OMB Circular A-133 Rules To The Game - PowerPoint PPT Presentation

About This Presentation
Title:

OMB Circular A-133 Rules To The Game

Description:

Title: Office of Management and Budget A-133 Circular on The Single Audit Subject: General Grants Management Author: Merril Oliver Last modified by – PowerPoint PPT presentation

Number of Views:150
Avg rating:3.0/5.0
Slides: 146
Provided by: Merril52
Category:

less

Transcript and Presenter's Notes

Title: OMB Circular A-133 Rules To The Game


1
  • OMB Circular A-133Rules To The Game
  • Audits of States, Local Governments
  • and UniversitiesPresented by Alicia Foster,
    Graylin Smith and Donna Dancy for Governors
    Grants Office

Governors Grants Office
2
Presenters
  • Alicia Foster, Audit Director
  • Abrams, Foster, Noles Williams, PA
  • 410-433-6830
  • Graylin Smith, Managing Partner
  • SB Company
  • 410-584-1401

3
Presenters
  • Donna Dancy
  • Director, Internal Audit Services
  • Maryland Department of the Environment
  • 410-537-3429

4
Presentation Objectives
  • Recap OMB A-133 Circular Overview - Donna Dancy
  • Clarify why we care about OMB A-133 compliance
    Donna Dancy
  • Define key terms and roles responsibilities
    Donna Dancy

5
Presentation Objectives
  • Explain internal controls reviewed during the
  • A-133 audit and the internal control
    questionnaire - Graylin Smith
  • Purpose, Process, Outcomes An Auditors
    Prospective - Alicia Foster

6
LETS RECAP
7
Recap A-133 Overview
  • Single Audit Act was enacted in 1984
  • Annual audit required for Non-Federal Entities
    that receive Federal funds
  • Shows the whole picture

8
Recap A-133 Overview
  • Single Audit is two-fold - Financial and
    Compliance
  • Uses a risk-based audit approach
  • Cost effective way to obtain audits
  • because one audit is conducted instead
  • of multiple audits of individual programs

9
Recap A-133 Overview
  • OMB Circular A-133 was issued in 1990
  • Extended Single Audit process to universities and
    non-profits
  • Set standards for consistency and uniformity for
    audits. Provided specific policy, procedures and
    criteria

10
Federal Circulars
Grantee Type Administrative Requirements Cost Principles Audit Requirements
State Local Governments A-102 A-87 A-133
Educational Institutions A-110 A-21 A-133
Non-Profit Organizations A-110 A-122 A-133
11
Where to Find the Rules
  • OMB Circular A-133 - http//www.whitehouse.gov/omb
    /circulars/
  • a133/a133.html
  • Single Audit Act - http//thomas.loc.gov/cgi-bin/q
    uery/ z?c104S.1579.ENR
  • CFR - http//gpoaccess.gov/cfr/index.html

12
A-133 COMPLIANCEWHYDO WE CARE?
13
A-133 Compliance WHY . . . Do We Care?
  • Findings are reported to Federal government and
    become public
  • record, distributed to all Federal
  • Agencies through a clearing house.
  • Federal and Non-Federal sponsors look at
  • A-133 as a report card of how we spend their
    money.

14
A-133 Compliance WHY . . . Do We Care?
  • It strengthens the relationship of trust
  • that exists between the sponsor and recipient
  • It suggests a presence of the stewardship
    necessary to properly safeguard the Federal
    Governments investment in programs

15
A-133 Compliance WHY . . . Do We Care?
  • Negative publicity, may cause harm
  • to reputation and prestige
  • May cost millions in payback
  • Loss of Federal expanded authorities, additional
    oversight burden

16
What Does Compliance Mean?
  • Effective management of public funds to maximize
    outcomes
  • The avoidance of fraud, mismanagement, and poor
    management of Federal funds
  • Adherence to laws, rules and regulations
  • Check and balances - internal controls
  • Stewardship of Federal funds

17
Compliance Pitfalls
  • Delinquent financial reporting
  • Inaccurate effort reporting/improper allocation
    of staff time
  • Inadequate subrecepient monitoring
  • Misuse of funds
  • Unallowable costs
  • Misallocation of costs
  • Excessive cost transfers

18
Why We Have Problems With Compliance
  • Lack of understanding by staff of
  • roles and responsibilities
  • Inadequate resources
  • Incomplete, outdated or nonexistent
  • policies and procedures
  • Inadequate staff training and education

19
Why We Have Problems With Compliance
  • Inadequate systems
  • Lack of documentation and audit
  • trail to support claimed expenses
  • Perception that internal control systems are not
    necessary

20
Compliance - Back to the Basics
  • Do the right thingfrom the start!!!
  • Keep policies current with Federal
  • requirements
  • Perform risk assessments and implement
  • adequate internal controls

21
Compliance - Back to the Basics
  • Develop a continuing training program
  • Monitor first, audit second
  • COMMUNICATE, COMMUNICATE, COMMUNICATE!!!
  • with employees and Federal
    agency.
  • DOCUMENT, DOCUMENT, DOCUMENT!!!
  • Always remember, if you didnt write it down, it
    didnt happen.

22
KEY DEFINITIONS
23
Terms You Should Know
  • Assistance
  • Procurement
  • Award
  • Sub-Award
  • Grant
  • Cooperative Agreement
  • Contract
  • Pass-Through Entity
  • Recipient
  • Sub-recipient
  • Vendor
  • Direct Costs
  • Indirect Costs
  • Internal Control

24
Assistance vs. Procurement
  • Financial Assistance Provides support or
    stimulation to accomplish a public purpose.
    Award can be a grant or cooperative agreement.
  • Procurement Purchase of goods and services to
    accomplish a government purpose services can
    include research. Award is a contract.

25
Definition of Award
  • Financial assistance that provides support to
    accomplish a public purpose.
  • Includes grants and other agreements
  • in the form of money or property in
  • lieu of money by the Federal
  • Government

26
Awards Do Not Include
  • Technical assistance
  • Loans, loan guarantees, interest subsidies,
    insurance
  • Direct payments of any kind to individuals
  • Contracts, which are required to be entered into
    and administered under procurement laws and
    regulations

27
Definition of Subaward
  • Financial assistance made by a
  • recipient to an eligible subrecipient
  • Includes any financial assistance when provided
    by legal agreement, even if the agreement is
    called a contract
  • Does not include the purchase of goods and
    services

28
Definition of Grant
  • Purpose is to transfer money, property,
  • services or anything of value to recipient in
  • order to accomplish a public purpose.
  • No substantial involvement is
  • anticipated between government
  • and recipient during performance
  • of activity.

29
Definition of Cooperative Agreement
  • Purpose is to transfer money, property, services
    or anything of value to recipient in order to
    accomplish a public purpose.
  • Substantial involvement is anticipated
  • between government and recipient
  • during performance of activity.

30
Definition of Contract
  • Primary purpose is to acquire property or
    services for direct benefit or use of the
  • Federal Government.
  • Government determines whether
  • procurement contract is appropriate.
  • Allowable activities based on terms and
    conditions of contract
  • Governed by terms of the contract and State law

31
Definition of Pass-Through Entity
  • A Non-Federal Entity that provides a Federal
    award to a subrecipient to carry out a Federal
    program

32
Definition of Recipient
  • Organization receiving financial assistance from
    a Federal Agency to carry out a project or
    program
  • Term may include commercial, foreign or
    international organizations which are recipients
    and subrecipients

33
Subrecipient Versus Vendor
  • Subrecipent
  • A Non-Federal Entity that expends Federal awards
    received from a pass-through entity to carry out
    a Federal program
  • Has performance measured against whether the
    objectives of a Federal program are met

34
Subrecipient Versus Vendor
  • Subrecipient
  • Has responsibilities for programmatic decisions
  • Is responsible for complying with Federal program
    requirements
  • Uses Federal funds to carry out a program as
    compared to providing goods or services for a
    program

35
Subrecipient Versus Vendor
  • Vendor
  • Provides goods and services within normal
    business operations
  • Operates in a competitive environment
  • Provides similar goods or services to
  • many different purchasers

36
Subrecipient Versus Vendor
  • Vendor
  • Retains no rights to intellectual property
  • Provides the goods or services that are required
    for the conduct of a Federal program but are
    ancillary to the operation of the Federal program
  • Is not subject to compliance requirements of the
    Federal program

37
Direct Versus Indirect Costs
  • Direct Costs
  • Can be identified with a specific project or
    activity relatively easily with a high degree of
    accuracy
  • Direct Salaries Wages
  • Materials Supplies
  • Consultants Subcontractors

38
Direct Versus Indirect Cost
  • Indirect Costs
  • Referred to as Facilities Administrative costs
  • Indirect costs are those that are incurred for
    common or joint objectives and therefore cannot
    be identified readily and specifically with a
    particular project or activity
  • Fringe Benefits
  • Overhead
  • G A

39
Internal Control
  • A process designed to provide reasonable
  • assurance of achieving the following
  • Effective and efficient operations
  • Reliable financial reporting
  • Compliance with laws, rules, regulations and
    guidelines

40
Roles and Responsibilities
  • The Players
  • Principal Investigator (PI)/Project Manager
  • Department/Unit Administrator
  • Department Chair/Program Manager
  • Dean/Division Director
  • Central/Grant Administration

41
Roles and Responsibilities
  • PI/Project Manager
  • Awareness of requirements
  • Monitor and oversight of day-to-day
  • aspects of the project
  • Prepare required progress reports

42
Roles and Responsibilities
  • PI/Project Manager
  • Authorize all project expenditures and payments
    to consultants and subcontractors
  • Adhere to terms and conditions of award
  • Retain project data and materials as required

43
Roles and Responsibilities
  • Department/Unit Administrator
  • Provide administrative support to the
  • project
  • Assist in complying with award terms
  • and conditions, regulations and policies
  • Monitor expenditures of award funds, obtain
    necessary authorized signatures

44
Roles and Responsibilities
  • Department/Unit Administrator
  • Coordinate with Central/Grant Administration on
    reporting
  • Assist Central/Grant Administration
  • with closeout and audit activities

45
Roles and Responsibilities
  • Department Head/Program Manager
  • Overall administrative and financial operation of
    the department/program
  • Oversight of all project activity and
  • staff other resources

46
Roles and Responsibilities
  • Dean/Division Director
  • Management support, sets tone at top,
  • broad oversight of projects/programs
  • Provide divisional/unit concurrence in
    negotiation and acceptance of awards
  • Provide divisional/unit oversight for compliance
    with regulatory requirements

47
Roles and Responsibilities
  • Central/Grant Administration
  • Management of all aspects of an
  • award throughout its life cycle from
  • pre-award through closeout activities.
  • Liaison with Federal Agencies
  • Assistance in locating funding opportunities
  • Negotiation and acceptance of awards

48
Roles and Responsibilities
  • Central/Grant Administration
  • Prepare billings, financial reports
  • and other electronic submittals
  • Maintain time reporting and grant accounting
    system
  • Provide advise on financial matters
  • Coordinate A-133 and other audits

49
INTERNAL CONTROLS REVIEWED/INTERNAL CONTROL
QUESTIONNAIRE
50
Single Audit Test of Controls is Built On
Foundation of Government Audit
51
OMB Compliance Supplement (Part 6) Follows the
COSO Model of Internal
  • Controls
  • Control Environment
  • Risk Assessment
  • Control Activities
  • Information and communications
  • Monitoring

52
COSO Committee of Sponsoring Organizations of
the Treadway Commission
  • Report on how to look at controls, assess risk
    and the limitations of controls
  • Widely used as a framework to understand controls
    but is not the only one
  • Framework
  • - Definitions - Monitoring
  • - Control environment - Limitation of
    internal controls
  • - Risk assessment - Information and
    communications
  • - Roles and responsibilities

53
Following COSO Model, OMB Selected Control
Activities for Each of the Compliance Requirements
  • A. Activites allowed or unallowed
  • B. Allowable costs/cost principles
  • C. Cash management
  • D. Davis-Bacon Act
  • E. Eligibility
  • F. Equipment real property mgmt
  • G. Matching level of effort,
  • earmarking
  • H. Period of availability of Federal
  • Funds
  • Note Does not have to use those in the
  • compliance supplement or
  • I. Procurement and suspension
  • and debarment
  • J. Program Income
  • K. Real property acquisition/
  • relocation assistance
  • L. Reporting
  • M. Subrecipient monitoring
  • N. Special test and provisions
  • (control procedures not listed)
  • all of them and should use
  • others if more are appropriate.

54
Assessment of Risk
  • General Risk Consideration
  • - Experience
  • - Length of time
  • - Effect of non compliance
  • - Routine/non-routine transaction
  • - Estimate or judgment

55
Assessment of Risk
  • Inherent Risk - risk that material noncompliance
    with a major programs compliance requirements
    could occur, assuming there are no related
    controls.
  • - Factors to consider
  • - Size of the program - Subrecipients
  • - Program maturity - Level of oversight
  • - Complexity - Prior audit findings
  • - Extent of contracting - Identified as high
    risk
  • - Other factors

56
Assessment of Risk
  • Control Risk - risk that material noncompliance
    that could occur in a major program will not be
    prevented or detected on a timely basis by the
    programs internal control.
  • - Preliminary control risk
  • - Final control risk
  • Fraud Risk - risk that intentional material
    noncompliance with a major programs compliance
    requirements could occur.

57
Assessment of Risk
  • Detection Risk - risk that the audit procedures
    will lead to the conclusions that noncompliance
    that could be material to a program doesnt exist
    when in fact it does exist.
  • - Factors to consider
  • - Inherent risk
  • - Control risk
  • - Fraud risk

58
Assessment of Risk
  • Risk of Material Misstatement - combination of
    inherent risk and control risk. Based on
    professional judgments.
  • Audit Risk - risk that the auditor may
    unknowingly fail to appropriately modify his or
    her opinion on compliance. It is comprised of
    inherent risk, control risk, fraud risk and
    detection risk.

59
What Are We Looking for Controls to Do?
  • Prevent or detect material noncompliance
  • Initial assessment to be at low controlled risk
  • Final analysis does not need to be at a low level
    of controlled risk

60
Types of Controls
Pervasive Controls - Controls around the process, i.e., separation of duties, supervision, hiring, training, skills
Specific Controls - Preventative - Detective - Stop error from occurring Identify and notify that an error has occurred
Monitoring Control - Identify when a preventative or detecting control is not working
61
Process to Test Single Audit Controls
62
Process to Test Single Audit Controls
  • A. Identify the Control Objectives or What Can
    Go Wrong -
  • Can use the compliance supplement
  • Only need to access those requirements that are
    direct and material
  • Can develop on your own control procedures

63
Process to Test Single Audit Controls
  • B. Understand the Risk Prevention Process
  • Using the COSO Model -
  • Control Environment - sets the tone of an
    organization influencing the control
    consciousness of its people. It is the
    foundation for all other components of internal
    control, providing discipline and structure.

64
Process to Test Single Audit Controls
  • B. Understand the Risk Prevention Process
  • Using the COSO Model (contd) -
  • Risk Assessment - is the entitys identification
    and analysis of risks relevant to achievement of
    its objectives, forming a basis for determining
    how the risks should be managed.

65
Process to Test Single Audit Controls
  • B. Understand the Risk Prevention Process
  • Using the COSO Model -
  • Control Activities - are the policies and
    procedures that help ensure that managements
    directives are carried out.
  • Information and Communication - are the
    identification, capture, and exchange of
    information in a form and time frame that enable
    people to carry out their responsibilities.

66
Process to Test Single Audit Controls
  • B. Understand the Risk Prevention Process
  • Using the COSO Model (contd) -
  • Monitoring - is a process that assesses the
    quality of internal control performance over
    time.

67
Process to Test Single Audit Controls
  • Control Environment
  • Sense of conducting operations ethically, as
    evidenced by a code of conduct or other verbal or
    written directive.
  • If there is a governing Board, the Board has
    established an Audit Committee or equivalent that
    is responsible for engaging the auditor,
    receiving all reports and communications from the
    auditor, and ensuring that audit findings and
    recommendations are adequately addressed.

68
Process to Test Single Audit Controls
  • Control Environment (contd)
  • Managements positive responsiveness to prior
    questioned costs and control recommendation.
  • Managements respect for and adherence to program
    compliance requirements.
  • Key managers responsibilities clearly defined.
  • Key managers have adequate knowledge and
    experience to discharge their responsibilities.

69
Process to Test Single Audit Controls
  • Control Environment (contd)
  • Staff knowledgeable about compliance requirements
    and being given responsibility to communicate all
    instances of noncompliance to management.
  • Managements commitment to competence ensures
    that staff receive adequate training to perform
    their duties.
  • Managements support of adequate information and
    reporting system.

70
Process to Test Single Audit Controls
  • Risk Assessment
  • Program managers and staff understand and have
    identified key compliance objectives.
  • Organizational structure provides identification
    of risks of noncompliance
  • - Key managers given responsibility to identify
    and communicate changes.
  • - Employees who require close supervision (e.g.
    inexperienced) are identified.

71
Process to Test Single Audit Controls
  • Risk Assessment (contd)
  • Organizational structure provides identification
    of risks of noncompliance (contd)
  • - Management has identified and assessed
  • complex operations, programs, or projects.
  • - Management is aware of results of monitoring,
    audits, and reviews and considers related risk of
    noncompliance.
  • - Process established to implement changes in
    program objectives and procedures.

72
Process to Test Single Audit Controls
  • Control Activities
  • Procedures in place to implement changes in laws,
    regulations, guidance, and funding agreements
    affecting Federal awards.
  • Management prohibition against intervention or
    overriding established controls.
  • Adequate segregation of duties provided between
    performance, review, and recordkeeping of a task.

73
Process to Test Single Audit Controls
  • Control Activities (contd)
  • Computer and program controls should include
  • - Data entry controls, e.g., edit checks. -
    Exception reporting.
  • - Computer general controls and security
    controls.
  • - Reviews of input and output data.
  • - Access controls.

74
Process to Test Single Audit Controls
  • Control Activities (contd)
  • Operating policies and procedures clearly written
    and communicated.
  • Supervision of employees commensurate with their
    level of competence.
  • Personnel with adequate knowledge and experience
    to discharge responsibilities.

75
Process to Test Single Audit Controls
  • Control Activities (contd)
  • Equipment, inventories, cash, and other assets
    secured physically and periodically counted and
    compared to recorded amounts.
  • If there is a governing Board, the Board conducts
    regular meetings where financial information is
    reviewed and the results of program activities
    and accomplishments are discussed. Written
    documentation is maintained of the matters
    addressed at such meetings.

76
Process to Test Single Audit Controls
  • Information and Communication
  • Accounting system provides for separate
    identification of Federal and non-Federal
    transactions and allocation of transactions
    applicable to both.
  • Adequate source documentation exists to support
    amounts and items reported.

77
Process to Test Single Audit Controls
  • Information and Communication (contd)
  • Recordkeeping system is established to ensure
    that accounting records and documentation
    retained for the time period required by
    applicable requirements such as the A-102 Common
    Rule, 0MB Circular A-133, and the provisions of
    laws, regulations, contracts or grant agreements
    applicable to the program.

78
Process to Test Single Audit Controls
  • Information and Communication (contd)
  • Reports provided timely to managers for review
    and appropriate action.
  • Accurate information is accessible to those who
    need it.
  • Reconciliations and reviews ensure accuracy of
    reports.

79
Process to Test Single Audit Controls
  • Information and Communication (contd)
  • Established internal and external communication
    channels.
  • - Staff meetings. - Bulletin boards. -
    Memos, circulation files, e-mail. - Surveys,
    suggestion box.
  • Employees duties and control responsibilities
    effectively communicated.

80
Process to Test Single Audit Controls
  • Information and Communication (contd)
  • Channels of communication for people to report
    suspected improprieties established.
  • Actions taken as a result of communications
    received.
  • Established channels of communication between the
    pass-through entity and subrecipients.

81
Process to Test Single Audit Controls
  • Monitoring
  • Ongoing monitoring built-in through independent
    reconciliations, staff meeting feedback, rotating
    staff, supervisory review, and management review
    of reports.
  • Periodic site visits performed at decentralized
    locations (including subrecipients) and checks
    performed to determine whether procedures are
    being followed as intended.

82
Process to Test Single Audit Controls
  • Monitoring (contd)
  • Follow up on irregularities and deficiencies to
    determine the cause.
  • Internal quality control reviews performed.
  • Management meets with program monitors, auditors,
    and reviewers to evaluate the condition of the
    program and controls.

83
Process to Test Single Audit Controls
  • Monitoring (contd)
  • Internal audit routinely tests for compliance
    with Federal requirements.
  • If there is a governing Board, the Board reviews
    the results of all monitoring or audit reports
    and periodically assesses the adequacy of
    corrective action.

84
Process to Test Single Audit Controls
  • Walk Through the Control Process to Understand
    What It is and Whether It is Operational
  • One transaction from start to finish
  • Have the processors show what they do, what they
    review, exceptions uncovered and how exceptions
    are handled
  • Observe and review documentation

85
Process to Test Single Audit Controls
  • Assess if the Procedures in Place As Designed Are
    Effective at Reducing the Risk on Non Compliance
    to A Low Level
  • Requires judgment
  • Believe no material errors would occur undetected
  • If the procedures are designed effectively, must
    test to ensure operating throughout the period
  • If not designed effectively, no need to test as
    you can write your finding

86
Process to Test Single Audit Controls
  • Test the Controls Throughout the Period to
    Determine if They Were Operating As Desired
  • Perform test in compliance supplement or design a
    test to ensure controls were working throughout
    the period
  • Sample size is a matter of judgment
  • Suggested sample size of 40 or 60 because of low
    level of assessed risk while some firms use 25
    for moderate level risk

87
Types of Control Tests
  • Inquiry
  • Re-performance
  • Corroborative inquiry
  • Confirmation
  • Computation
  • Operating test
  • Observation
  • Inspection
  • Knowledge assessment
  • System query
  • Reconciliation
  • Physical examination
  • Review

88
Process to Test Single Audit Controls
F. Assess the Operating Effectiveness
Number of Expected or Actual Deviations Number of Expected or Actual Deviations Number of Expected or Actual Deviations Number of Expected or Actual Deviations
Planned Assessed Level of Control Risk 0 1 2 3
Low 60
Moderate 25 40 60 60
Slightly Below Maximum 25 25 40
Maximum
Omit test because tests of controls would most
likely be inefficient or ineffective
89
Process to Test Single Audit Controls
  • Reporting Findings
  • Identify the following
  • Finding or non compliance
  • Compliance requirement
  • Known dollars of non compliance
  • Likely dollars of non compliance
  • Cause
  • Effect

90
Process to Test Single Audit Controls
  • Reporting Findings
  • Type of Finding
  • -Control-
  • Deficiency
  • Significant deficiency
  • Material weakness
  • -Specific Test-
  • Material non compliance
  • Non compliance
  • Type of Report
  • Unqualified
  • Qualified
  • Adverse
  • Disclaimer

91
Type of Control Weaknesses
Significant Deficiency Quantitative Deficiencies - Any internal control related findings quantitatively less than the Program Tolerable Noncompliance should be classified as a Significant Deficiency to the program. Qualitative Considerations - Documentation of the rationale for any qualitative considerations used in this type of assessment/conclusion should be documented in the Findings Assessment Worksheet and evaluated by AOA.
Material Weakness Quantitative Considerations - Any internal control related findings quantitatively equal to or greater than the Program Tolerable Noncompliance should be classified as a Material Weakness in the program. Qualitative Considerations - There may be instances, based on auditor judgment, where internal control related findings that quantitatively would not be considered material, may be deemed material weaknesses by the auditor based on the nature of the finding. Documentation of the rationale for this type of assessment/conclusion should be documented in the Findings Assessment Worksheet and evaluated by AOA.
92
Type of Compliance Finding
Material Noncompliance Quantitative Considerations - Any noncompliance quantitatively equal to or greater than the Program Tolerable Noncompliance should be classified as Material Noncompliance to the program. Qualitative Considerations - There may be instances, based on auditor judgment, where noncompliance that quantitatively would not be considered material, may be deemed material noncompliance by the auditor based on the nature of the finding. Documentation of the rationale for this type of assessment/conclusion should be documented in the Findings Assessment Worksheet and evaluated by AOA.
Noncompliance Quantitative Considerations - Any internal control related findings quantitatively less than the Program Tolerable Noncompliance should be classified as Noncompliance to the program. Qualitative Considerations - Documentation of the rationale for any qualitative considerations used in this type of assessment/conclusion should be documented in the Findings Assessment Worksheet and evaluated by AOA.
93
Examples of Strong Internal Controls
  • Activities Allowed or Unallowed and
  • B. Allowable Costs/Cost Principles
  • Control Environment
  • Management sets reasonable budgets for Federal
    and non-Federal programs so that no incentive
    exists to miscode expenditures.

94
Examples of Strong Internal Controls
  • A. Activities Allowed or Unallowed and
  • B. Allowable Costs/Cost Principles
  • Risk Assessment
  • Key manager has a sufficient understanding of
    staff, processes, and controls to identify where
    unallowable activities or costs could be charged
    to a Federal program and not be detected.

95
Examples of Strong Internal Controls
  • Activities Allowed or Unallowed and
  • B. Allowable Costs/Cost Principles
  • Control Activities
  • Supporting documentation compared to list of
    allowable and unallowable expenditures.
  • Adequate segregation of duties in review and
    authorization of costs.

96
Examples of Strong Internal Controls
  • A. Activities Allowed or Unallowed and
  • B. Allowable Costs/Cost Principles
  • Information and Communication
  • Reports, such as a comparison of budget to
    actual
  • provided to appropriate management for review
    on
  • a timely basis.

97
Examples of Strong Internal Controls
  • Cash Management
  • Control Environment
  • Budgets for drawdowns are consistent with
    realistic cash needs.

98
Examples of Strong Internal Controls
  • C. Cash Management (contd)
  • Control Activities
  • Appropriate level of supervisory review of
  • cash management activities.
  • Written policy that provides
  • - Procedures for requesting cash advances as
  • close as is administratively possible to
    actual
  • cash outlays

99
Examples of Strong Internal Controls
  • C. Cash Management (contd)
  • Information and Communication
  • Variance reporting of expected versus actual cash
    disbursements of Federal awards and drawdowns of
    Federal funds.

100
Examples of Strong Internal Controls
  • D. Davis-Bacon Act
  • Control Activities
  • Contractors informed in the procurement
    documents of
  • the requirements for prevailing wage rates.
  • Monitoring
  • Management reviews to ensure that certified
    payrolls
  • are properly received.

101
Examples of Strong Internal Controls
  • E. Eligibility
  • Control Environment
  • Staff size and competence provides for proper
    making
  • of eligibility determinations.
  • Risk Assessment
  • Conflict-of-interest statements are maintained
    for
  • individuals who determine eligibility.

102
Examples of Strong Internal Controls
  • E. Eligibility (contd)
  • Control Activities
  • Eligibility objectives and procedures clearly
  • communicated to employees.
  • Authorized signatures (manual or electronic)
  • on eligibility documents periodically
    reviewed.
  • Manual criteria checklists or automated process
  • used in making eligibility determinations.

103
Examples of Strong Internal Controls
  • E. Eligibility (contd)
  • Monitoring
  • Program quality control procedures performed

104
Examples of Strong Internal Controls
  • F. Equipment and Real Property Management
  • Control Activities
  • Accurate records maintained on all acquisitions
    and dispositions of property acquired with
    Federal awards.
  • A physical inventory of equipment is
    periodically taken and compared to property
    records.

105
Examples of Strong Internal Controls
  • F. Equipment and Real Property Management
    (contd)
  • Monitoring
  • Management reviews the results of periodic
    inventories and follows up on inventory discrepa
    ncies.

106
Examples of Strong Internal Controls
  • G. Matching, Level of Effort, Earmarking
  • Control Environment
  • Budgeting process addresses/provides adequate
  • resources to meet matching, level of effort, or
  • earmarking goals.
  • Risk Assessment
  • Identification of areas where estimated values
    will be
  • used for matching, level of effort or earmarking.

107
Examples of Strong Internal Controls
  • H. Period of Availability of Federal Funds
  • Control Activities
  • Accounting system prevents obligation or
    expenditure
  • of Federal funds outside of the period of
    availability.
  • Cancellation of unliquidated commitments at the
    end of
  • the period of availability.

108
Examples of Strong Internal Controls
  • H. Period of Availability of Federal Funds
    (Contd)
  • Monitoring
  • Periodic review of expenditures before and after
    cut-off date to ensure compliance with period of
    availability requirements.

109
Examples of Strong Internal Controls
  • I. Procurement and Suspension and Debarment
  • Risk Assessment
  • Procedures to identify risks arising from
    vendor inadequacy, e.g., quality of goods and
    services, delivery schedules, warranty
    assurances, user support.
  • Control Activities
  • Contractors performance with the terms,
    conditions and specifications of the contract is
    monitored and documented.

110
Examples of Strong Internal Controls
  • I. Procurement and Suspension and Debarment
    (contd)
  • Monitoring
  • Management periodically conducts independent
    reviews of procurements and contracting
    activities to determine whether policies and
    procedures are being followed as intended.

111
Examples of Strong Internal Controls
  • J. Program Income
  • Control Environment
  • Realistic performance targets for the generation
    of program income.
  • Risk Assessment
  • Mechanisms in place to identify the risk of
    unrecorded or miscoded program income.

112
Examples of Strong Internal Controls
  • J. Program Income (contd)
  • Monitoring
  • Internal audit of program income.

113
Examples of Strong Internal Controls
  • L. Reporting
  • Control Environment
  • Managements attitude toward reporting promotes
  • accurate and fair presentation.
  • Control Activities
  • Tracking system which reminds staff when reports
  • are due.

114
Examples of Strong Internal Controls
  • M. Subrecipient Monitoring
  • Control Environment
  • Sufficient resources dedicated to subrecipient
    monitoring.
  • Appropriate sanctions taken for subrecipient
    noncompliance.

115
Examples of Strong Internal Controls
  • M. Subrecipient Monitoring (contd)
  • Risk Assessment
  • Key managers understand the subrecipients
    environment, systems, and controls sufficient
    to identify the level and methods of monitoring
    required.

116
Examples of Strong Internal Controls
  • M. Subrecipient Monitoring (contd)
  • Monitoring
  • Supervisory reviews performed to determine the
    adequacy of subrecipient monitoring.

117
Walk Through the Internal Controls Questionnaire
of Part 6 of the Compliance Supplement
118
PURPOSE, PROCESS, OUTCOMES AN AUDITORS
PROSPECTIVE
119
Purpose - As Described By Donnas
Presentation
  • Single Audit enacted 1984 Circular A-133 1990
  • Non-Federal Entities receiving Federal Funds
  • Set standards for consistency and uniformity
  • Provided specific policy, procedures and criteria

120
Process - An Auditors Prospective
  • Understanding the entity and their internal
    controls over financial reporting and compliance
    by discussions, observations, and testing and
    assessing risk for audit planning
  • Following GAAS, GAS, And OMB A-133 Standards

121
Process - An Auditors Prospective
  • Providing clear guidance to auditees about audit
    requirements, testing criteria needs and
    documenting results of audit procedures
  • Concluding and reporting results

122
Outcomes Auditors Findings Reports
  • Controls in place, documented, and good
  • audit trails exist
  • Controls effective?
  • Are you prepared?

123
Outcomes Auditors Findings Reports
  • GAS Report on internal controls over
    financial
  • reporting and on compliance other matters
  • Control Objectives Environment, risk
    assessment, and control activities (attributes an
    auditee strives to achieve)
  • Control Component Information, communication
    monitoring (attributes needed to achieve the
    objectives)
  • Finding? Significant deficiency or material
    weakness

124
Outcomes Auditors Findings Reports
  • Compliance and Other Matters GAS
  • FINANCIAL STATEMENTS Reasonable assurance is
    obtained - they are free of material misstatement
    due to compliance with certain provisions of
    laws, regulations, contracts, and grant
    agreements AND free of fraud and abuse
    concerns?
  • FINDINGS? Compliant or Non-compliant?

125
Outcomes Auditors Findings Reports
  • OMB Circular A-133 Report on compliance with
    requirements applicable to major programs and on
    internal control over compliance in accordance
    with Circular A-133
  • COMPLIANT with the 14 types of compliance
    requirements in the compliance supplement?
  • INTERNAL CONTROL over compliance effective?
  • FINDINGS? Significant Deficiency or Material
    Weakness?

126
Universities How to Manage Single Audit From A
Practical Viewpoint Your Internal
Controls
  • Understanding Applicable State and Local
    Compliance and Reporting Requirements Steps to
    be Considered for audit preparation
  • Each Department Head should complete the internal
    control questionnaire for the CFDAs under their
    responsibility and fully understand control
    objectives as they relate to each specific grant.
    Review prior year submitted information and
    update the questionnaire. Conduct meetings with
    auditors for clarification.

127
Universities How to Manage Single Audit From A
Practical Viewpoint Your Internal
Controls
  • Have annual, or more frequent, meetings with all
    individuals who have a part in grant
    disbursements, reporting and other compliance
    requirements to discuss the relevant controls for
    better understanding of all parties. Monitor
    compliance by timely review of all relevant
    procedures and reports prior to audit.
  • Read and understand the Compliance Supplement for
    the CFDA for advance awareness of what will be
    tested. Typically, this does not change
    annually, so being prepared is essential to the
    audit.

128
Universities How to Manage Single Audit From A
Practical Viewpoint Your Internal
Controls
  • Communicate with grantor agencies for better
    understanding of what is significant about the
    grant and determine if they are aware of any
    overall control deficiencies experienced with
    grant funds. This may assist in avoiding such
    experiences.

129
Universities How to Manage Single Audit From A
Practical Viewpoint Your Internal
Controls
  • Subscribe to Federal single audit references and
    circulate relevant information to the department
    this could have a significant impact on the
    identification of controls that are missing from
    your process. Meet and discuss how to address
    the requirements specified in the relevant
    literature.

130
Universities How to Manage Single Audit From A
Practical Viewpoint Your Internal
Controls
  • Monitor your compliance
  • Supervision, reviews and approvals are essential
    to your success.

131
Universities How to Manage Single Audit From A
Practical Viewpoint Your Internal
Controls
  • Be aware of the applicable federal law and
  • requirements using the Compliance Supplement
  • and applicable references.
  • Part 2 Matrix of Compliance Requirements (14
    types identified)
  • Part 3 Compliance Requirements Applicable to
    the CFDA

132
Universities How to Manage Single Audit From A
Practical Viewpoint Your Internal
Controls
  • Compliance Supplement and applicable
  • references (Contd)
  • Part 4 Specific additional requirements of the
    federal program pertaining to provisions of
    contracts or grant agreements that are unique to
    a particular CFDA

133
Universities How to Manage Single Audit From A
Practical Viewpoint Your Internal
Controls
  • Compliance Supplement and applicable
  • references (Contd)
  • Part 5 Specific to Clusters of Programs
    (closely related programs with similar compliance
    requirements) - ( i.e) SFA
  • Part 6 Internal control requirements and
    guide
  • Part 7 Use of other specific industry or
    federal department guides to identify program
    objectives, procedures and compliance
    requirements

134
Universities How to Manage Single Audit From A
Practical Viewpoint Your Internal
Controls
  • Universities have significant references to Title
    IV Programs for SFA, and as such follow the
    guidance of 34 CFR section 691.

135
Universities How to Manage Single Audit From A
Practical Viewpoint Your Internal
Controls
  • While Department of Educations (DOE) Audit Guide
    is not a requirement for the Single Audit,
    program objectives, procedures and compliance
    requirements provide additional understanding to
    the auditor for single audit compliance
    procedures
  • RD Program requirements are very specific and
    monitoring is essential for success

136
Universities How to Manage Single Audit From A
Practical Viewpoint Your Internal
Controls
  • The Federal Register (November 1, 2006) provided
    guidance in 34 CFR Parts 668, 682, and 685
    regarding SFA, Final Rule. This literature
    provides guidance to auditors as well as the
    auditee.
  • Familiarity with such federal department
    literature is also noteworthy for SFA audits.

137
Universities How to Manage Single Audit From A
Practical Viewpoint Your Internal
Controls
  • These items are just reminders of the need for
    timely meetings and communications to those
    individuals working with SFA to keep abreast of
    updates and to be prepared for the audit process.

138
Universities How to Manage Single Audit From A
Practical Viewpoint Your Internal
Controls
  • II. Materiality Considerations Compliance
    Testing
  • Auditors may use judgment in materiality
    considerations resulting from findings
    (or exceptions) noted during the audit.
    (Case-by-Case basis and is usually dependent on
    the impact on grant objectives).

139
Universities How to Manage Single Audit From A
Practical Viewpoint Your Internal
Controls
  • Materiality is Affected By
  • The nature of the compliance requirements, which
    may or may not be quantifiable in monetary terms
  • The nature and frequency of non-compliance
    identified with an appropriate consideration of
    sampling risk and

140
Universities How to Manage Single Audit From A
Practical Viewpoint Your Internal
Controls
  • Materiality is Affected By (Contd)
  • Qualitative considerations, such as the needs and
    expectations of federal agencies and pass-through
    entities

141
Universities How to Manage Single Audit From A
Practical Viewpoint Your Internal
Controls
  • Qualitative Factors Include
  • Low risk of public or political sensitivity
  • A single exception that has a low risk of being
    pervasive

142
Universities How to Manage Single Audit From A
Practical Viewpoint Your Internal
Controls
  • Qualitative Factors (Contd)
  • An indication, based on auditors judgment an
    experience, that the affected federal agency or
    pass-through entity normally would not need to
    resolve the finding or take follow-up action

143
Universities How to Manage Single Audit From A
Practical Viewpoint Your Internal
Controls
  • Recap A-133 Overview
  • The single audit process is lengthy.
  • The compliance requirements are to be
  • tested as provided for in the Compliance
    Supplement.

144
Universities How to Manage Single Audit From A
Practical Viewpoint Your Internal
Controls
  • Recap A-133 Overview (Contd)
  • The auditees familiarity and understanding of
    Grants, is essentially the most important facet
    in achieving a smooth audit.
  • The preparations undertaken to achieve your
    internal control objectives are important, and to
    a great extent, the means to reducing compliance
    findings.

145
Questions???
Write a Comment
User Comments (0)
About PowerShow.com