Community Action Program Legal Services Inc

1
Community Action Program Legal Services Inc

• John Fisher
• U.S. Department of Health Human Services

2
Current Environment

• The quality of audits performed by CPA firms has
  come under intense scrutiny in recent years
• The heightened sense of awareness surrounding
  audit quality has increased the pressure on the
  AICPA and individual auditors to improve Single
  Audit quality

3
National Single Audit Sampling Project

• Reviews have been completed
• Auditors have responded to deficiencies
• Draft report was issued May 25, 2007
• Final report due out by end of June 2007

4
Sample Design

• 208 single audits from universe of 38,523 audits
  successfully submitted to clearinghouse April 1,
  2003 to March 31, 2004
• 96 of 208 were from 852 audits of entities that
  expended Federal Awards of 50 million or more
  (Stratum I)
• 112 of 208 were from 37,671 entities that
  expended less than 50 million in Federal Awards
  (Stratum II)

5
Classification of Audits

• Acceptable
• Limited reliability because of significant
  deficiencies
• Unacceptable

6
Acceptable

• Audits were deemed acceptable if there were no
  deficiencies, insignificant deficiencies, or
  deficiencies that do not require corrective
  action for the engagement

7
Acceptable Category

• Acceptable (AC)
• Acceptable with deficiencies (AD)

8
Examples of AC Deficiencies

• Immaterial errors in the SEFA, which is the
  auditees, not auditors, responsibility)
• Not documenting consideration of materiality at
  the major program level

9
Acceptable With Deficiencies

• AD classifications were made when collectively,
  the deficiencies were deemed to have limited
  effect on the reported results in that they did
  not call into question the correctness of
  auditors opinions or reports

10
AD Deficiencies include

• Not including all required information in audit
  findings
• Not documenting auditor understanding of the 5
  components of internal controls, however, testing
  of internal controls was documented for most
  applicable compliance requirements
• Not documenting performance of internal control
  testing or compliance testing for a few
  applicable compliance requirements
• Risk assessments of programs not documented

11
Significant Deficiencies (SD)/ Limited Reliability

• Audits were deemed to be of limited reliability
  if significant deficiencies were noted that would
  require corrective action to afford unquestioned
  reliance upon the entire audit
• Multiple deficiencies were noted that
  collectively, were deemed to have substantial
  effect on some of the reported results, and if
  unresolved, raise questions about the correctness
  of part of auditors opinions or reports and
  require corrective action to afford unquestioned
  reliance upon the entire audit

12
Examples of SD Deficiencies

• Audit Documentation did not evidence auditors
  understanding of the 5 elements of internal
  control and testing of internal controls for many
  or all applicable compliance requirements,
  however documentation did evidence that most
  required compliance testing was performed
• Audit documentation did not evidence internal
  control testing and/or compliance testing for
  more than a few compliance requirements, or did
  not explain why they were not applicable for the
  auditee
• Audit documentation did not evidence that audit
  work relating to SEFA was adequately performed.
  Documentation did not evidence that audit
  programs were used for auditing internal
  controls, compliance and/or the SEFA

13
Unacceptable

• Unacceptable audits are audits for which the
  opinion on compliance for at least one major
  program cannot be relied upon, unless additional
  work is performed and/or the report is revised
• Some of the unacceptable audits in Stratum I
  involved material reporting errors that, if had
  they not occurred, would not have resulted in
  those audits being considered unacceptable
• The remaining audits deemed unacceptable were
  substandard, involving serious audit quality
  deficiencies

14
Unacceptable Category

• Material Reporting Error (MRE)
• Unacceptable (SU)

15
Material Reporting Error (MRE)

• Reporting errors that, if had they not occurred,
  would not have resulted in those audits being
  considered unacceptable

16
MRE Deficiencies Include

• At least one major program was incorrectly
  identified as a major program in the Summary of
  Auditors Results Section of the Schedule of
  Findings and Questioned Costs
• The required opinion on the Schedule of
  Expenditures of Federal Awards was omitted

17
Substandard Audits (SU)

• Audits categorized as substandard were those
  found with deficiencies so serious that the
  auditors opinion on at least one major program
  cannot be relied upon

18
Examples of SU Deficiencies

• Audit documentation did not evidence internal
  control testing and compliance testing for
  compliance requirements for one or more major
  programs
• Unreported audit findings
• At least one major program incorrectly identified
  as a major program in the Summary of Auditors
  Results Section of the Schedule of Findings and
  Questioned Costs (plus other significant
  technical deficiencies)

19
Errors by Classification

• 115 audits were acceptable (48.6)
• 30 had significant deficiencies (16)
• 63 were unacceptable (35.5)

20
Overall

• Equal-Weighted
  Distribution of Dollars of Federal
  Awards Reported
• Acceptable 48.6 92.9
• Limited Reliability 16.0 2.3
• Unacceptable 35.5 4.8

21
Stratum I Large

• Equal-Weighted
  Distribution of Dollars of Federal
  Awards Reported
• Acceptable 63.5 93.2
• Limited Reliability 12.5 2.2
• Unacceptable 24.0 4.6

22
Stratum II Smaller

• Equal-Weighted
  Distribution of Dollars of Federal
  Awards Reported
• Acceptable 48.2 56.3
• Limited Reliability 16.1 9.6
• Unacceptable 35.7 34.1

23
Schedule of Federal Awards

• Incorrect amounts
• Incomplete (loan programs)
• Unclear

24
SEFA Incomplete

• Subgrant award numbers not included
• Name of pass-through grantor omitted
• Federal grantor/subdivision name missing
• Multiple lines for one CFDA and total for CFDA
  missing
• Notes to SEFA missing
• Incorrect CFDA

25
New Definitions for Internal Control Problems

• Application to Single Audits

26
SAS No. 112

• Defines terms significant deficiencies and
  material weaknesses
• Provides guidance on evaluating the severity of
  control deficiencies

27
Significant Deficiency

• A control deficiency, or a combination of control
  deficienciessuch that there is more than a
  remote likelihood that a misstatement of the
  entitys financial statements that is more than
  inconsequential will not be prevented or
  detected.

28
Single Audit Significant Deficiency

• A significant deficiency is a control deficiency,
  or combination of control deficiencies, that
  adversely affects the entitys ability to
  administer a federal program such that there is
  more than a remote likelihood that noncompliance
  with a type of compliance requirement of a
  federal program that is more than inconsequential
  will not be prevented or detected by the entitys
  internal control.

29
Yellow Book

• All significant deficiencies and material
  weaknesses to be included in Yellow Book report
• Control deficiencies that are not significant
  deficiencies would go in management letter unless
  clearly inconsequential

30
Single Audit Material Weakness

• A material weakness is a significant deficiency,
  or combination of significant deficiencies, that
  results in more than a remote likelihood that
  material noncompliance with a type of compliance
  requirement of a federal program will not be
  prevented or detected by the entitys internal
  control.

31
Single Audit Control Deficiency

• A control deficiency in an entitys internal
  control over compliance exists when the design or
  operation of a control does not allow management
  or employees, in the normal course of performing
  their assigned functions, to prevent or detect
  noncompliance with a type of compliance
  requirement of a federal program on a timely
  basis.
• Control deficiency may involve one or more of the
  five interrelated components of internal control.

32
Application to Single Audits

• Current Status

33
Effective Date

• For audits of periods ending on or after December
  15, 2006

34
Common Head Start Problems

• Lack of effective board oversight
• Separation of duties
• Enrollment
• Lack of documentation of eligibility
• Lack of documentation of enrollment
• Matching
• Pay

35
Questions?

• National External Audit Review Center
  Department of Health and Human Services
  800-732-0679