Compliance Auditing Update NC Local Government …...Executive Order 13520 on Reducing Improper...

1

Compliance Auditing UpdateCompliance Auditing Update

NC Local Government Auditing, Reporting and ReviewNC Local Government Auditing, Reporting and ReviewJune 14, 2016June 14, 2016

Uniform Guidance Overview

Course Objectives-Uniform Administrative Requirements, Cost Principles, and Audit

Requirements for Federal Awards

• Review the reasons why the Uniform Guidance was developed

• Brief review of the goals of the Uniform Guidance• Review and discuss certain changes as they relate to

the entity and to auditors

• Review and discuss other changes related to NC

• Briefly review Clarity Attestation Standards

2

North Carolina State Single Audit Authoritative Sources

• Title 2 U.S. Code of Federal Regulations Part 200 Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance);

• Audit Manual for Governmental Auditors in North Carolina - Discussion of Single Audit in North Carolina

3

2

State Single Audit Requirements

• In accordance with federal requirements, beginning in fiscal years ending after December 26, 2015, local governments and public authorities that expend $750,000 or more in federal financial assistance must have a single audit performed

• Local governments with fiscal years ending June 30, 2016 or later that have expended $500,000 or more in State financial assistance must have a single audit performed in accordance with the State Single Audit Implementation Act.

• Local governments and public authorities that expend $100,000 or more in combined Federal or State financial assistance must have an audit performed in accordance with Government Auditing Standards (GAGAS).

4

The Federal threshold for a Single Audit increased from $500,000 to $750,000 under Uniform Guidance. There are no changes to the State threshold.

NEW

Uniform Guidance Sections that Apply to State Awards

Subpart A - Definitions, as applicable200.502 - Basis for determining awards expended200.330 - Subrecipient and contractor determinations200.503(a, b, c) - Relation to other audit requirements200.505 - Sanctions200.508 - Auditee responsibilities200.509 - Auditor selection200.510 - Financial statements200.511 - Audit findings follow-up200.331 - Requirements for pass-through entities200.521(a, c, d, e) - Management decision200.514 - Scope of audit200.515 - Audit reporting200.516 - Audit findings200.517 - Audit documentation

5

LGC Review of Audit Reports

• Number of audits reviewed by LGC for fiscal years ending in 2015: *1,213 audits

595 Single Audits (49%)

251 GAGAS only (21%)

367 GAAS only (30%) * received as of May 31, 2016

6

3

Uniform Guidance-How Did We Get Here?

• Developed in response to the November 23, 2009 Executive Order 13520 on Reducing Improper Payments

• President directed OMB to work with Executive Branch agencies; state, local, and tribal governments; and other key stakeholders to evaluate reforms to Federal grant policies

• COFAR (Council on Financial Assistance Reform) was established in October 2011 to help lead the effort to improve management and accountability of Federal grants

7

Uniform Guidance-Impact of This Reform

Major goal of Uniform Guidance is to reduce administrative burden and the risk of waste, fraud and abuse by:

1. Eliminating duplicated and conflicting guidance

2. Focusing on performance over compliance for accountability

3. Encouraging efficient use of information technology and shared services

4. Providing for consistent and transparent treatment of costs

5. Limiting allowable costs to make the best use of Federal resources

8


6. Setting standard business processes using data definitions

7. Encouraging entities to have family-friendly practices

8. Strengthening oversight

9. Targeting audit requirements on risk of waste, fraud, and abuse

9

4


• One set of comprehensive regulations that should streamline requirements and supersedes eight existing circulars, including those applicable to State and Local Governments:

o A-87, Cost Principles for State, Local and Tribal Governments

o A-102, Grants and Cooperative Agreements with State and Local Governments

o A-133, Audits of States, Local Governments, and Non-Profit Organizations

10

Uniform Guidance-Effective Dates

Federal Agencies

Non-federal Entities

Audit Requirements

Implement policies and procedures for regulations to be effective December 31, 2014

Implement the new administrative requirements and cost principles for all new Federal awards made on or after December 26, 2014, and to incremental funding made after that date

Effective for audits of fiscal years beginning on or after December 26, 2014Early implementation not allowed

11

Uniform Guidance-Key Sections

• Subparts A through Fo Subpart A-200.XX- Acronyms and Definitions

o Subpart B-200.1XX- General Provisions

o Subpart C-200.2XX- Pre-Federal Award Requirements & Contents of Federal Awards

o Subpart D-200.3XX- Post Federal Award Requirements

o Subpart E-200.4XX- Cost Principles

o Subpart F-200.5XX- Audit Requirements

o Appendices I through XI

12

5

Uniform Guidance-Audit Requirements

Scope of the Audit §200.514

Determine if financial statements are

reported in accordance with

GAAP

Determine if Schedule of Federal and State Awards (SEFSA) is

stated fairly

Gain an understanding of internal controls

and test those controls

Determine if auditee has complied with Federal and State

statutes, regulations and grant agreements

Follow-up on prior audit findings

Report any current year findings

Complete and sign specified sections of

the data collection form

13


Identify all Type A

programs

Identify low-risk Type A

programs

Identify high-risk Type B

programs

Determine major

programs to audit

§200.518

Major Program Determination

14


Major Program Determination

Major program determination for State awards is $500,000

§200.518

Federal single audit threshold and single audit major programs determination amounts are now the same per Uniform Guidance. In the State Single Audit Implementation Act, these amounts are the same as well.

Total Federal Awards Expended

Type A/B Threshold

Equal to $750,000 but < $ 25 billion $750,000

> $25 million but < $100 million .03 times total Federal awards expended

> $100 million but < $1 billion $3 million

> $1 billion but < $10 billion .003 times total Federal awards expended

>$10 billion but < $20 billion $30 million

>$20 billion .0015 times total Federal awardsexpended

15

6


Major Program Determination• High Risk Type A Programs

o To be considered low risk, the program must not have had:o Internal control deficiencies identified as material weaknesses

o A modified opinion on complianceo Known or likely known questioned costs that exceed five

percent of the total Federal awards

• High Risk Type B Programs o Single criteria in risk would seldom cause a Type B to be high risk

(except material weaknesses)o The number of high risk Type B’s to be audited is one-quarter of

the number of Type A’so The threshold not to perform risk assessment on Type B’s is

$187,500 (assuming a major program threshold of $750,000)

§200.518

Uniform Guidance simplifies the process of determining high risk Type B programs. Uniform Guidance also encourages an approach that could lead to different high risk Type B programs audited as major in a given period.

16


Major Program DeterminationSpecial Considerations for Loans and Loan Guarantees

• In identifying Type A programs, the inclusion of large loans and loan guarantees must not result in the exclusion of other Federal programs as Type A programs

• Special calculation:o When a Federal loan program exceeds four times the largest

non-loan program it is considered a “large loan program”. The auditor must consider this Federal program as Type A and exclude its values in determining the Type A threshold.

§200.518

For purposes of this calculation, a program is only considered to be a Federal program providing loans if the value of the Federal awards expended for loans within the program comprises fifty percent or more of the total Federal awards expended for the program.

17


Major Program Determination-Low Risk Auditee

• Entity must meet all of the following for each of the two preceding years:o Annual singe audits, including timely filing of the data

collection form

o Unmodified opinion on financial statements in accordance with GAAP or basis of accounting required by state law

o Unmodified in-relation-to opinion on the SEFSA

o No material weaknesses in internal control

o No reporting of going concern

§200.520

NEW

NEW

NEW

18

7


Major Program Determination-Low Risk Auditee

• No Type A program had any of the following in either of the two preceding yearso Material weaknesses in internal control over compliance

o Modified opinion on a major program

o Known or likely questioned costs >5% of expenditures

• Percentage of Coverage Ruleo The minimum percentage of total Federal awards to be tested

as major decreased from 25% to 20% for low risk auditees and from 50% to 40% for all others

o The percentage of coverage for State awards has been reduced from 50% to 40%

• There is still no low-risk auditee determination for State Awards

§200.520/521

19

Uniform Guidance-Auditee Responsibilities

§200.508

Arrange for Single Audit in accordance

with §200.509

Prepare appropriate financial statements in

accordance with §200.510

Prepare Schedule of Expenditures of

Federal and State Awards in accordance

with §200.510

Follow-up and take corrective action on

findings

Provide the auditor with access to

personnel, accounts, records, supporting

documentation

Prepare corrective action plan

Prepare summary of Schedule of Prior

Audit Findings

20


Auditor Selection

• Objective is to obtain a high-quality audit

• The objectives and scope of the audit must be clear in the proposal

• Auditee must follow procurement standards in 200.317 through 200.326

• Auditee must request a copy of he audit firm’s peer review

• Auditor who prepares an indirect cost proposal cannot perform the audit if the indirect costs recovered in the previous year exceeds $1 million.

§200.509

21

8


Financial Statements

• Must prepare financial statements for the fiscal year audited that reflect current:

o Financial position

o Results of operations of changes in net assets

o If appropriate, cash flows

• Must be for the same unit and fiscal year that is chosen to meet the requirements of Uniform Guidance

• May include departments, agencies, and other units that have separate audits under Uniform Guidance

§200.510

22


Schedule of Expenditures of Federal and State Awards (SEFSA)

• Must prepare a SEFSA for the period covered by the entity’s financial statements

• SEFSA includes the total Federal awards expended in accordance with §200.502, “Basis for Determining Federal Awards Expended”.

• Should reconcile to accounting records or the financial statements themselves

• Completeness and accuracy are critical to avoid missed programs

§200.510

The State Single Audit Implementation Act follows that same guidance in 200.502 in determining State awards expended.

23


What Qualifies as a Federaland/ or State Award?

• Financial assistance and cost-reimbursement contracts that non-federal entities receive directly from awarding agencies or indirectly from pass-through entities

o Does not include procurement contracts used to buy goods or services

o Entity has to determine if a vendor relationship exists

§200.38

24

9


When Does the Expenditure Occur?

• Determination should be based on when the activity related to the award occurs

• Other examples:o Disbursement of funds passed through to

subrecipientso Use of loan proceeds under loan and loan guaranteeso Receipt of propertyo Receipt or use of program income (potential)o Disbursement of amounts entitling the entity to an

interest subsidyo Distribution or consumption of food commoditieso Period when insurance is in force

§200.502

25


When Does the Expenditure Occur?Loans and Loan Guarantees

• Because the government is at risk for loans until the debt is repaid, a formula is used to calculate the amount of the loan expended. The value is equal to the sum of:

1. The value of new loans made or received during the audit period

2. Beginning balance of loans from previous years for which the government imposes continuing compliance requirements

3. Any interest subsidy, cash, or administrative cost allowance received

§200.502

26


SEFSA-Required Elements• List of individual programs by Federal or State agency

• For clusters, provide the cluster name, a list of the individual programs within the cluster, and provide the applicable Federal or State agency. A total for each cluster should also be provided.

• For Federal awards received as a subrecipient, the name of the pass-through entity and identifying number assigned by the pass-through entity

• Total awards expended for each Federal or State program and the CFDA or other identifying number when CFDA is not available

• The total amount provided to subrecipients for each Federal program

• SEFSA must include the total awards expended for loans and loan

guarantees

§200.510

NEW

NEW

27

Prior year loans and loan guarantees expended in prior years are not considered awards expended when statutes, regulations, and terms and conditions impose no continuing compliance requirements, other than to repay the loans. Therefore these amounts should not appear on the SEFSA.

10


SEFSA-Footnote Disclosures• For loans and loan guarantees, identify the balances

outstanding at the end of the audit period

• Notes that describe the significant accounting policies used in preparing the SEFSA

• Note whether the entity elected to use the 10% de minimis cost rate

§200.510

NEW

28


SEFSA-Auditor Considerations• Remember that the SEFSA is the responsibility of the

entity

• Auditor must be familiar with changes to the SEFSA as a result of Uniform Guidance

• Determine that clusters and programs are identified correctly

• Determine whether information required on the face of the SEFSA is there and that all required disclosures included

• Reconciliation of SEFSA to the financial records

29


Providing Access• Uniform Guidance states that entities must provide

access of the following to auditors:

o Personnel

o Accounts

o Books

o Records

o Supporting Documentation

o Other information as needed

§200.508

30

11


Internal Controls and Compliance Requirements

§200.303

Take prompt action when noncompliance

is identified

Safeguard protected personally identifiable

information (PPI)

Establish and maintain internal control over

Federal programs

Comply with Federal statutes, regulations,

and terms of the Federal award

Evaluate and monitor compliance

31

Uniform Guidance-Auditee Requirements

Internal Controls

• Internal control requirements under Uniform Guidance are not significantly different from those reflected in the OMB Circulars

• Moved from the audit requirements section into post federal award of administrative requirements to encourage entities to better structure their internal controls

§200.303

32


Internal Controls

• The internal control process should be designed to provide reasonable assurance regarding the achievement of the following objectives:

o Effectiveness and efficiency of operationso Reliability of reporting for internal and external

useo Compliance with applicable laws and

regulations

§200.303

33

12


Internal Controls• The entity must establish and maintain effective internal

control over the Federal award that provides reasonable assurance that the entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.

• Internal controls should be in compliance with guidance in:

o “Standards for Internal Control in the Federal Government” [Green Book] issued by the Comptroller General of the United States, US Government Accountability Office

o “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO)

§200.303

34


Internal Controls-Sample Questions

• Control Activities: How are you certain that your entity is in compliance with (Allowable Costs)?

• Risk Assessment: How did you determine that (authorization and approval) was necessary to ensure compliance?

• Monitoring: What is the process used to ensure that (authorization and approval) is performed correctly and consistently?

• Information and Communication: How and when do you notify people that (authorization and approval) is required?

• Control Environment: What is management’s attitude about internal control?

35


Internal Controls-Example

Activities Allowed or Unallowed and Allowable Costs/Cost Principles

• Control Environmento Management sets reasonable budgets- minimize incentives to

miscode expenditures• Risk Assessment

o Management has sufficient understanding of procedures and controls to identify unallowable costs

• Information and Communicationo Comparison of budget to actual is provided to project managers for

review on a timely basis• Control Activities

o Program managers approve invoices prior to payment• Monitoring

o Financial reports provided to appropriate management on periodic basis for review

36

13


Compliance-Procurement• Uniform Guidance does not substantially change the

procurement documentation requirements under Circular A-102

• §200.317-326 describes:o Applicable procurement standardso Methods of procurement that are allowedo Specific items that must be included within contracts under

Federal awards

• At a minimum documentation must contain:o The rationale for the method of procuremento Selection of contract typeo Contract selection or rejectiono Basis for the contract price

§200.317-326

37


Compliance-Procurement• States follow the same policies and procedures they use for

procurements from non-federal funds (i.e., State procurement statutes

• Other entities follow the five procurement methods outlined in Uniform Guidance:o micro purchaseo small purchaseo sealed bidso competitive proposalso noncompetitive proposals (one source)

o solicitation of a proposal from only one source (may be used in certain circumstances)

§200.317-326

Per §200.318, non-federal entities are allowed to piggy-back on State procurement standards

38


Compliance-Procurement• §200.318 describes mandatory conflict of interest language each

entity must have

• The conflict of interest guidance was expanded from the existing language in A-102 to include a provision for organizational conflict of interest

• The expansion will require entities to have strong policies preventing organizational conflicts of interest, which will be used to protect the integrity of procurements under Federal awards and subawards

• Two types of conflict of interest policies must be maintained: Employee conflict of interest and organizational conflict of interest

§200.317-326

In addition §200.112 requires that a entity must disclose in writing any potential conflict of interest to the federal awarding agency or pass-through entity in accordance with applicable federal awarding policy. 39

14


Compliance-Allowable Costs and Costs Principles• Need to understand Subpart E- Cost Principles

o Describes the cost accounting requirements associated with Federal awards

o Includes requirements for indirect costso Includes requirements for compensation- personal services

• OMB Compliance Supplement includes a table of selected allowable costs for different types of organizationso Use in conjunction with Uniform Guidance

• Key areas of focuso Compensation- personal serviceso Indirect Costso Items that require prior approval to be allowable (§200.407)

40


Subrecipient Monitoring §200.330/331

Determine if subrecipient or

contractor

Clearly identify subawards to subrecipients

Provide certain subaward information

at the time of subaward

Verify subrecipient has been audited as

required by Subpart F

Consider imposing specific subaward

conditions

Consider taking enforcement action for

noncompliant subrecipients

Consider results of subrecipient audits

Evaluate each subrecipient’s risk of

noncompliance

Monitor activities of subrecipients

41


Subrecipient and Contractor Determinations

• Pass-through entities must make case-by-case determinations as to whether an agreement designates a recipient as a subrecipient or contractor.

• Federal and State awards expended as a recipient or a subrecipient are subject to single audit.

• Payments for goods and services received by a contractor are not considered Federal or State awards

§200.330

42

15


Subrecipient and Contractor Determinations §200.330

Subrecipient Contractor

Determine who is eligible to receive federal assistance

Has a procurement relationship with the entity

Has its performance measured according to whether the objectives of a federal program were met

Provides goods and services withinnormal business operations and to many different purchasers

Is responsible for program related decision-making

Provides goods and services that are ancillary to the operation of the Federal program

Must adhere to applicable Federal program requirements specified in the Federal awards

Normally operates in a competitiveenvironment

Uses the Federal awards to carry out a program for specific purpose as opposed to providing goods or services for the benefit of the pass-through entity

Is not subject to the compliance requirements of the Federal program as a result of the agreement

43


Subrecipient Monitoring

• All subrecipients, regardless of the size of the award, must be monitored

• Requirements include:o Performing a risk assessment of the subrecipient

o Following up on any audit findings or other issues revealed in that process

o Ongoing monitoring

§200.331

44


Subrecipient MonitoringRisk Assessment

• A pass-through entity should assess the risk of a subrecipient’s noncompliance at the outset of the relationship and at least annually afterward.

• The assessment should be explicit in the criteria used to evaluate risk, and risk factors should be customized to suit individual programs.

• Documentation of the risk assessment process and results is critical to ensuring that support is available in the event of an audit by external auditors or cognizant agency.

• Monitoring efforts may result in a determination to impose additional conditions of the subrecipient.

§200.331

45

16


Subrecipient MonitoringFollow Up

• Uniform Guidance makes it explicit (rather than implied) that:

o The pass-through entity must actively issue management decisions regarding audit findings identified during the monitoring process

o The subrecipient must implement remediation plans

• Deficiencies discovered:o Should be discussed and agreed upon by both the pass-

through entity and the subrecipiento Subrecipient should be given a specified period of time to

submit a corrective action plano The plan should create controls that prevent the situation

from reoccurring

§200.331

46


Subrecipient MonitoringOngoing Monitoring

• To ensure a good foundation of quality monitoring, necessary activities and the parties responsible for those activities should be clearly identified

• A system should be in place for determining how subrecipients will be monitored

• Consider the establishment of baseline monitoring procedures that can be applied universally to all subrecipients o Customized plans should then be developed to address

specific areas of concern

§200.331

47


What Does the Auditor Do?

• Uniform Guidance requires the auditor to plan the audit to obtain a low control risko That is, controls that “operate effectively”o Controls are reliable

• How do auditors get to low control risk?o Document understanding of controlso Test control design and implementationo Test control effectiveness

• Sampling is often used

• Ineffective control = finding

48

17


Compliance Testing

• All applicable parts of the Compliance Supplement should be used to perform a Single Audit correctly

o Per the 2015 Compliance Supplement, Part 6 for Internal Controls will be updated for revised language for the COSO framework and the Green Book for 2016

• Appendices provide useful information

• Use the correct year’s Supplement

49


“Applicable” Versus “Direct and Material” Compliance Requirements

• Auditor looks to the OMB Compliance Supplement for information on each type of compliance requirement and determines which are “applicable” to Federal programs

• Do auditors look at all applicable compliance requirements?o No, only direct and material compliance requirements

• A entity should comply with all applicable compliance requirements

50


Compliance Requirements

FEDERAL STATE

A. Activities Allowed or Unallowed 1. Activities Allowed or Unallowed

B. Allowable Costs/Cost Principles 2. Allowable Costs/Cost Principles

C. Cash Management 3. Cash Management

D. Reserved 4. Conflict of Interest

E. Eligibility 5. Eligibility

F. Equipment & Real Property Mgmt 6. Equipment & Real Property Mgmt

G. Matching, Level of Effort, Earmarking 7. Matching, Level of Effort, Earmarking

H. Period of Performance 8. Period of Performance

I. Procurement, Suspension and Debarment

9. Procurement, Suspension and Debarment

J. Program Income 10. Program Income

K. Reserved 11. Reserved

L. Reporting 12. Reporting

M. Subrecipient Monitoring 13. Subrecipient Monitoring

N. Special Tests and Provisions 14. Special Tests and Provisions51

18


Changes Related to the State Compliance Supplements-2016

**Note that the Federal supplement for the Child Nutrition Cluster includesCFDA 10.559. But NC DPI, who administers the program, has decided to issue10.559 as a separate supplement. Therefore when auditing the Child NutritionCluster, both supplements 10.553-CL and 10.559 must be used.

SUPPLEMENTNUMBER

SUPPLEMENT NAME CHANGE

14.228 Community Development Block Grants

There are now 2 supplements for this program: The InfrastructureFund is separate and administered by DEQ. The Small Cities Program is still administered by Commerce

**10.553-CL Child Nutrition Program/NutritionCluster

CFDA ‘s 10.579 and 10.582 have been added as part of the Nutrition Cluster for the State supplement

15.916, 20.219, DNCR-5 and DNCR-6

Land and Water Conservation FundRecreational Trails ProgramClean Water Management Trust FundNC Parks & Recreation Trust Fund

These grants are no longer administered by DEQ but by Natural and Cultural Resources

52

State Cluster of Programs

• Federal and State programs added by State agencies to a OMB’s cluster of programs in Part 6 should be clearly separated on the SEFSA from OMB’s cluster of programs.

• OMB’s clusters of programs should have a total as required by §200.510(b)(3). There should be a total for the entire cluster of program.o Examples: Subsidized Child Care cluster, Foster

care and adoption cluster, Child Nutrition Cluster

• There should be a footnote stating that programs were clustered by a State Agency (state the name) and was treated separately for State audit purposes.

53


Single Audit-End Result• Contents of the Single Audit Submission

o Auditor’s report on the financial statements of the entity

o Auditor’s in-relation-to reporting on the SEFSA

o Financial statements prepared by the entity

o SEFSA prepared by the entity

o Auditor’s report on internal control over financial reporting and on compliance and other matters to meet Government Auditing Standards requirements

o Auditor’s report on compliance and internal control over compliance-major programs

54

19


Single Audit-End Result• Contents of the Single Audit Submission

o Auditor’s schedule of findings and questioned costso Includes summary of auditors results and findings

o Schedule of prior audit findings prepared by the entity

o Corrective action plan prepared by the entity

• All of the items listed are referred to as the “reporting package”

• Reporting package and the Data Collection Form are submitted electronically to the Federal Audit Clearinghouse by the entity

55


Audit Reports

• Reports must use up-to-date language and include all appropriate references to Government Auditing Standards, Uniform Guidance, etc.

• Report on internal control over compliance and compliance refers to major programs in the Summary of Auditor Resultso Major programs in the Summary of Auditor Results must

be correct and match what is in audit documentationo Ensure that the Data Collection Form identifies the same

major programs

56


Uniform Guidance Findings• The auditor must report the following as audit findings in the

Schedule of Finding and Questioned Costs:

o Significant deficiencies and material weaknesses in internal control over major programs and significant instances of abuse

o Material noncompliance with the provisions of Federal regulations or the terms and conditions of Federal awards related to a major program

o Known questioned costs that are greater than $25,000 for a type of compliance requirement for a major program

o Known questioned costs when likely questioned costs are greater than $25,000 for a type of compliance requirement for a major program

§200.516

57

20


Uniform Guidance Findings

• The auditor must report the following as audit findings in the Schedule of Finding and Questioned Costs:

o Known questioned costs that are greater than $25,000 for a Federal program which is not audited as major

o Known or likely fraud affecting a Federal award, unless already reported as a finding

o If follow-up procedures detect that the status of a prior year finding is materially misrepresented

§200.516

58

Uniform Guidance-Finding Elements

§200.330/331

Program Information Criteria

Condition Found

ContextQuestioned

Costs

Whether sampling was

statistically valid

Repeat finding from

prior year

Cause and Effect

Recommendations

View of Responsible

Officials

NEW

NEW

Reference Numbers

59


Uniform Guidance Findings

• Ensure single audit report on compliance and internal control over compliance appropriately identifies findingso Findings listed in the report should agree to the Summary

of Auditor Results and the Schedule of Findings and Questioned Costs

• Include all required elements in the write-up of the finding

60

21

DST SLG Monitoring and Unit Visits

• Internal Control issues that need at least a management letter:o Computer software issues

o Pre-audit function is not working as planned or has flaws (purchasing, budget amendments, etc.)

o Interim reports are not being provided to the governing board timely and with accurate information.

o Key accounts are not being reconciled timely, primarily checking accounts.

o Segregation of duties61


Schedule of Prior Audit Findings

• Prepared by the entity

• Must report the status of all audit findings included in the prior audit’s schedule of findings and questioned costs

• Must include the reference numbers the auditor assigns to audit findings

• Must include the fiscal year in which the finding initially occurred

• Must include findings related to the financial statements which are required to be reported in accordance with Government Auditing Standards

• For findings that were not corrected or partially corrected, the schedule must describe the reason(s) for the finding’s recurrence and planned corrective action, and any partial corrective action taken

§200.511

62


Schedule of Prior Audit Findings• Auditor must follow-up on prior audit findings

• Auditor must perform procedures to assess the reasonableness of the schedule in accordance with Uniform Guidance

• If the auditor concludes that the schedule materially misrepresents the status of any prior audit finding, there must be a current-year finding

• Auditor must perform follow-up regardless of whether a prior audit finding relates to a major program in the current year

63

22


Corrective Action Plan• At the completion of the audit the entity must prepare in

a document separate from the auditor’s findings, a Corrective Action Plan to address each audit finding included in the current year auditor’s report

• Corrective Action Plan must provide the name(s) of the contact person(s) responsible for the corrective action, the corrective action planned, and the anticipated completion date

• If the entity does not agree with the audit findings or believes corrective action is not required, then the corrective action plan must include an explanation and specific reasons

64


Data Collection Form• Joint Responsibilities of entity and auditor, completed

electronically and submitted by the auditee

• Represents a summary of the information contained in the reporting package

• Includes contact information for entity and auditor

• Includes SEFSA information, reference to findings, and relevant compliance requirements

• Electronic signature of both the entity and the auditoro Authorizes Federal Audit Clearinghouse to make reporting

package publicly available

o Auditee certifies that submission does not include any personally identifiable information

§200.79 of Uniform Guidance discusses personally identifiable information and gives examples of what is considered personally identifiable information

65

Common Reporting Problems

• Prior loans and loan guarantees that do not have any continuing compliance requirements were listed in the SEFSA and/or footnote to the SEFSA

• Amounts reported in the SEFSA did not reconcile to the financial records

• The SEFSA had inadequate notes

• Auditee identified as low-risk did not meet all of the requirements

• The calculation of amounts tested as major programs was incorrect. The amount of expenditures tested did not reach the required threshold for the entity

66

23

Common Reporting Problems

• A Federal program that was part of a cluster was not included in testing major programs

• Names of programs identified as major on the summary of auditor’s results did not agree to program names listed on the SEFSA

• The schedule of findings and questioned costs did not contain all required elements

• Findings listed in the auditor’s report on internal control did not agree to the summary of auditor’s results or to the schedule of findings and questioned costs

• Findings listed in the report on compliance and internal controls over compliance did not agree to the summary of auditor’s results or to the schedule of findings and questioned costs

67

Auditing Standards Board (ASB) issued SSAE No. 18, Attestation Standards: Clarification and Recodification

• Provides for attestation standards for examinations, reviews, and agreed-upon procedures

• Restructures attestation standards so that the applicability of any AT-C section to a particular engagement depends on the type of service provided

• SSAE No 18 allows a practitioner to report on almost any subject matter as long as:o The party responsible for the subject matter is someone other than the

practitioner and takes Responsibilities for the subject matter

o The subject matter is appropriate

o The criteria to be used in evaluating the subject matter are suitable and available

o The practitioner expects to be able to obtain evidence needed to arrive at an opinion or conclusion

o The opinion or conclusion is to be contained in a written report See paragraph .25 of AT-C section 105 for greater detail about these preconditions

68

Auditing Standards Board (ASB) issued SSAE No. 18, Attestation Standards: Clarification and Recodification

• Separates reporting requirements for review engagements from examination engagements

• Requires a written representation letter in all engagements

• Requires practitioners to obtain a more in-depth understanding of the subject matter to better identify risks of material misstatement in an examination engagement

• Incorporates detailed requirements that are similar to SASs

• Effective for reports dated on or after May 1, 2017

69

24

Website - Single Audit Resources

• www.nctreasurer.com: select Division – Local Fiscal Management, select Single Audit Resources.

o 2016 State Compliance Supplements

o Description of Audit Requirements in NC

o OSA Documents

o Audit Manual: Sample reports and documents for presentation.

o Templates for reporting Subsidized Childcare, Mental Health, and Public Health awards.

o Confirmation reports from State agencies (DHHS, DOT, others)

70

Website - Audit Resources

• www.nctreasurer.com: select Division – Local Fiscal Management, select Audit Manual

• Statutory Compliance Checklist:

o Local Government Budget Fiscal Control Act,

o School Budget Fiscal Control Act,

o Contract/Purchasing/Minority Business Participation

o Related Party Transactions and Self Dealing

• Audit Programs

o Local Government Budget Fiscal Control Act,

o Conflict of Interest and Self Dealing

o Unclaimed Property 71

Website – Reporting and Other Resources

• Financial Reporting Checklist:

oNC Municipality

oNC County

oNC Board of Education

oNC Charter School

• Audit Opinions and Reports

• Firms providing accounting services

72

25

Thank You!Thank You!

Together we can build and maintain a fiscally strong and prosperous North Carolina.Together we can build and maintain a fiscally strong and prosperous North Carolina.

www.NCTreasurer.comwww.NCTreasurer.com

Compliance Auditing Update NC Local Government …...Executive Order 13520 on Reducing Improper...

Documents

Transcript of Compliance Auditing Update NC Local Government …...Executive Order 13520 on Reducing Improper...