1 / 61

Subrecipient Monitoring and Audit Procedures - Ensuring Compliance and Internal Controls

Learn about subrecipient monitoring requirements and recommended audit procedures, and how they link to internal controls over compliance. Review real-life examples of findings and investigation reports.

tremaine
Download Presentation

Subrecipient Monitoring and Audit Procedures - Ensuring Compliance and Internal Controls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “The Good, the Bad, and the UGGly” Montgomery AGA Chapter PDT November 18, 2016

  2. BiographyGerry Boaz, CPA, CGFM, CGMA Gerry has been with the Tennessee Comptroller of the Treasury, Division of State Audit, since January 1995. He is a Certified Public Accountant and a Certified Government Financial Manager (CGFM). He was a Legislative State Auditor for five years before becoming State Audit’s Technical Manager. As a Legislative State Auditor, he served as an audit in-charge for three of the five years primarily on college and university audits. As the Technical Manager, he is primarily responsible for monitoring GASB, FASB, AICPA, OMB, and GAO accounting, auditing, and compliance standards relating to financial statement and financial-related audits. He reviews financial statement audits for adherence to the above principles and standards, as well as to AICPA auditing standards. He is responsible for responding to all due process documents of the above standard setters, as applicable. He serves as a representative of the National Association of State Auditors, Comptrollers, and Treasurers (NASACT) by observing and writing an account of the Governmental Accounting Standards Board (GASB) meetings. He is a member of the AICPA’s Auditing Standards Board for a three-year term (January 2015-December 2017) and its Audit Issues Task Force (AITF). He served as a member of the Government Finance Officers Association's (GFOA) Committee on Accounting, Auditing, and Financial Reporting (CAAFR) for two three-year terms (2004-2009) and serves on the Special Review Committee for its certificate of achievement program. He represents State Audit on the National State Auditors Association’s Single Audit Committee and Auditing Standards and Reporting Committee (ASRC). He has served as a Vice Chair for both the Single Audit and ASRC committees. He is also an active member in the Association of Government Accountants (AGA). He was president of the Nashville AGA chapter for the 2006-07 program year. He served on AGA’s Professional Certification Board (PCB) for seven years (2007-2014) and as the Chair of the PCB for four of those years. He was also a member of AGA’s National Executive Committee as a result of being the Chair of the PCB. He currently serves on AGA’s Governance Committee. He served as AGA’s Southeast Regional Vice President during the 2015-16 program year. He is also a 2011 alumni of the Tennessee Government Executive Institute.

  3. Disclaimer • The opinions and views expressed in this presentation are my own and do not collectively represent the positions of the TN Comptroller of the Treasury or the TN Division of State Audit. Official positions are determined only after due process and deliberation.

  4. Objectives • Discuss subrecipient monitoring requirements • Discuss subrecipient monitoring recommended audit procedures • Link subrecipient monitoring to internal controls over compliance within the GAO Green Book • Review TN examples of findings and investigation reports

  5. The CFDA lists over 2,300Federal grant programs as of 2016 $600B $200B $91B $24B $7B

  6. Single Audit Update Code of Federal RegulationsTitle 2, Subtitle a, Chapter II,Part 200 Uniform Administrative Requirements, Cost principles, and audit requirements for federal awards

  7. Changes to guidance • Council on Financial Assistance Reform (COFAR) • www.cfo.gov/cofar • http://www.whitehouse.gov/omb/grants_docs/

  8. Green Book and COSO Monitoring

  9. Standards for Internal Control in the Federal Government Going Green

  10. Principle 16 - Perform Monitoring Activities • 16.01 Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. • The following attributes contribute to the design, implementation, and operating effectiveness of this principle: • Establishment of a Baseline • Internal Control System Monitoring • Evaluation of Results

  11. Principle 17 - Evaluate Issues and Remediate Deficiencies • 17.01 Management should remediate identified internal control deficiencies on a timely basis. • The following attributes contribute to the design, implementation, and operating effectiveness of this principle: • Reporting of Issues • Evaluation of Issues • Corrective Actions

  12. COSO Update articulates principles of effective internal control Control Environment • Demonstrates commitment to integrity and ethical values • Exercises oversight responsibility • Establishes structure, authority and responsibility • Demonstrates commitment to competence • Enforces accountability Risk Assessment • Specifies suitable objectives • Identifies and analyzes risk • Assesses fraud risk • Identifies and analyzes significant change Control Activities • Selects and develops control activities 11. Selects and develops general controls over technology • Deploys through policies and procedures Information & Communication Uses relevant information Communicates internally Communicates externally Monitoring Activities Conducts ongoing and/or separate evaluations Evaluates and communicates deficiencies

  13. Update articulates principles of effective internal control (cont.) Monitoring Activities 16. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.

  14. §200.303 Internal Controls • The non-Federal entity must: • Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in the Green Book or COSO. • Comply with Federal statutes, regulations, and the terms and conditions of the Federal awards.

  15. §200.303 Internal Controls (cont.) • The non-Federal entity must (cont.): • Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. • Take prompt action when instances of noncompliance are identified including identified in audit findings. • Take reasonable measures to safeguard PPII and other information the Federal awarding agency or pass-through entity designates as sensitive or the non-Federal entity considers sensitive consistent with applicable Federal, state, local, and tribal laws regarding privacy and obligations of confidentiality.

  16. TN Case Studies

  17. AU-C 240.05 (Consideration of Fraud in a Financial Statement Audit) • Objectives • Identify and assess the RMM of the financial statements due to fraud; • Obtain sufficient appropriate audit evidence regarding the assessed RMM due to fraud, through designing and implementing appropriate responses; and • Respond appropriately to fraud or suspected fraud identified during the audit.

  18. TN Single Audit and Investigation Report Examples • 2015 TN Single Audit • DHS • Labor and Workforce Development • TN F&C Investigation Reports (DHS) – Child & Adult Care Food Program (CACFP – CFDA # 10.558 and 10.559) • Academy for Kidz • ABC Nutrition • Cherry Tree

  19. Problems Discovered at DHS • Not documenting eligibility • Erroneous reimbursement claims • Overpayments • Poor risk assessment • Failure to detect obvious fraud • Insufficient staffing • Inadequate training • Providing meals to ineligible participants • Not collecting overpayments • Subrecipients not eligible for program • Documentation not maintained upon closing • Paid claims for unapproved feeding sites • Failure to document review of NDL • Failure to identify high-risk subrecipients • Failed to detect conflict of interest • Failed to recognize falsified documents • Paid cash advances that weren’t requested • Paying for unauthorized meals • Reimbursed with incorrect rates • Outdated Income Eligibility Application used • Failed to reconcile budget with expenses • Paid late claims • Failed to complete Vendor Review Guide • Failed to recover excess funds

  20. How was the fraud found? • Audit testwork. • Most fraud discovered via inquiry, fraud hot line calls, observation, but not substantive audit testing or test of details. • Benford’s law • ACL data analysis • Understanding the data and internal controls over its completeness and accuracy to establish parameters.

  21. Questioned Costs - $11.6 Million • Costs resulted from a violations or possible violations of federal requirements. • Costs were not supported by adequate documentation. • Costs were unreasonable. • Improper payments • Potential fraud with no paper trail • Wasteful spending

  22. ABC Nutrition Program, Inc. • Non-profit sponsoring organization in Camden, TN. Offices located in the basement of CEO’s home. Had approximately 10 full-time employees during the period examined. • Administers federal grants received from TN DHS for the CACFP on behalf of 216 daycare homes and 120 daycare centers • Receives a percentage of grant funds for admin • Sole source of revenue • Funds required to be spent as part of an approved DHS budget

  23. ABC Nutrition Program, Inc. • Period Oct. 2008 – Sept. 2014 • Unauthorized Pay • $419,269 as bonuses • $170,776 in salaries • $27,185 for the CEO’s home • $99,538 in other unauthorized expenses

  24. ABC Nutrition Program, Inc. 2009 – 2014 by Federal Fiscal Year For Bonuses to Mother and two Daughters: Vivian Parker - $142,248.77 Lisa Carter - $138,510.26 Tracy Coady – 138,510.26 Other 10 Employees Combined - $15,933.22 More…Additional Salary… Totaling $170,776.18 Vivian Parker - $25,674 Lisa Carter - $101,647.30 Tracy Coady - $43,454.88

  25. ABC Nutrition Program, Inc. • …Additional Misspending… • Construction and Improvements to Home • New deck attaching home to storage • Driveway Expansion • Totaling - $27,185.56 • …Additional Misspending… • Utility payments • Equipment rental • Technology services and equipment • Insurance • Totaling - $99,538.66

  26. ABC Nutrition Program, Inc. Other Noteworthy misspending… • Waste removal • Internet Services • Meals • Late charges on credit card purchases • Coffee, tea, hotel movies… Should have been divided between business and personal

  27. Results of Ineffective Monitoring • Subrecipients may use money for their own personal gain. Fraud = Theft. • Mistakes are made and not corrected. • Children and adults may not be fed.

  28. Erroneous Reimbursement Claims The Department relies on subrecipients to submit accurate meal reimbursement claims. This is how most subrecipients receive their money. • State Audit looked at a sample of 60 claims • 27 of the 60 were inaccurate • In other words, DHS reimbursed 45% of these claims based on inaccuracies. • DHS had previously reviewed some of these claims but did not always find the errors.

  29. DHS Paid Cash Advances that Were Not Requested DHS allows Summer Program participants to request cash advances for their monthly costs. • Our sample found two sponsors received cash advances even though they had not requested them. • Sponsor 1 received $25,721 for July 2015 • Sponsor 2 received $43,580 for July 2015

  30. Failed to Recover Excess Funds DHS did not recover funds paid to Summer Program sponsors in 2014 that did not participate in the 2015 program. • Three sponsors decided not to participate in 2015 • DHS failed to recover $206,165 that was overpaid to these sponsors • DHS did not have procedures to track excess funds.

  31. ABC Nutrition Program, Inc. So…How did this happen? • Lack of Independent Board of Directors • Lack of Independence and Separation of Duties

  32. ABC Nutrition Program, Inc. Where are they now? • On February 19, 2015 - Benton County Grand Jury indicted Vivian Parker, Lisa Carter, and Tracy Coady on 1 count of theft over $250,000, and 1 count of theft of property over $60,000 • Hung jury initially on sentencing • CEO in really bad health • One of her daughters has cancer • DA is relooking at establishing new sentencing date.

  33. Auditor Speak For…THE GOAL Making sure the money goes to feed the kids. Every dollar that is paid out improperly means one more kid doesn’t eat.

  34. Subrecipient Monitoring

  35. Subrecipient Monitoring and Management (Title 2, 200 CFR) §200.330 explains the roles of subrecipients and contractors so that the non-Federal entity can determine the relationship and the applicable requirements A non-Federal entity provides a subawardto a subrecipient for the purpose of carrying out a portion of a Federal award and creates a Federal assistance relationship between the non-Federal entity and the subrecipient A non-Federal entity provides a contract to a contractor for the purpose of obtaining goods and services for the non-Federal entity’s own use and creates a procurement relationship between the non-Federal entity and the contractor What the document is called does not matter; the relationship is the basis for determining which requirements are applicable

  36. Subrecipients Monitoring & Oversight Requirements for Pass-through Entities (200.331) • Includes audit responsibilities that were in A-133 • The pass-through entity must: • Put specific information in the subaward, including indirect cost rate • Do a risk assessment to determine appropriate subrecipient monitoring AND must monitor subrecipients • Consider if specific subaward conditions are needed • Verify subrecipients have audits in accordance with Subpart F • Make any necessary adjustment to the pass-through entity’s records based on reviews and audits of subrecipients • Consider actions to address subrecipient noncompliance

  37. Information Contained in a Subaward • Following information must be identified to subrecipient at time of award and put in the subaward (and when changes are made to the subaward) (200.331(a)): • Federal award identification, e.g., DUNS number • Indirect cost rate for the Federal Award (including if the de minimus rate is charged per 200.414 Indirect (F&A) costs) Requirements imposed by the pass-through entity • Requirement to provide access to records for audit

  38. Evaluating Subrecipient Risk to Determine Appropriate Monitoring • The pass-through entity must evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subawardfor the purpose of determining appropriate subrecipient monitoring, which may include consideration of factors such as (200.331(b)): • Prior experience with same or similar subawards • Results of previous audits • Whether new or substantially changed personnel or systems • Extent and results of Federal awarding agency monitoring

  39. Required Subrecipients Monitoring Procedures • When monitoring of subrecipients, the pass-through entity must (200.331(d)): • Review reports required by the pass-through entity • Follow-up to ensure subrecipient takes appropriate action on all deficiencies pertaining to the subaward from the pass-through entity identified through audits, on-site reviews, and other means • Issue a management decision for audit findings pertaining to subawardsmade by the pass-through entity • Not new requirement – taken from A-133

  40. Additional Subrecipient Monitoring Tools • Following tools may be useful, depending upon the risk assessment (200.331(e)) • Providing subrecipient training and technical assistance • Performing on-site reviews • Arranging for agreed-upon-procedures engagements under 200.425, Audit services [in Cost Principles] • No listed tool is required nor is the list of tools all inclusive • Determination on which tools is a matter of judgment for the pass-through entity based upon its assessment of risk

  41. 2016 Compliance Supplement Part 3, Compliance Requirements M. Subrecipient Monitoring

  42. Audit Objectives • Obtain an understanding of internal control, assess risk, and test internal control as required by 2 CFR section 200.514(c). • For non-ARRA first-tier subawards made on or after October 1, 2010, determine whether the pass-through entity had the subrecipient provide a valid DUNS number before issuing the subaward. • Determine whether the pass-through entity properly identified Federal award information and compliance requirements to the subrecipientand approved only allowable activities in the subaward documents.

  43. Audit Objectives (cont.) • For ARRA first-tier subawards, determine whether the pass-through entity assessed subrecipient compliance with the continuing requirement to maintain a current System for Award Management (SAM) registration. • Determine whether the pass-through entity monitored subrecipient activities to provide reasonable assurance that the subrecipient administers Federal awards in compliance with Federal requirements and achieves performance goals. • Determine whether the pass-through entity ensured required audits are performed, issued a management decision on audit findings within 6 months after receipt of the subrecipient’s audit report, and ensured that the subrecipient took timely and appropriate corrective action on all audit findings.

  44. Audit Objectives (cont.) • Determine whether in cases of continued inability or unwillingness of a subrecipient to have the required audits, the pass-through entity took appropriate action using sanctions. • Determine whether the pass-through entity evaluated the impact of subrecipient activities on the pass-through entity. • Determine whether the pass-through entity identified in the SEFA the total amount provided to subrecipients from each Federal program, including separate identification of ARRA funds. • If for-profit subawards are material, determine the adequacy of the pass-through entity’s monitoring procedures for those subawards.

  45. Suggested Audit Procedures – Internal Control • Using the guidance provided in Part 6 – Internal Control, perform procedures to obtain an understanding of internal control sufficient to plan the audit to support a low assessed level of control risk for the program. • Plan the testing of internal control to support a low assessed level of control risk for subrecipient monitoring and perform the testing of internal control as planned. If internal control over some or all of the compliance requirements is likely to be ineffective, see the alternative procedures in 2 CFR section 200.514(c)(4), including assessing the control risk at the maximum and considering whether additional compliance tests and reporting are required because of ineffective internal control.

  46. Suggested Audit Procedures – Internal Control (cont.) • Consider the results of the testing of internal control in assessing the risk of noncompliance. Use this as the basis for determining the nature, timing, and extent (e.g., number of transactions to be selected) of substantive tests of compliance.

  47. Suggested Audit Procedures – Compliance • Gain an understanding of the pass-through entity’s subrecipient procedures through a review of the pass-through entity’s subrecipient monitoring policies and procedures (e.g., annual monitoring plan) and discussions with staff. • Test the pass-through entity’s subaward review and approval documents for first-tier subawards to ascertain if the pass-through entityobtainedDUNS numbers fromnon-ARRA subrecipients prior to issuance of the subaward.

More Related