530 likes | 656 Views
Single Audit Update. Joel M. Black, CPA Partner Mauldin & Jenkins, LLC Carole Burgess, CPA Executive Editor Tax and Accounting business of Thomson Reuters/ Practitioners Publishing Company www.ppc.thomson.com. Session Objectives. Discuss single audit related activity
E N D
Single Audit Update Joel M. Black, CPA Partner Mauldin & Jenkins, LLC Carole Burgess, CPA Executive Editor Tax and Accounting business of Thomson Reuters/ Practitioners Publishing Company www.ppc.thomson.com
Session Objectives • Discuss single audit related activity • SAS 115 and single audits • SAS 117 • Status of AICPA audit guides • Recovery Act • 2010 Compliance Supplement • Other single audit activity
SAS No. 115 • SAS 115 - Communicating Internal Control Related Matters Identified in an Audit • Effective for audits of financial statements for periods ending on or after December 15, 2009 • New definitions: • A material weakness is a deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented, or detected and corrected on a timely basis. • A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.
SAS No. 115 and Single Audits • SAS 115 - Communicating Internal Control Related Matters Identified in an Audit • GAO has issued guidance allowing adoption of SAS 115 (actual standards to be updated later) http://www.gao.gov/govaud/icguidance0811.pdf • Yellow Book Illustrative Reports with SAS 115 definitions • See GAQC Alert #115 for details • Download example Yellow Book reports from: http://gaqc.aicpa.org/Resources/Illustrative+Auditors+Reports/ • Revised reports will be incorporated into the 2010 GAS/A133 Guide
SAS No. 115 and Single Audits • SAS 115 - Communicating Internal Control Related Matters Identified in an Audit • OMB statement at beginning of OMB Circular A-133 stating the terms “significant deficiencies” and “material weaknesses” are to be used as defined in GAAS and the Yellow Book • AICPA has issued an auditing interpretation which defines the terms deficiency in internal control, significant deficiency, and material weakness from the perspective of reporting on internal control over compliance in a Circular A-133 audit • March 2010 • AU 9325.01-.03
SAS No. 115 and Single Audits • A deficiency in internal control over compliance exists when the design or operation of a control over compliance does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, noncompliance with a type of compliance requirement of a federal program on a timely basis.
SAS No. 115 and Single Audits • A material weakness in internal control over compliance is a deficiency, or combination of deficiencies, in internal control over compliance, such that there is a reasonable possibility that material noncompliance with a type of compliance requirement of a federal program will not be prevented, or detected and corrected, on a timely basis.
SAS No. 115 and Single Audits • A significant deficiency in internal control over compliance is a deficiency, or a combination of deficiencies, in internal control over compliance with a type of compliance requirement of a federal program that is less severe than a material weakness in internal control over compliance, yet important enough to merit attention by those charged with governance.
SAS No. 115 and Single Audits • SAS 115 - Communicating Internal Control Related Matters Identified in an Audit • A-133 Illustrative Reports with SAS 115 definitions • Download example A-133 reports from: http://gaqc.aicpa.org/Resources/Illustrative+Auditors+Reports/ • Revised reports will be incorporated into the 2010 GAS/A133 Guide
SAS No. 117, Compliance Auditing • Superseded SAS 74 and effective date for compliance audits for fiscal periods ending on or after June 15, 2010 • Earlier application is permitted • Provides additional auditing guidance when an audit of compliance is performed in connection with a GAAS and GAGAS audit of financial statements (i.e., OMB Circular A-133 audit) • However, SAS 117 only applies to compliance audit portion of engagement and not the financial statement audit • A compliance examination performed when an audit of financial statements is not required would continue to be performed under AT 601
SAS No. 117, Compliance Auditing Specifically, the SAS revises AU sec 801 by clarifying its applicability. updating it for changes in the compliance audit environment. establishing a requirement for the auditor to adapt and apply GAAS, including the risk assessment and fraud standards (all of which primarily address audits of financial statements), to a compliance audit and providing guidance on how to do so. identifying the AU sections that are applicable to a compliance audit and those that are not applicable. defining terms related to a compliance audit. identifying auditor requirements that are unique to a compliance audit. providing guidance on the factors an auditor may consider in evaluating whether an entity has materially complied with the applicable compliance requirements. identifying the elements to be included in an auditor’s report on compliance. 11
SAS No. 117, Compliance Audits AICPA working on new GAS and A-133 reports using SAS 117 language. Be on the lookout for these reports and AICPA advising not issuing any June 30, 2010 reports until these are available. 12
AICPA • Status of A&A Guides • 2010 GAS/A133 Guide • Updates being drafted – hope to issue in July/August • Incorporates SAS 115, 117, and OMB guidance • Other standards applicable to compliance audit – guide will provide some guidance (e.g., fraud, internal auditors, etc.) • Recovery Act guidance only appears at end of each chapter • 2009 GAS/A133 Guide • SEFA Practice Aids, SAS 115 impact on Government Auditing Standards reports, new Sampling Chapter
Recovery Act/Compliance Supplement: Information for 2010 Single Audits • ARRA – American Recovery and Reinvestment Act • 2010 Compliance Supplement – Appendix VII (draft) • Identification of ARRA expenditures • Separate ARRA presentation • ARRA Major Program Determination • Other Appendix VII Issues • 2010 Compliance Supplement (CS) – Remaining Changes (draft) These materials are based on the most recent drafts of the 2010 Compliance Supplement (dated March 2010). Updated information on the final Compliance Supplement will be provided during the ACPEN broadcast.
American Recovery and Reinvestment Act of 2009 (ARRA) (The Recovery Act) • The American Recovery and Reinvestment Act of 2009 (Pub. L. No. 111-5) (ARRA) and the related OMB Guidance have significant implications for audits performed under OMB Circular A-133. The ARRA imposes new transparency and accountability requirements on Federal awarding agencies and their recipients.
American Recovery and Reinvestment Act of 2009 History to Date: Recovery Act passed February 2009; significant impact expected for 2010 and 2011 year-end audits Accountability and Transparency are key features of the law QCRs built into the OMB guidance – results to be placed on Recovery.gov (unclear how this will be done) Auditees significantly affected by Section 1512 reporting New body, Recovery Act Transparency Board (RATB), monitoring activity and looking for fraud, waste, and abuse Much more interest in single audits by federal agencies and Congress
ARRA and CFDA Numbers Federal agencies are required to specifically identify ARRA awards, regardless of whether the funding is provided under a new or existing CFDA number. The CFDA number should be included in the grant award documents.
ARRA Programs not subject to A-133 Build America Bonds Subsidy payment should not be included on the Schedule of Expenditures of Federal Awards (SEFA) therefore not included in the scope of the single audit. COBRA Tax credits to employers should not be presented by auditees on the SEFA, and they should not be included in the scope of the single audit.
2010 Compliance Supplement – Appendix VII (draft) These materials are based on the most recent drafts of the 2010 Compliance Supplement (dated March 2010). Updated information on the final Compliance Supplement will be provided during the ACPEN broadcast.
Identification of ARRA Funding Early identification is critical Should be separate award Revised terms and conditions Subrecipients – more challenging Client should separately track ARRA expenditures
Identification of ARRA Funding Direct recipients – Look to: CDFA # Federal awards terms Stating ARRA funded Requiring separate SEFA presentation Requiring notification of ARRA funding to1st tier subrecipients At sub-award dates At disbursement of funds
Identification of ARRA Funding 1st tier subrecipients - Look to: CFDA # Awards terms Stating ARRA funded Requiring separate SEFA presentation
Identification of ARRA Funding Lower tier subrecipients Look to CFDA # Award terms stating ARRA funding Separate SEFA presentation required by Appendix VII
Separate ARRA Presentation Separate presentation on Schedule of Expenditures Federal Awards (SEFA) Even if same CFDA # New level of detail for Research and Development (RD) Separate presentation on Data Collection Form (DCF)
2010 Data Collection Form (DCF) Revised DCF for 2010 2008 to 2010 version not to be used for 2010 New version released for 2010 – 2012 A new data element was added on Part III of the SF-SAC Form to identify ARRA expenditures Item 9d The new 2010 Form will allow FAC to collect and store "Y" or "N" to identify ARRA awards to allow for direct searching Other changes
Single Audits for Periods Ending BeforeJune 30, 2010 2009 Compliance Supplement, Appendix VII Addendum #1 to 2009 Compliance Supplement – Issued August 2009 GAQC Alert #123 – Clarifying Guidance on Effect of Recovery Act Funds on Major Program Determination
Single Audits for Periods Ending on/after June 30, 2010 Impact of Recovery Act on 2010 Compliance Supplement: Guidance from 2009 CS Addendum #1 incorporated (e.g., in Part 3) Updated Appendix VII Low-Risk Auditee Status Extensions Loans Major program determination for ARRA funded awards Changes to other parts predominately due to ARRA related requirements.
Low Risk Auditee and Extensions M-10-14, Updated Guidance on the American Recovery and Reinvestment Act (March 22, 2010) - See also GAQC Alert #141 “Due to the importance of the Single Audits and the reliance of Federal agencies on the audit results to monitor the accountability of Recovery Act programs, agencies should not grant any extension request to grantees for fiscal years 2009 through 2011. In order to meet the criteria for a low-risk auditee (OMB Circular A- 133 §__.530) in the current year, the prior two years audits must have met the requirements of OMB Circular A-133, including report submission to the FAC by the due date (OMB Circular A-133 § __.320).”
Low Risk Auditee and Extensions 2010 Compliance Supplement includes new procedures for auditor’s consideration of loss of low-risk auditee status for late submissions to the Federal Audit Clearinghouse Beginning with audits covered by the 2010 Compliance Supplement, Appendix VII lists suggested audit procedures to determine whether previous submissions were made on a timely basis. Lists steps to verify timely submission, including testing “FAC Accepted Date” New management representation if the entity did not meet the single audit threshold in either of the prior two audit periods
When applying the risk-based approach to determine which Federal programs are major programs: The inclusion of large loan and loan guarantees (loans) should not result in the exclusion of other programs as Type A programs. When a Federal program providing loans significantly affects the number or size of Type A programs, the auditor shall consider this Federal program as a Type A program and exclude its values in determining other Type A programs. Impact of Loan Programs
Impact of Loan Programs Safe Harbor for Treatment of a Large Loan and Loan Guarantee Programs in Type A Program Determination Each individual loan and loan guarantee program that does not exceed four times the largest non-loan program is not considered to be large.
Impact of Loan ProgramsExample #1 University Step 1 – Identify the largest non-loan program:
Step 2 – Calculate if loan program is greater than 4X largest non-loan program: Impact of Loan Programs Example #1 University (Continued)
Impact of Loan ProgramsExample #1 University (Continued) Step 3 – Calculate Type A Threshold * Calculated to be $69,000, therefore defaulted to minimum of $300,000
Impact of Loan Programs Example #2 Governmental Entity Step 1 – Identify the largest non-loan program:
Impact of Loan Programs Example #2 Governmental Entity (Continued) Step 2 – Calculate if loan program is greater than 4X largest non-loan program:
Impact of Loan Programs Example #2 Governmental Entity (Continued) Step 3 – Calculate Type A Threshold
Clusters of programs specifically listed in the Supplement with a new ARRA CFDA number added during the current year that also has current year expenditures, should be considered a new program and would not qualify as a low-risk Type A program Cluster will not meet the requirement of having been audited as a major program in at least one of the two most recent audit periods as the Federal program funded under the ARRA did not previously exist. The Research and Development cluster (R&D) is not subject to this guidance due to its nature (e.g., CFDA numbers are not listed in Supplement for R&D and in some cases R&D is not assigned a CFDA number). The Student Financial Aid (SFA) Cluster is also not subject to this guidance Effect of ARRA Awards on Major Program Determination - Clusters
Effect of ARRA Awards on Major Program Determination - Type A Programs Even though a Type A program otherwise meets the criteria as low-risk under Section 520(c) of OMB Circular A-133, due to the inherent risk associated with the transparency and accountability requirements governing expenditures of ARRA awards, any program or cluster with expenditures of ARRA awards would not qualify as a low-risk Type A. Even a de minimus amount of ARRA expenditures would not support identifying the program as low risk. See next slide for exception. However SFA is excluded from this guidance
Effect of ARRA Awards on Major Program Determination -Type A Programs (Continued)
Effect of ARRA Awards on Major Program Determination – Type A Example 2009 State Fiscal Stabilization Fund (SFSF) • Audited as a Major Program • No Control Deficiencies • No Noncompliance 2010 State Fiscal Stabilization Fund (SFSF) Can this be assessed as a low risk Type A in 2010? Did not meet 1 of the 4 criteria to be assessed as low risk: (3) current year ARRA expenditures are more than 20% of program cluster [since 100% of expenditures are ARRA]
Effect of ARRA Awards on Major Program Determination - Type B Programs The auditor should consider all Type B programs and clusters with expenditures of ARRA awards to be programs of higher risk in accordance with Section 525(d) of OMB Circular A-133. The presumption is that Type B programs or clusters with ARRA expenditures would be audited as major when applying the provisions of Section 520(e)(2). However, the auditor is not precluded from selecting an especially risky Type B program that does not contain ARRA expenditures to audit as a major program in lieu of a Type B program or cluster with ARRA expenditures.
2010 Compliance Supplement (CS) – Remaining Changes – Draft These materials are based on the most recent drafts of the 2010 Compliance Supplement (dated March 2010). Updated information on the final Compliance Supplement will be provided during the ACPEN broadcast.
Matrix of Compliance Requirements Changes made to programs based on ARRA For example Davis Bacon is now applicable for a few programs for which it didn’t used to be. Special Test and Provisions is applicable for all programs with ARRA funding, based on the Part 3 additions related to SEFA and separate identification 2010 Compliance Supplement - Part 2 Changes
Allowable Activities Include limitations on activities funded with ARRA Davis Bacon Include coverage under ARRA Reporting General changes to certain standard reports based on agencies transitions to newer forms Testing 1512 reports and applicable testing (ARRA grant receipts & expenditure information – not currently for jobs information) 2010 Compliance Supplement - Part 3 Changes
Procurement Include ARRA Buy America Requirements Subrecipient monitoring Added requirement for client review of subs CCRs and related follow-up Verification of subrecipients filing their A-133’s with Clearinghouse Strong push on identifying pass-through entity information on SEFA and amounts passed-through in SEFA footnotes 2010 Compliance Supplement - Part 3 Changes
Special Tests Separate Accountability for ARRA Funding ARRA Presentation on SEFA and Data Collection Form Subrecipient Monitoring information required in SEFA (notes) 2010 Compliance Supplement - Part 3 Changes
Part 4 Incorporated information from 2009 Addendum #1 Several new programs added Part 5 Many new clusters and additions to existing clusters 2010 Compliance Supplement - Parts 4 and 5 Changes
OMBEarly Reporting of Control Deficiencies • OMB Pilot Project • Volunteer states had auditors provide an interim communication of deficiencies in internal control over compliance relating to Recovery Act funds • CS also encourages other organizations to consider similar early reporting