Understanding the 2024 Yellow Book Update

Mark your calendars; the long-awaited revisions to the 2018 Yellow Book will take effect December 15, 2025. The changes were released in early 2024, but soon they will be the standard that government auditing is held to. But what exactly is the Yellow Book, and what are these new changes?

The Yellow Book, also known as Generally Accepted Government Auditing Standards, is nicknamed for its bright and recognizable cover. It is maintained by the Government Accountability Office (GAO) and is the framework followed by federal government auditors at the GAO, auditors of entities receiving government awards, inspectors general, and federal, state, and local auditors. Shared standards ensure audits are objective and that engagements are completed with greater accountability and efficiency.

The 2024 revisions to the Yellow Book are extensive. From a change in approaches to quality, updated competence requirements, and more, here is a brief primer on the major updates.

A Change in Approach

The Yellow Book establishes quality requirements that focus on ensuring audit organizations comply with professional standards and legal requirements. One of the most important revisions taking effect is a change in approach from quality control to quality management. A quality management approach allows organizations of all sizes to identify and manage risks to quality; it is proactively managing engagement quality, rather than reacting as engagement risks arise.

An Emphasis on Ethics

Because the Yellow Book is written and maintained by the GAO, a nonpartisan agency responsible for providing objective auditing and investigative services to the United States Congress, ethical conduct has always been a standard. Coming revisions include updates clarifying the expectations regarding ethical behavior, and reinforcing the value of integrity, objectivity, and professional skepticism. This helps to ensure the conclusions and recommendations of auditors are reasonable and impartial.

Enhancing Technology’s Impact

Auditing guidelines will be expanded in order to clarify how technology may be appropriately and efficiently utilized. Auditors are encouraged to use data analytics tools, primarily to detect trends and discrepancies in data. Technology revisions also include cybersecurity guidance and controls in order to ensure safeguards are sufficient.

Updated Competence Requirements

As government engagements continue to become more complex, the Yellow Book is also updating competence requirements. Under the 2024 revisions, auditors are encouraged to complete more targeted CPE hours in specific areas, including cybersecurity, fraud detection, and data analytics. Certifications relevant to government audit assignments, such as the Certified Responsible Government Auditor (CRGA) or the Certified Internal Auditor (CIA) are not required, but the revisions do encourage them.

What’s Next?

These changes, and more, will begin taking effect as follows:

• Financial audits, attestation engagements, and financial statement reviews: on or after December 15, 2025
• Performance audits: on or after December 15, 2025
• A quality management system complying with new standards is required to be designed and installed by December 15, 2025
• Audit organizations must evaluate systems of quality management by December 15, 2026

For more information, reach out to Lumsden McCormick’s team of government-focused accountants.