Audit Considerations for Government Entities

Why government entity audits differ from commercial audits

The profit motive doesn’t exist. That single fact reshapes every risk assessment judgment you make.

A commercial entity’s management incentive structure revolves around revenue recognition, earnings targets, covenant compliance, and share price. A government entity’s management operates under a completely different pressure set: budget absorption, political commitments, programme delivery within legislative constraints, and re-election or reappointment cycles. The misstatement patterns follow those incentives. Where a commercial CFO might overstate revenue, a government finance director might misclassify expenditure between budget lines to avoid showing an overspend on a politically sensitive programme.

ISA 315.A45 requires you to understand the entity’s objectives and strategies as part of understanding the entity and its environment. For a commercial client, that means understanding the business model. For a government entity, it means understanding the political cycle, the budget approval process, the source-of-funding restrictions, and the legal framework that governs what money can be spent on. ISA 315.12 makes this understanding a required input to identifying risks of material misstatement.

The other difference that catches teams early: the users of the financial statements. ISA 200.A1 notes that the financial statements are prepared for intended users. In a government context, those users include the public, oversight bodies, the national audit office, elected representatives, funding agencies, and occasionally the European Commission (when EU funds are involved). Each group has different information needs.

ISA 260.16 requires you to identify those charged with governance, and in a government entity, that answer is rarely straightforward. Is it the executive board? The council? A supervisory committee? An external oversight body? Get this wrong and your communication of audit results goes to the wrong people. You won’t find this ambiguity at a standard commercial client.

How to identify the applicable financial reporting framework

Government entities frequently report under special purpose frameworks rather than IFRS. In the Netherlands, municipalities report under the Besluit Begroting en Verantwoording (BBV). In Germany, many entities still use Kameralistik (cash-based accounting) or have partially transitioned to Doppik (accrual-based). Belgian local governments report under BBC (Beleids- en Beheerscyclus). Each of these frameworks has specific recognition and measurement rules that differ from IFRS in material ways.

ISA 800.8 requires you to determine whether the financial reporting framework is acceptable. You don’t get to assume it is because the entity has been using it for decades. Document why the framework is acceptable for the entity’s circumstances, who the intended users are, and whether the framework is a general purpose or special purpose framework. ISA 800.A8 adds that the acceptability of a special purpose framework depends on whether it meets the information needs of the intended users. Skip this documentation and a reviewer will flag it immediately.

The practical implication is significant. If you’re auditing under BBV, your materiality calculation uses different benchmarks than an IFRS audit. Total expenditure or total revenue (rather than profit before tax) typically serves as the benchmark. ISA 320.A4 permits this, but you need to document why the chosen benchmark is appropriate for the entity and its users. A municipality with €80M in expenditure and a €200K surplus has a very different materiality profile depending on whether you benchmark against expenditure or surplus.

Budgetary accounting and earmarked funds

Budget compliance is often as important to stakeholders as the accuracy of the financial statements. In many jurisdictions, exceeding an approved budget line item without authorisation is a legal violation, not just a variance. This creates a category of risk that commercial audits don’t have: the risk that expenditure is correctly recorded in the financial statements but was not legally authorised. The concept has no real equivalent in the private sector, and it changes the way you design your substantive procedures.

ISA 250.14 requires you to obtain sufficient appropriate audit evidence regarding compliance with laws and regulations that have a direct effect on the determination of material amounts and disclosures. For a government entity, budget legislation almost always falls into this category. Your procedures should test whether spending stayed within approved limits, whether transfers between budget lines were authorised by the council (not just the executive board), and whether multi-year commitments were properly disclosed in the notes to the financial statements.

Earmarked funds add another layer.

A government entity might receive €5M from the EU for infrastructure development, €2M from the national government for education programmes, and €800K from a provincial subsidy for environmental projects. Each funding stream has specific conditions attached. ISA 250.A15 notes that non-compliance with laws and regulations may result in fines, litigation, or other consequences. For earmarked funds, the consequence is usually repayment. If conditions aren’t met, the entity must return the money. That creates a contingent liability under IAS 37.14 (or equivalent in the applicable framework) that you need to evaluate.

Your risk assessment under ISA 315 should identify each material earmarked funding stream and the conditions attached to it. Your analytical review procedures should compare actual expenditure against budgeted amounts by programme and by funding source, not just in aggregate.

Compliance obligations and ISA 250

The compliance dimension of a government audit goes beyond what ISA 250 requires for a commercial engagement. ISA 250.13 distinguishes between laws and regulations that directly affect the financial statements and those that don’t have a direct effect but where non-compliance may be material. For a government entity, the first category is large. Tax law, budget legislation, procurement directives, subsidy conditions, civil service pay regulations, and environmental obligations all fall into the “direct effect” category because non-compliance can trigger repayment obligations, fines, or reclassification of expenditure.

Procurement regulations are the most common compliance area that generates findings. EU public procurement directives (Directive 2014/24/EU for public contracts above threshold values) require competitive tendering for contracts above specified amounts. A municipality that awards a €300K IT contract without a tender process has both a compliance violation and a potential misstatement (if the contract price is materially above market value). You need to design procedures that test procurement compliance on a sample basis. This isn’t optional. ISA 250.14 applies directly.

The practical challenge is sample selection. A municipality with 8,000 purchase orders can’t have every order tested. Focus on contracts above the EU tender threshold (€215K for services in the 2024 to 2025 period) and on contracts that were awarded without competitive process. Your procurement sample should cover both high-value contracts and a random selection of contracts just below the threshold, because threshold-splitting (breaking a €250K contract into two €125K purchase orders to avoid the tender requirement) is one of the most common procurement irregularities in government audits.

Staff expenditure is the second area. Government entities frequently have civil service regulations that govern salary scales, overtime authorisation, benefit entitlements, and severance terms. Payments outside these scales are both irregular expenditure and potential misstatements. Your substantive testing of payroll should include verification that salary levels correspond to approved scales, that any deviations were properly authorised, and that severance payments comply with the applicable collective labour agreement. For Dutch municipalities, the CAO Gemeenten governs these terms.

The going concern question for government entities

ISA 570.10 requires you to evaluate whether a material uncertainty exists related to going concern. For most government entities, the answer seems obvious: a municipality doesn’t go bankrupt. But ISA 570 applies regardless of entity type, and the assessment is more subtle than it appears.

Government entities can face financial distress that, while not resulting in liquidation, results in loss of operational autonomy. In the Netherlands, a municipality under Article 12 supervision (Artikel 12-gemeente) loses budgetary independence and comes under provincial oversight. In Belgium, entities can be placed under financial guardianship. These situations don’t end the entity’s existence, but they fundamentally change the basis on which the financial statements are prepared. As of 2024, several Dutch municipalities had entered or were approaching Article 12 status due to structural deficits in the social domain (particularly Jeugdwet costs exceeding the Rijksbijdrage allocation).

ISA 570.A2 lists indicators of going concern doubt. For government entities, adapt these: persistent budget deficits over multiple years, inability to meet debt service obligations, dependence on emergency provincial or national funding, significant unfunded pension or environmental liabilities, and legislative changes that eliminate a major revenue source. Document your assessment explicitly, even when you conclude no material uncertainty exists. The AFM and other regulators flag files where the going concern assessment is missing entirely, even for entities where the conclusion is straightforward.

Your going concern assessment working paper for a government entity should address the entity’s ability to continue providing services at the current level, not just its ability to continue existing. A municipality that exists but has cut all non-statutory services to meet debt obligations presents a different picture to financial statement users than one operating normally. The distinction matters for disclosure under ISA 570.A3: users need to understand the financial position, not just whether the entity will survive in legal terms.

Fraud risk in a government context

ISA 240.25 requires you to presume a risk of fraud in revenue recognition. For a government entity, that presumption applies differently. Revenue for a municipality consists primarily of government grants, local tax assessments, user fees, and subsidies. The fraud risk isn’t inflated revenue to meet earnings targets. It’s misclassification: recording restricted-purpose revenue as general revenue to mask budget shortfalls, or recognising multi-year grants in a single period to cover a deficit.

Management override of controls is present in all entities (ISA 240.A1). In a government context, the most common override patterns look different from commercial entities. Procurement fraud (splitting contracts to stay below tender thresholds) is the highest-frequency pattern. Payroll fraud (ghost employees or unauthorised payments to individuals outside the civil service scales) is the second. Year-end reclassifications (moving expenditure between budget years to show compliance with approved budgets) round out the picture.

Document your fraud risk assessment with specific reference to these government-specific patterns. A generic fraud risk assessment that discusses revenue inflation and asset misappropriation without adapting to the government context fails the requirements of ISA 240.27, which requires the presumption to be rebutted or addressed with specific procedures.

Your journal entry testing under ISA 240.32 should focus on entries that move expenditure between periods, entries that reclassify expenditure between budget categories, and entries posted by individuals who don’t normally post journal entries. These are the high-risk patterns in government entity files.

Worked example: auditing a Dutch municipality

Client: Gemeente Westenbroek, a Dutch municipality with €95M in annual expenditure, 48,000 residents, and 420 FTEs. Reports under BBV. The municipality received €3.2M in Rijksbijdrage for the decentralisation of youth care services (Jeugdwet) and €1.8M from the EU Structural Fund for a regional employment programme. The prior year opinion was unqualified.

1. Determine the applicable framework and set materiality

The reporting framework is BBV, which is a special purpose framework. Document acceptability under ISA 800.8: BBV is prescribed by Dutch law for all municipalities, the intended users (provincial oversight, council members, residents) are identified, and the framework meets their information needs.

Set materiality using total expenditure as the benchmark. At €95M expenditure, apply 1% to arrive at overall materiality of €950K. Set performance materiality at 65% (€617K), reflecting moderate risk due to staff turnover in the finance team.

2. Map compliance obligations

Identify the material compliance areas: BBV reporting requirements, Jeugdwet funding conditions (youth care expenditure must be documented per client and per provider), EU Structural Fund conditions (expenditure must be incurred within the programme period and supported by time records for staff costs), and procurement regulations (EU tender threshold of €215K for services).

3. Assess earmarked fund risks

The Jeugdwet funding of €3.2M carries repayment risk if the municipality cannot demonstrate that expenditure was properly allocated to eligible services. Test a sample of youth care expenditure against provider contracts and client records. For the EU Structural Fund (€1.8M), verify that staff time records exist for personnel charged to the programme and that expenditure falls within the eligible period.

4. Perform fraud risk procedures specific to the government context

Rebutting the revenue recognition fraud presumption: Gemeente Westenbroek’s revenue is 92% government transfers and local taxes with limited management discretion over recognition timing. Document the rebuttal under ISA 240.47, noting that revenue is determined by external allocation formulas and tax assessments, not management estimates.

Focus instead on procurement fraud risk: test a sample of contracts above €100K for proper tender documentation. Test journal entries in the final month of the fiscal year that reclassify expenditure between budget categories.

5. Draft communications to those charged with governance

Identify the municipal council (gemeenteraad) as those charged with governance under ISA 260.11. The executive board (college van B&W) is management. This distinction matters because audit findings about management’s conduct must be communicated to the council, not to the executive board alone.

A reviewer examining this file sees a clear framework determination, a compliance register tied to specific funding streams with quantified repayment risk, a government-adapted fraud risk assessment with documented rebuttal, and communication directed to the correct governance body.

Practical checklist for government entity audits

1. Determine the applicable financial reporting framework and document its acceptability under ISA 800.8 before starting fieldwork. Record the intended users and whether the framework is general or special purpose.
2. Set materiality using an expenditure-based benchmark (ISA 320.A4), not profit before tax. Document the benchmark choice, the percentage applied, and any qualitative adjustments for entity-specific risks.
3. Build a compliance obligations register that lists every material law and regulation with a direct effect on the financial statements (ISA 250.14). For each obligation, quantify the financial exposure if non-compliance is identified.
4. Test earmarked fund conditions on a sample basis. For each material funding stream, verify that expenditure meets the conditions and that the entity has documentation to support continued recognition of the funding.
5. Adapt the fraud risk assessment to government-specific patterns: procurement splitting, year-end budget reclassifications, and misclassification of restricted revenue. Document the revenue recognition presumption rebuttal with reference to the revenue composition (ISA 240.47).
6. Confirm that those charged with governance are correctly identified (ISA 260.11) and that audit communications are directed to the oversight body, not just the executive board.

Common mistakes

• Filing the going concern assessment as “not applicable” because the entity is a government body. ISA 570.10 applies to all entities. The AFM flags files where this assessment is missing, even for municipalities. Document the assessment, even when the conclusion is that no material uncertainty exists.
• Using a commercial materiality benchmark (profit before tax) for an entity that reports under a budgetary framework. ISA 320.A4 permits expenditure or revenue as benchmarks. A municipality with a €200K surplus and €80M in expenditure produces absurd materiality figures if you benchmark against the surplus.
• Sending the management letter to the executive board only, without communicating to the council. ISA 260.16 requires communication with those charged with governance. In most municipalities, that’s the council, not the board.

Related content

Frequently asked questions

Further reading and source references

• ISA 800, Special Considerations — Audits of Financial Statements Prepared in Accordance with Special Purpose Frameworks: paragraph 8 on framework acceptability.
• ISA 250, Consideration of Laws and Regulations in an Audit of Financial Statements: paragraphs 13–14 on compliance obligations with direct financial statement effect.
• ISA 260, Communication with Those Charged with Governance: paragraph 16 on identifying the governance body.
• ISA 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements: paragraphs 25–27 on fraud risk presumptions.
• ISA 570, Going Concern: paragraph 10 on the going concern evaluation requirement for all entities.
• ISA 315 (Revised 2019), Identifying and Assessing the Risks of Material Misstatement: paragraph 12 on understanding the entity and its environment.
• ISA 320, Materiality in Planning and Performing an Audit: paragraph A4 on benchmark selection for non-profit entities.