260 likes | 410 Views
Getting Ready, Section 2, Memorandum of Understanding, and Appendix A. February 7 , 2012. Getting Ready . Scheduled? Available on IGnet/business side Confirm End Date on schedule is not > 3 years First PR? End date is not > 3 years since beginning GAGAS fieldwork
E N D
Getting Ready, Section 2, Memorandum of Understanding, and Appendix A February 7 , 2012
Getting Ready Scheduled? • Available on IGnet/business side • Confirm End Date on schedule is not > 3 years • First PR? End date is not > 3 years since beginning GAGAS fieldwork Identify OIG liaison for receiving OIG • Quality control manager, typically, plus an alternate Take an active interest in a timely start • Establish contact with reviewing OIG – schedule changes? • Visit their website and review opinion • Ask about planned start date? • Share your documentation method and security clearance level(s) • Gather materials that will be requested
Getting Ready Gather materials that will be requested • Central repository for records • Ensure records supporting audits issued in the last year are retrievable within 48 hours • Don’t alter records
Getting Ready Materials that will be Requested • Completed Appendix A, Section 1 • GAS Imp. Tool http://www.gao.gov/new.items/d08210g.pdf • Complete set of policies, procedures, checklists, forms… • SARs/list of issued audits/attests • Audit tracking system list of audits scheduled, cancelled, terminated or completed during the period (ID by GAS engagement type, IPA/Internal) • Documentation for terminated audits • Organization Chart
Getting Ready Materials that will be Requested (cont.) • Staff Roster (including series and grades) • Professional designations • CPE summary for all staff for most recent 2-year reporting period • Information on staff advanced degrees/special skills • List and description of nonaudit services for 3 years • Prior external peer review report/letter of comment • Documentation of distribution • Documentation of corrective action implementation • List of internal QARs issued in 3 year scope, copies of those issued in last 12 months including GAS 3.54 summary, and a list of those in-process/issued subsequent to end date
Getting Ready Questions?
CIGIE Peer Review Guide on IGnethttp://www.ignet.gov/pande/audit1.html#guide 2009 Guide (.pdf format) 2009 Guide (.doc format) Appendix A; Policies & Procedures (.pdf format) Appendix A (.doc format) Appendix B; Checklist ~ Review of Adherence to General Standards (.pdf format) Appendix B (.doc format) Appendix C; Checklist ~ Review of Financial Audits Performed (.pdf format) Appendix C (.doc format) Appendix D; Checklist ~ Review of Attestation Engagements Performed (.pdf format) Appendix D (.doc format) Appendix E; Checklist ~ Review of Performance Audits Performed (.pdf format) Appendix E (.doc format) Appendix F; Checklist ~ Review of Monitoring of Audit Work Performed by IPAs (.pdf format) Appendix F (.doc format)
Definitions of Terms Commonly Used (Step 1) • System of Quality Control • Quality Assurance Program • External Peer Review • Audits • Nonaudit Services • Independent Public Accountant (IPA) Monitoring
Objective (Step 2) To determine whether, for the period under review, the reviewed OIG audit organization’s system of quality control was suitably designed and whether the audit organization is complying with its quality control system in order to provide the audit organization with reasonable assurance of conforming with applicable professional standards. (GAS 3.55) The peer review program is intended to be positive and constructive and should be carried out in that spirit.
Peer Review Team Characteristics (Steps 3 and 5) • Collectively, has current knowledge of GAGAS and government auditing • Independent of IG being reviewed, staff and audits selected for review • Collectively, has sufficient knowledge of how to perform a peer review (training and OJT, prior experience is desirable) • Team size: depends on factors. Staff to complete timely • Team captain s/be an experienced manager… • Specialists, classified subject matter, e-w/ps…final composition of team may have to wait until after completion of pre-site procedures
Professional Judgment (Step 4) • Exercise professional judgment in all matters relating to planning, performing, and reporting the results of the external peer review. Nothing in this guidance should be construed to limit the flexibility of the review team in planning and performing the review (During planning and performing phases, consider size, geographic dispersion, and type of work AO performed)
Documentation (Steps 8-9) • Documentation should be prepared to support the work performed and the conclusions reached. • Retain documentation at least until the subsequent peer review is completed.
Initiation of the Review (Steps 10-14) • Reviewing OIG sends an engagement letter to the reviewed OIG announcing initiation and requesting an entrance conference • Request information in step 17 • Reviewing OIG provides draft MOU (step 15) • Entrance Conference • Both IGs attend, ideally • Reviewed OIG provides overview of operations (security clearance levels of both agencies, E-WPs used and if training is necessary • Draft MOU elements discussed • Any travel expenses born by reviewing OIG
Memorandum of Understanding (Step 15) Illustrative MOU at pages 24 – 27 • Scope: covered in step 16 • Staffing: list principal contacts • Timeframes: 6 months due date, 3 months grace, CIGIE/GAO for extensions beyond 9 months • Nonaudit services: list/describe past 3 years • Preliminary findings: ongoing communication • Reporting: addressee/signer, discussion draft, formal draft, and time period for response • Other topics: as needed or considered appropriate (e.g., establish access to records)
Scope (Step 16) • Generally, reports issued in last 12 months of the 3-year period since the prior peer review scope ending period • 12 month period may be expanded as deemed necessary by the review team • Compliance matters associated with the reviewed agency’s internal P&Ps that are more stringent than GAS do not affect the System Review Report opinion • Similarly, your agency’s more stringent P&Ps shouldn’t be applied to the reviewing agency • IPA Monitoring: Any deficiencies reported in LOC • Additional scope considerations: DCAA work, Single Audits, others?
Planning/Pre-Site Review (Step 17) Request items in step 17a – e in the engagement letter: • Completion of Appendix A, Section 1 • Complete set of policies, procedures, checklists, forms… • SARs/list of issued audits/attests • Printout of the audit tracking system including audits scheduled, cancelled, terminated and completed during the period (ID by GAS engagement type, IPA/Internal, ...) • Documentation for terminated audits • Organization Chart
Engagement Letter Contents (Continued) • Staff Roster (including series and grades) • Professional designations • CPE summary for all staff for most recent 2-year reporting period • Information on advanced degrees/special skills • List and description of nonaudit services for 3 years • Prior external peer review report/letter of comment • Arrangements for access to prior PR WPs • Documentation of distribution • Documentation of corrective action implementation • List of internal QARs issued in 3 year scope, copies of those issued in last 12 months including GAS 3.54 summary, and a list of those in-process/issued subsequent to end date
Risk Assessment (Step 18) • Perform a risk assessment considering information gathered and analyzed in step 17. Other items for consideration: • Prior PR report and corrective action implementation • OSM and results in internal QA reports • Reasons for terminated audits • Whether policies and procedures are current/adequate • Significant changes in audit organization operations (work requirements, staffing, etc.)
Review Approach (Step 19) Read step 19 at initiation. Essentially, this step provides a high-level overview of the peer review fieldwork methodology.
Quality Control and Assurance(Steps 20-21) • Complete Appendix A, Section 2 and make a preliminary determination whether on the reviewed audit organization’s system of quality control is adequate. • Peer review team reviews the quality assurance program to determine the adequacy of design and implementation. (Steps 3.1 – 3.3 from Appendix B, General Standards) • Also, using the Quality Standards for Federal Offices of Inspector General (Silver Book) • http://www.ignet.gov/pande/standards/igstds.pdf
Selection of Offices & Audits and Using Appendices (Steps 22-28) • Guide requires: • One financial audit if performed by OIG • One audit internally reviewed under the OIG’s quality control and assurance program • No-advance notice given of selected audits • WPs provided within 2 business days • Field sites as visited • O/W, written notice explaining why (step 23) • Expand Appendices C-F to add questions related to significant manual requirements (referencing, for example), Internal QAR matters, prior PR matters, etc. • Review audits/attests for compliance using Appendices C – F • Strategy: team completes one App E together
Potential Issues (Steps 29-32) • Matters • Finding • Deficiency • Significant Deficiency
Reassess Scope (Step 33) • After all evidence has been compiled, the adequacy of the scope should be reassessed to ensure sufficient work exists to support findings, conclusions, and recommendations.
Contacts • Eric Holbrook, GAO’s GAS Subject Matter Expert, 202-512-9535, yellowbook@gao.gov • For GAS technical questions • APRG@oig.treas.gov for questions or comments on the peer review guide • Leslee Bollea, FDIC, CIGIE Audit Committee Principal Contact, lbollea@fdic.gov • Independence issues • Significant areas of disagreement between the parties • Peer review report extension requests • To report receiving a discussion draft with a pass with deficiencies or fail opinion
Section 2 Questions?