1 / 55

Association of College and University Auditors – Compliance Track --------- Research Compliance and Audit Issues – Part

Association of College and University Auditors – Compliance Track --------- Research Compliance and Audit Issues – Part 3 -------- April 11, 2006. Auditing Research Under OMB Circular A-133. Amy Barrett, CPA Assistant Director, System Audit Office

bart
Download Presentation

Association of College and University Auditors – Compliance Track --------- Research Compliance and Audit Issues – Part

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Association of College and University Auditors – Compliance Track --------- Research Compliance and Audit Issues – Part 3 -------- April 11, 2006

  2. Auditing Research Under OMB Circular A-133 Amy Barrett, CPA Assistant Director, System Audit Office The University of Texas System Administration 512/499-4535 abarrett@utsystem.edu

  3. Agenda • Introduction: What is an a-133 audit? • Approach: How is one performed? • Planning: What is involved in planning? • Assessing controls: How are controls assessed? • Assessing compliance: How is compliance assessed? • Reporting: What is reported and how? • Conclusion: What are the takeaways?

  4. Introduction

  5. Introduction • History and purpose of the single audit • Requirements of a-133

  6. Introduction, continued - Scope of Audit • In general • Financial statements • Schedule of Federal Awards • Internal control • Compliance • Reporting • Corrective action plan and follow-up

  7. Introduction, continued - Agencies and Resources • Government Accountability Office (GAO) • Office of Management and Budget (OMB) • Inspectors General (IG) • President’s Council on Integrity and Efficiency (PCIE) • Cognizant agencies • Oversight agencies • Federal awarding agencies • Pass-through entities • Code of Federal Regulations (CFR)

  8. Introduction, continued - Applicable Standards • A-21 Cost Principles for Educational Institutions • A-110 Administrative Requirements for Educational Institutions • Cost Accounting Standards • A-133 Audits of State, Local Governments, and Non-Profit Organizations • Compliance Supplement • AICPA Audit Guide, Government Auditing Standards and Circular A-133 Audits • Yellow Book

  9. Approach

  10. Approach - Planning the Engagement • Planning steps that should be documented • Yellow Book requirements

  11. Approach, continued - Testing Controls and Compliance • Document and test entity-level controls using the COSO • Select programs for testing • Document and test controls and compliance requirements for specific programs selected

  12. Approach, continued - Report Findings • Submit information to management and to clearinghouse: • Opinions • SEFA • Data collection form • Findings • Corrective action plan

  13. Planning

  14. Planning • Update knowledge about changes in the past year • Audit risk alert (www.aicpa.org/belt/practalert1.htm) • Changes in policies and procedures • Correspondence from federal agencies • Other auditor workpapers • Financial statements • Management letters • Schedule of Federal Awards (See Handout A) • Disclosure statement • Conduct understanding meeting

  15. Planning, continued • Document scope of work • Determine engagement team • Determine engagement budget • Document compliance with YB requirements

  16. Planning, continued – Compliance with YB • Training: • CPE requirements (80 hour requirement every two years; 24 directly-related to audit environment) • Quality control requirements (peer reviews) • Working paper requirements: • Objective, scope, and methodology, including sampling criteria used • Reperformance standard • Evidence of supervisory review • Independence • Fieldwork (abuse)

  17. Planning, continued • Consider risk of fraud • SAS 99 • Fraud risk planning meeting • Consider inherent risk • Document materiality • Document and obtain signoff of audit program • Select programs for testing (see next slide) • Send engagement letter • Hold entrance conference

  18. Planning, continued – Selecting Major Programs • Definition • Risk-based approach • Type A vs. Type B • Low risk vs. high risk • Percentage of coverage rule • Documentation requirements

  19. Assessing Controls

  20. Controls • Our responsibility • Obtain understanding of internal control over federal programs sufficient to plan the audit to support a low assessed level of control risk • Plan testing of internal control to support a low assessed level of control risk • Perform tests of internal control, unless control likely to be ineffective

  21. Controls, continued - Compliance Supplement, Part 6 (See Handout B) • A-110 requirements: “Maintain internal control designed to reasonably ensure compliance with laws regulations and program compliance requirements.” • A-133 requirements • SAS 78, Consideration of Internal Control in a Financial Statement Audit • COSO Framework

  22. Controls, continued - Compliance Supplement, Part 6 • COSO Framework • Control environment • Risk assessment • Control activities • Information and communication • Monitoring

  23. Controls, continued - Compliance Supplement, Part 6 • COSO Framework • Control environment • A sense of conducting operations ethically, as evidenced by a code of conduct or other verbal or written directive • Conflict of interest • Misconduct • Intellectual property • Management’s positive responsiveness to prior questioned costs and control recommendations • Management’s respect for, and adherence to, program compliance requirements

  24. Controls, continued - Compliance Supplement, Part 6 • COSO Framework • Risk assessment • Program managers and staff understand and have identified key compliance objectives • Organizational structure identifies the risk • Monitoring plans are in place • Specific risks have been addressed • Human subject and animal testing • Lab safety

  25. Controls, continued - Compliance Supplement, Part 6 • COSO Framework • Control activities • Operating policies and procedures are clearly written • Procedures are in place to implement changes in laws, regulations, guidance, and funding agreements affecting federal awards • Management prohibition against intervention or overriding established controls

  26. Controls, continued - Compliance Supplement, Part 6 • COSO Framework • Control activities, continued • Adequate segregation of duties • Computer controls that include edit checks, exception reporting, access controls, reviews of input and output data, and security controls • Data management • Privacy • Adequate supervision of employees • Personnel with adequate knowledge and experience • Assets physically safeguarded

  27. Controls, continued - Compliance Supplement, Part 6 • COSO Framework: Information and communication • Reconciliation and reviews ensure accuracy of reports • Internal and external communication channels are established (meetings, memos, surveys) • Employee duties and responsibilities effectively communicated • Channels of communication for people to report improprieties are in place and actions taken when communication occurs • Channels of communication established between the pass-through entities and subrecipients

  28. Controls, continued - Compliance Supplement, Part 6 • COSO Framework • Monitoring • Ongoing monitoring through independent reconciliations, staff meeting feedback, rotating staff, etc. • Periodic site visits performed at decentralized locations, including subrecipients • Follow-up on fraud and deficiencies • Internal quality review • Management meets with program monitors, auditors, and reviewers • Internal audit tests

  29. Testing Controls and Compliance

  30. Compliance - Compliance Supplement Areas • Activities allowed or unallowed • Allowable costs/cost principles • Cash management • Davis-Bacon Act • Eligibility • Equipment and real property • Matching, level of effort, earmarking • Period of availability of federal funds

  31. Compliance, continued • Procurement, suspension, and debarment • Program income • Real property acquisition and relocation assistance • Reporting • Subrecipient monitoring • Special tests and provisions

  32. A. Activities Allowed or Unallowed • Types of activities either specifically allowed or prohibited by laws, regulations, and the provisions of contract or grant agreements pertaining to the program. • The objectives of individual research projects are explained in the applicable award documents. Testing of compliance with this requirement should ensure that funds were used only for activities for the furtherance of such objectives.

  33. B. Allowable Costs and Cost Principles • Describes the government’s overall requirement that recipients must follow specified cost principles in order for costs to be allowable (A-21) • Particular focus should be paid to time and effort reporting (see next slide) • Indirect costs will be tested through recalculation • Need to determine which administrative costs are charged directly and which are charged through overhead. Should not have duplication. • Supplies and equipment also represent significant costs

  34. B. Time and Effort Procedures • External auditors typically look for signed time and effort reports • Auditors should go further • Inquire of staff • Question 100% time • Test salary caps • Look at total awards for researcher • Test cost-sharing • Be aware of cost transfers

  35. C. Cash Management • Requirements recipients to minimize the time lapse between receipt and disbursement. • Need to determine how cash received. If cost recovery, then test to ensure expenditure made prior to receipt of cash

  36. D. Davis-Bacon Act • Requires that laborers working on federally financed construction projects be paid a wage not less than the prevailing regional wage established by the Secretary of Labor.

  37. E. Eligibility • Laws, regulations, and provisions of contract or grant agreements pertaining to the program should specify criteria for determining the individual, groups of individuals, or subrecipients that can participate in the program and the amount for which they qualify. • Consider export controls regulations

  38. F. Equipment and Real Property Management • Requires that the organization maintain proper records for equipment and adequately safeguard and maintain equipment; and in disposing of any equipment or real property acquired under federal awards, adhere to federal requirements.

  39. G. Matching, Level of Effort, Earmarking • Specifies amounts entities are required to contribute from their own resources toward projects for which financial assistance is provided. • While matching requirements are less common, institutional “cost sharing” is very common, and that cost sharing and matching are considered to be the same concept under A-110.

  40. I. Period of Availability of Funds • When a funding period is specified, a non-federal entity may charge to the award only costs resulting from obligations incurred during the funding period and any pre-award costs authorized by the awarding agency. • Test cost transfers.

  41. J. Procurement, Suspension, and Debarment • Requires the entity to ensure that procurements are not made to parties that are suspended or debarred. • Testing purchasing procedures.

  42. K. Program Income • Income directly generated by the federal project during the grant period.

  43. L. Real Property Acquisition and Relocation Assistance • Requires that property acquired must be appraised; moving expenses and re-establishment expenses incurred by displaced businesses and farm operations must be recovered.

  44. L. Reporting • Specifies the reports that entities must file in addition to those required by the common requirements. • Consider technical reporting issues.

  45. M. Subrecipient Monitoring • Requires the identification of award information and the monitoring of subrecipient activities to provide reasonable assurance of compliance with federal requirements. • Merely asking for a-133 report from subrecipients is a start, but probably not enough.

  46. N. Special Tests and Provisions • Other provisions for which federal agencies determined noncompliance could materially affect the program. • We should obtain the awards to ascertain the special terms and conditions. Typical special tests surround: • Human participants • Animal welfare • Biosafety • Chemical safety • Radiation safety

  47. Compliance, continued - Develop Audit Approach – Handout C • Meet with Principal Investigator • Determine how compliance met in each of 14 areas in order to develop tests • Questionnaire should be developed using Compliance Supplement (Part 3): • F. Equipment and Real Property Management • Compliance requirements • Audit objectives • Internal control tests • Compliance test

  48. Compliance, continued - Determine Sample Size • Risk assessment • Controls • Compliance

  49. Compliance, continued - Remember Working Paper Requirements • In addition to GAAS, GAGAS requires: • Objective, scope, and methodology, including sampling criteria used • Reperformance standard • Evidence of supervisory review

  50. Reporting

More Related