1 / 22

Intermediate Single Audit Issues: Planning, Performing and Reporting

Intermediate Single Audit Issues: Planning, Performing and Reporting. NASACT Audio Conference April 2, 2008 Presented by Frank Crawford, CPA Crawford & Associates, P.C. www.crawfordcpas.com. Objectives. High level overview of national single audit stat sample results

teva
Download Presentation

Intermediate Single Audit Issues: Planning, Performing and Reporting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intermediate Single Audit Issues: Planning, Performing and Reporting NASACT Audio Conference April 2, 2008 Presented by Frank Crawford, CPA Crawford & Associates, P.C. www.crawfordcpas.com

  2. Objectives • High level overview of national single audit stat sample results • Highlight and overview intermediate single audit issues identified • Highlight and overview of advanced single audit issues identified • Review SAS 112 impact • Review initiatives to improve audit quality • Take your questions

  3. Single Audit Stat Sample Results • Most prevalent deficiencies found • Not documenting the understanding of internal controls over compliance requirements (56.5%) • Not documenting the testing of internal controls of at least some compliance requirements (61%) • Not documenting compliance testing of at least some compliance requirements (59.6%)

  4. Single Audit Stat Sample Results • Not prevalent, but one of the most consequential deficiencies • Misreporting coverage of major federal programs, or in other words, one or more federal programs were identified as major programs when in reality they were not major programs • Consequential because users may get a “false sense of reliance” by using opinions issued on major programs that were not actually audited as major • Sampling issues • Insufficient sample sizes • Lack of documentation of how the samples were selected and the population

  5. Intermediate Single Audit Issues Identified • Planning • Defining the reporting entity • Cognizant/Oversight Agency Identification and Considerations • Engagement Letter Considerations • Unique Considerations of Fraud and Abuse • Low-Risk Auditee Determinations • Identifying Federal Programs and Clusters

  6. Intermediate Single Audit Issues Identified • Planning Issues, cont. • Determination of Major Programs • Determination of Material Audit Requirements (part 2 of the Compliance Supplement) • Using Parts 3, 4, 5 and 7 of the Compliance Supplement to Create Audit Programs • Using Part 6 of the Compliance Supplement for Internal Control Documentation Designing, Performing, and Testing • Risk Assessment and Sample Size Determinations • Planning and Performing Dual Purpose Tests

  7. Intermediate Single Audit Issues Identified • Fieldwork • Auditing the Schedule of Expenditures of Federal Awards (SEFA) • Testing the Summary Schedule of Prior Audit Findings • Testing Information Technology (IT) Systems • Analysis of Audit Test Results and Exceptions • Determining Questioned Costs and Likely Questioned Costs • Testing Unique Requirements

  8. Intermediate Single Audit Issues Identified • Reporting • Qualitative Determination and Content of a Finding • Evaluating Findings and Determining Compliance Opinion(s) • Evaluating and Reporting on Internal Control • Modifications to Single Audit Reports • Preparation of the Schedule of Findings and Questioned Costs • Relationship of GAS Reports to Circular A-133 Reports and Schedules • Data Collection Form • Representation Letters for Federal Programs • Use of the GAS/A-133 Guide Illustrative Auditor Reports

  9. Advanced Single Audit Issues Identified • Planning, Fieldwork and Reporting • Accountability and Risk Management in a Single Audit • Key Considerations in Reviewing Single Audits • Preparing for and Responding to Quality Control Reviews (QCRs) • Firm-Specific Policies and Tools • Program-Specific Audit Considerations – Planning and Reporting • How to Recall and Reissue Single Audit Reporting Packages

  10. Other intermediate and advanced single audit issues identified • Stay current each year by reviewing • Changes to GAS/A133 Guide • AICPA Annual GAS/A133 ARA • Federal Agency Communications/Reports on Audit Deficiencies • Changes to Circular A-133 • Significant Changes to OMB Cost and Administrative Circulars • Updates to the OMB Compliance Supplement • Changes to the Data Collection Form

  11. SAS 112 Impact Federal Register Notice, June 26th, 2007, Volume 72, Issue 122 is the notice of the incorporation of SAS 112’s requirements into the single audit process…

  12. Pocket Guide to SAS 112 for Single Audit (A-133):What is the Likelihood of actual or potential noncompliance with a type of compliance requirement of a federal program, and what is the Magnitude of the actual or potential noncompliance? REMOTE S REMOTE M REMOTE L MORE THAN REMOTE S MORE THAN REMOTE M MORE THAN REMOTE L CONTROL DEFICIENCY SIGNIFICANT DEFICIENCY MATERIAL WEAKNESS Communicate in Writing

  13. Footnotes to Pocket Guide • Likelihood (two types) • Remote - the chance that the internal control deficiency would cause noncompliance with a type of compliance requirement of a federal program is “slight” • More than Remote – the chance that the internal control deficiency would cause noncompliance with a type of compliance requirement of a federal program is at least reasonable possible

  14. Footnotes to Pocket Guide • Magnitude defined as • S = Small (standards use term “Inconsequential”) • M = Medium (standards use the term “More than Inconsequential”) • L = Large (standards use the term “Material”) (can you tell that I worked in men’s clothing store when I was a younger?)

  15. Factors that may affect likelihood and magnitude • Likelihood • The nature of the type of compliance requirement involved. For example, a specific special test or provision may involve greater risk because it is unique to the program and may require unique controls. • The susceptibility of the program and related types of compliance requirements to fraud. • The subjectivity and complexity involved in meeting the compliance requirement, and the extent of judgment allowed. • The cause and frequency of any known or detected exceptions related to the operating effectiveness of a control. • The interaction or relationship of the control with other controls. • The interaction of the control deficiency with other control deficiencies. • The possible future consequences of the deficiency

  16. Factors that may affect likelihood and magnitude • Magnitude • The program amounts or total of transactions exposed to the deficiency, in relation to the type of compliance requirement. • The volume of activity related to the compliance requirement exposed to the deficiency in the current period or expected in future periods. • Adverse publicity or other qualitative factors

  17. Other factors to consider • Combination of control deficiencies • Evaluating the effect of compensating controls • Deviations in the operating effectiveness of controls • Prudent official test

  18. Examples of typical significant deficiencies • Policies and procedures that are incomplete, inadequate, or outdated for the activities subject to a type of compliance requirement • Inadequate segregation of duties over a type of compliance requirement • Controls over complex types of compliance requirements • IT controls relating to the activity subject to the type of compliance requirement

  19. Examples of typical material weaknesses • Lack of operating policies and procedures for the activities subject to a type of compliance requirement • Ineffective oversight of a major federal program by those charged with governance for compliance with those program requirements the activity subject to the type of compliance requirement, e.g., lack of adequate review of federal financial reports prior to submission to the grantor • Identification by the auditor of material noncompliance for the period under audit that was not initially identified by the entity’s internal control. (This is a strong indicator of a material weakness even if management subsequently corrects the noncompliance.)

  20. Examples of typical material weaknesses, cont. • An ineffective internal audit function or risk assessment function for a major program for which such functions are important to the monitoring or risk assessment component of internal control for a type of compliance requirement • Identification of fraud in the program of any magnitude on the part of senior program management. For the purposes of evaluating and communicating deficiencies in internal control, the auditor should evaluate fraud of any magnitude—including fraud resulting in immaterial noncompliance—on the part of senior program management, of which he or she is aware • Failure by management or those charged with governance to assess the effect of a significant deficiency previously communicated to them and either correct it or conclude that it will not be corrected • An ineffective control environment. Control deficiencies in various other components of internal control could lead the auditor to conclude that a significant deficiency or material weakness exists in the control environment over compliance with major program requirements

  21. Initiatives to improve audit quality • Better and more effective training courses to be offered • AICPA audit quality center task forces • More clear and understandable language from the standard-setters • Making a commitment

  22. Questions???

More Related