; and,
  • when appropriate, ensuring that the auditor can share the same information with other interested parties such as the component fraud counsel. 

Content of a Fraud Referral.  Auditors, their supervisors, and managers should remember that they should make a referral even when they do not have all the information.  The minimum information needed for a referral will vary depending on the situation.  However, a basic description of the suspicious activity and why the auditor believes the activity is suspicious is generally the minimum for a referral.  Fraud referrals could include the following information. 

  • A concise description of the suspicious activity to include who, what, where, when, how, and how much. 
  • Identifying information for the organization, component, office, company, or individual(s) involved.
  • Government entities affected by the suspected fraud.  Also, specifics such as the title of the program or program office; the contract number, the grant agreement and amount, the cooperative agreement, request for proposal or bid and descriptive information such as type or amounts; and physical location(s) involved should be identified.
  • The regulations, laws, or contract provisions that were involved or violated, i.e. why the auditor believes that a potential fraud may have occurred or will occur.
  • Estimated loss or impact to the Federal government with an explanation of how it was calculated or why it was not possible to calculate impact.
  • Potential non-monetary impact with an explanation of what information would be needed to calculate a monetary impact or the importance of the non-monetary impact to the Federal government.

The auditor should make a referral even if they do not have all the information listed above.  The referral may complement an ongoing case or the investigator may be able to obtain the information through other means. 

Standard Fraud Referral Form.  An audit organization may find it helpful or a best practice to have a standard form for its auditors to use when drafting a fraud referral.  A standard form should prompt the auditor to include relevant information that an investigator would find useful when opening an investigation.  Generally, a referral should include a point of contact and their contact information so that the investigator can discuss the referral with the auditor or other audit organization representative.  Depending on the audit organization, this may not be the original auditor who identified the fraud indicators.  An audit organization will also find it helpful to assign a case number or some other unique reference to each referral that is made to an investigative organization.  A DCAA Form 2000, “Suspected Irregularity Referral Form,” and Defense Contract Management Agency fraud referral form are provided as examples. 

General Considerations When Deciding Whether to Make a Referral.  A referral only highlights or documents a set of facts or information that may indicate the existence of fraud or other criminal activity.  No standard checklist or criteria exists for when an auditor should make a fraud referral.  In deciding whether to make a referral, an auditor must use sound professional judgment based on past experience and knowledge.  Auditors do not need proof that a fraud or other crime occurred prior to making a referral.  Additionally, an auditor should remember that when they make a referral, they are not accusing anyone of committing fraud.  The auditor should err on the side of caution and, when in doubt, make a referral.  Auditors should remember certain key points when deciding whether they have sufficient information or indicators to make a referral.  Most importantly, auditors do not need to determine that criminal intent existed.  The auditor’s decision to make a referral should not be influenced by comments made as to whether an investigation will be opened or actively conducted or a prosecutor will accept a case.  The auditor may consider input received from an investigator, agency general counsel, or other agency staff responsible for fraud prevention or detection programs regarding what information would strengthen a referral.  However, the auditor is ultimately responsible for complying with Executive Order 12731 and DoD Instruction 5505.2.    

Relationship of Fraud Indicators to a Referral.  While GAGAS discusses potential fraud in terms of significance or materiality, a fraud indicator when initially identified by the auditor does not have to have a material or significant impact on an audit objective, account, system, program, etc. to warrant a referral.  Auditors should remember that fraud indicators may be symptoms or characteristics of possible fraud, the result of a fraudulent act, or an attempt to hide a fraudulent scheme.  Conversely, an indicator may have nothing to do with a fraudulent scheme and may simply be an internal control weakness that does not rise by itself to a level that should prompt a referral.  Auditors may have legitimate differences of opinion as to whether they should make a referral.  An auditor should consider the entire picture and use their best judgment.  Some indicators, such as falsified or phony documents, may in and of themselves be enough to trigger a referral.  In other cases, the auditor may need to recognize the interrelationship of several seemingly unrelated deficiencies or indicators that when combined warrant a referral.  When a Government official or agency appears to have approved a suspected irregularity or illegal act, the auditor should make a referral.  

Additionally, the auditor will need to decide what, if any, additional work is required to determine whether a referral is appropriate.  Auditors may consult with other auditors, supervisors, or managers who have more experience or knowledge relating to the identified potential fraud scheme or indicators.  Additionally, auditors may discuss their concerns and findings with investigators, agency counsel, and other agency staff responsible for fraud prevention or detection programs or activities.  Any advice received should be documented in the project documentation. 

Obstruction of an Audit or Access to Records Issues.  Denials of audit access to DoD programs and operations or a pattern of untimely responses to audit requests may be a fraud indicator when the auditor has reason to believe that such actions are an attempt to prevent them from discovering or reporting a potential fraud which the auditor identified.  In these cases, the auditor should report the denial as a fraud indicator in conjunction with the other identified fraud indicators related to the associated potential fraud.  Some issues that the auditor may consider when determining whether to make a referral based on obstruction of an audit include the following. 

  • The auditor or audit organization has made reasonable attempts to explain why the item is required and it is clear from the refusal that the employee or organization properly understands the basis for the request.
  • Higher level officials for both the audit organization and the organization from which the item has been requested have discussed the issue in accordance with the audit organization’s procedures and the parties have not resolved the access issue.

Making Non-DoD Fraud Referrals.  When a DoD auditor identifies potential fraud relating to a non-DoD organization, program, activity, or function, they should consider referring it to the other agency’s Office of the Inspector General or similar investigative component with a copy to the Defense Criminal Investigative Organization (DCIO) they normally deal with.  When the auditor is unsure which investigative organization to send the referral to, the auditor can forward the referral to the DCIO they normally deal with and request them to forward it to the appropriate investigative agency.  The DCIOs will know which investigative organization the referral should be sent to and may already have a solid working relationship with its investigators.  Including the DCIO in the process will help ensure that the other investigative organization gives the referral the appropriate attention and can aid the auditor in determining the status of the referral.  

[Go Top]

Other Options

Hotline PosterAnyone, whether military or civilian, should report potential fraudulent activity through the chain of command or either directly to his or her respective Inspector General or to the Defense Hotline.  Therefore, an auditor may contact the Defense Hotline or another DoD component hotline with information relating to potential fraud, waste, or abuse. 

An auditor may also receive information from an organization’s personnel or others regarding potential fraudulent activity, waste, or abuse.  In these situations, the auditor should forward the information provided to the Defense Hotline or the appropriate component hotline and encourage the individual who has the information to directly contact the Defense Hotline or the appropriate component hotline and provide the information they have.    

The information needed to report allegations to the Defense Hotline is provided on the Defense Hotline website (www.dodig.mil/hotline).  The individual can ask to remain anonymous and can use the convenient complaint form on the website link.  The individual may use the Defense Hotline guidance on useful information for a hotline complaint or use the Defense Hotline complaint form itself as a guide when forwarding a complaint to other component hotlines. 

The Defense Hotline can be contacted through the following means:

Complaint Form: Click here
Toll free number : 1-800-424-9098 [from 7:00 AM to 5:00 PM (EST)]
Fax : 1-703-604-8567/ Fax DSN : 1-703-664-8567
Mailing address : Defense Hotline, The Pentagon, Washington, D.C. 20301-1900

A special toll free hotline number has been established for reporting fraud, waste, and abuse relating to DoD activities in the Southwest Asia region. 

Southwest Asia hotline toll free number:  1-877-363-3348

[Go Top]

General Fraud Indicators

Photo of ship on fireThe scenarios presented in this guidance are organized by types of audits, however, many of the fraud indicators are applicable to other audits as well.  The intent of the scenarios is to build on the auditor’s knowledge and invoke a sufficient level of awareness for auditors to identify fraud indicators and make referrals when appropriate.  Many potential fraud indicators are general in nature or are associated with the structure or operations of upper management.

General Fraud Indicators

General fraud indicators are, as the name implies, applicable to any audit area.  During the audit, auditors should always consider the general fraud indicators in addition to indicators specifically related to the audit area under review.  The list of general fraud indicators presented below is not meant to be all-inclusive and should not preclude auditors from identifying and considering other indicators.

  • Management override of key controls.
  • Inadequate or weak internal controls.
  • No written policies and procedures.
  • Overly complex organizational structure.
  • Key employee never taking leave or vacation.
  • High turnover rate, reassignment, firing of key personnel.
  • Missing electronic or hard copy documents that materialize later in the review.
  • Lost or destroyed electronic or hard copy records.
  • Photocopied documents instead of originals.  Copies are poor quality or illegible.
  • “Unofficial” electronic files or records instead of “archived” or “official” files or records.
  • Revisions to electronic or hard copy documents with no explanation or support.
  • Use of means of alteration to data files.
  • Computer-generated dates for modifications to electronic files that do not fit the appropriate time line for when they were created.
  • Missing signatures of approval or discrepancies in signature/handwriting.
  • Computer report totals that are not supported by source documentation.
  • Lengthy unexplained delays in producing requested documentation.

Management Related Fraud Indicators

Management sets the tone of an organization through its control environment.  An organization’s control environment is the foundation of all other internal control components.  An organization’s control environment includes integrity and ethical values, management philosophy, organizational structure, and self-governance.  For a DoD contractor, active participation in a compliance program, integrity reporting, and the DoD Voluntary Disclosure Program are key parts of its control environment.  The control environment provides both discipline and structure to the organization; therefore, auditors must consider management characteristics and influence over the control environment not only as fraud risk factors but also as fraud indicators along with the general and audit specific fraud indicators.  Sometimes general and management fraud indicators are the same due to the control environment being an integral part of every review.  Possible management fraud indicators are listed below.  This list is not meant to be all-inclusive and should not preclude the auditor from considering other fraud indicators that they might identify. 

  • Failure to display and communicate an appropriate attitude regarding the importance of internal control, including a lack of internal control policies and procedures; ethics program; codes of conduct; self-governance activities; and oversight of significant controls
  • Displaying through words or actions that senior management is subject to less stringent rules, regulations, or internal controls than other employees
  • Significant portion of compensation being incentive-driven based on accomplishment of aggressive target goals linked to budgetary or program accomplishments or stock prices
  • High turnover of senior executives or managers
  • Hostile relationship between management and internal and/or external auditors.  This would include domineering behavior towards the auditor, failure to provide information, and limiting access to employees of the organization
  • Failure to establish procedures to ensure compliance with laws and regulations and prevention of illegal acts
  • Indications that key personnel are not competent in the performance of their assigned responsibilities
  • Adverse publicity concerning an organization’s activities or those of senior executives
  • Lack of, or failure to adhere to, policies and procedures requiring thorough background checks before hiring key management, accounting, or operating personnel
  • Inadequate resources to assist personnel in performing their duties, including personal computers, access to information, and temporary personnel
  • Failure to effectively follow-up on recommendations resulting from external reviews or questions about financial results
  • Nondisclosure to the appropriate Government officials of known noncompliances with laws, regulations, or significant contract or grant provisions
  • Directing subordinates to perform tasks that override management or internal controls
  • Undue interest or micromanagement of issues or projects that most knowledgeable individuals would identify with a substantially lower level manager
  • A manager that claims disinterest or having no knowledge about a sensitive or high profile issue in which you would expect management involvement
  • Constant over usage or inappropriate use of cautionary markings on management or organizational documents such as “Attorney Client Privilege/Attorney Work Product,” “For Official Use Only,” or other markings indicating an item is business sensitive or has a higher security classification than is appropriate.   

[Go Top]

 

 


1. The terms ‘audit’ or ‘auditing’ are used to generally refer to all types of work (evaluations or projects) that might be performed by an audit organization when complying with GAGAS.  In situations where GAGAS has different requirements for a specific type of project, the relevant terminology is used.