ISSUES IMPACTING GOVERNMENTS: FRAUD, DATA MINING AND SINGLE AUDIT Presented By: William Blend, CPA, CFE

Similar documents
Single Audit and Yellow Book / Govt. Audit Standards Update Presented by: William Blend, CPA, CFE

FRAUD IN GOVERNMENT AN OPEN DISCUSSION. Presented By William Blend, CPA, CFE

Council on Financial Assistance Reform s Uniform Guidance Training

PART 6 - INTERNAL CONTROL

Auditing Governments and Not-For-Profit Organizations

Overview of Sampling and Single Audit Reporting Requirements

Single Audit Update: Internal Control over Compliance and the GAO s Green Book. MSBO s 80 th Annual Conference April 19, 2018

Can You Spot Fraudsters?

FEDERAL AWARD PROGRAMS INTERNAL CONTROL EVALUATION. Cross-cutting characteristics (generally applicable to all fourteen requirements)

Chapter 6 Field Work Standards for Performance Audits

Internal Control Questionnaire and Assessment

Internal Control Questionnaire and Assessment

Internal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR)

3.6.2 Internal Audit Charter Adopted by the Board: November 12, 2013

38 Years of Excellent Client Service New COSO Model and How Internal Controls Help to Reduce Opportunity for Fraud

FRAUD SCHEMES. South Carolina HFMA Finance & Reimbursement Forum. November 13, 2012 WITH RELATED INTERNAL CONTROLS

May 3, To the Jail Board Members and Management Western Tidewater Regional Jail Authority 2402 Godwin Blvd Suffolk, Virginia 23434

Fraud Prevention Training

Internal Controls: Need Them, Have Them, Love Them

Eric Kinsherf, CPA MMAAA Conference June 12, 2018

CHAPTER 6 GOVERNMENT ACCOUNTABILITY

University of South Florida. Evaluation of Financial Management Systems and Financial Capability Questionnaire

Internal Controls: Providing an Effective Control Environment. Why This Session Is Needed. Lesson Overview & Module Objectives

INTERNAL AUDIT EFFECTIVENESS. Conducting Fraud Investigations Conducting Internal Audit

Community Bankers Conference

WATCH WORDS FROM THE PEER REVIEW PROCESS

POLICY & PROCEDURES MEMORANDUM

Seattle Public Schools The Office of Internal Audit

AUDIT RESPONSIBILITIES AND OBJECTIVES

2014 SINGLE AUDIT OVERVIEW FOR KNOWLEDGE COACH USERS

WATCH WORDS FROM THE PEER REVIEW PROCESS

Mapping of Original ISA 315 to New ISA 315 s Standards and Application Material (AM) Agenda Item 2-C

Virginia Association of School Business Officers Getting Reacquainted with Internal Controls Presented by John S. Aldridge, CPA

Chapter 18. Integrated Audits of Public Companies. McGraw-Hill/Irwin. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Final Report. Project (b)

GATU Webinar Part 1 March 2017 Presented by Carol Kraus, CPA

2/27/2017. Segregation of Duties/ Internal Controls. Objectives. Agenda

Format and organization of GAGAS Auditor preparation of financials is a significant threat to independence 3 party arrangements in government State

Kentucky State University Office of Internal Audit

Ten Payment Fraud Protections

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

The definition of a deficiency is also set forth in the attached Appendix I.

Common Frauds Found in Not-for- Profit Organizations

AUDIT RISK ASSESSMENT AND RESPONSES TO ASSESSED RISK BY Geoffrey Byamugisha Partner, Ernst & Young. Lessons on Audit Risk. Responding to fraud risk

HHS & NSF Audits of FDP Payroll Certification Pilots

Auditing Standards and Practices Council

INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT CONTENTS

Topics. Current Environment and Relevant Risks. Speakers. Contract and Compliance Monitoring Building a Successful Program

Seminar Internal Control Identification and Filtering

Oversight using Data Analytics

Long Beach City Auditor s Office

Module 1: Safeguarding District Resources: Roles & Responsibilities

FRAUD AWARENESS UPDATE

AICPA Peer Review Program Compliance: Responding to Latest Developments

Fraud Prevention, Detection, and Internal Controls

Results in Brief. Audit of WMATA s Vendor Master File (VMF) OIG January 18, 2019

Results in Brief. Audit of WMATA s Vendor Master File (VMF) OIG January 18, 2019

FOUNDATIONS IN ACCOUNTANCY Paper FAU (UK) Foundations in Audit (United Kingdom)

Implementation Tool for Auditors

Government Auditing Standards

SIGAR. USAID s Support for the American University of Afghanistan: Audit of Costs Incurred by the American University of Afghanistan M A R C H

The definition of a deficiency is also set forth in the attached Appendix I.

UNIVERSITY OF ILLINOIS (A Component Unit of the State of Illinois) Report Required Under Government Auditing Standards. Year ended June 30, 2011

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

What Happens When Internal Controls Fail

Minneapolis Public Schools Special School District No. 1 Minneapolis, Minnesota. Communications Letter of the Student Activity Accounts.

CAAS 104 Cost Audit and Assurance Standard on Knowledge of Business, its Processes and the Business Environment

MSD Internal Control Policy 01/16/08. Metropolitan Sewerage District of Buncombe County Internal Control Policy

2/20/15. Trevor Stewart, CPA Director of Business Services Source documentation includes CCIA and FCMAT

Contract and Procurement Fraud

What Are Your Auditors Doing? Presented by Carrie Kennedy, Partner Travis Smith, Partner Moss Adams LLP

Internal Audit Report. Contract Administration: 601CT Contracts TxDOT Internal Audit Division

Entity level controls Design/implementation 530 Page 1 of 9

2. The auditors' report on a corporation's financial statements usually is addressed to the president of the company.

CPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a AUDITING THEORY AUDIT PLANNING

Internal Controls for Deans, Directors and Chairs

ACCA Certified Accounting Technician Examination Paper T8 (INT) Implementing Audit Procedures (International Stream)

Creating a Fraud Risk Assessment and Implementing a Continuous Monitoring Program. Christopher DiLorenzo, CFE, CPA, CIA, CRMA

SIGAR JULY. Special Inspector General for Afghanistan Reconstruction

Government Auditing Standards. Course #5145I/QAS5145I Course Material

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

Due: Tuesday, May 1, 2007 by 5:45 p.m.

STATE OF MINNESOTA Office of the State Auditor

Internal Controls Integrating COSO

Using Transactional Analysis for

Federal Fiscal Monitoring: Fostering Continuous Improvement

Report on Inspection of Deloitte LLP (Headquartered in Toronto, Canada) Public Company Accounting Oversight Board

Master Document Audit Program. Version 9.6, dated November 2017 B-1 Planning Considerations. Purpose and Scope

Annual Audit and Other Financial Matters

Fraud Risk Management

Alyssa G. Martin, CPA Brandon Tanous, CIA, Using the COSO CFE, CGAP, CRMA Framework to Develop a Strong and Preventive Control Environment

BROOKLYN CHARTER SCHOOL FINANCIAL MANAGEMENT PRACTICES. Report 2006-N-9 OFFICE OF THE NEW YORK STATE COMPTROLLER

SEMINOLE COUNTY OFFICE OF MANAGEMENT AND BUDGET PURCHASING DIVISION BLANKET PURCHASE ORDER PROCESS AUDIT. March 31, 1998

CREATING A FRAUD RISK ASSESSMENT AND IMPLEMENTING A CONTINUOUS MONITORING PROGRAM

Cost Auditing Standard Cost Auditing Standard on Knowledge of Business, its Processes and the Business Environment

This Questionnaire/Guide is intended to assist you in decision making, as well as in day-to-day operations. Best Regards,

Preparing for a Headache-free Audit

Evaluating Internal Controls

STATE OF NORTH CAROLINA

Transcription:

ISSUES IMPACTING GOVERNMENTS: FRAUD, DATA MINING AND SINGLE AUDIT Presented By: William Blend, CPA, CFE

ETHICS AND FRAUD BASICS

How is Ethics Related to Fraud? Because Ethics is a discipline dealing with what is good and bad with moral duty and obligation. 3

Some Fraud Basics Fraud Triangle Pressure, Opportunity and Rationalization Fraud Motivation There is not just one! (Money, Ego, Entitlement, Ideology, Coercion) Accidental and Predator Fraudsters More than one type 5

Fraudsters More Details Accidental Fraudster Predator Fraudster Focus of Fraud Triangle First Time Offender Well Educated, Male, Middle Class, Good Person Pressure Occurs Rationalization Deliberate, Arrogant Seeks Opportunities No Pressure or Rationalization May Begin as Accidental Criminal Mindset 6

Fraud, Waste and Abuse Fraud an illegal act involving the obtaining of something of value through willful misrepresentation. Fraud is a determination to be made through the judicial process. Waste involves not receiving reasonable value for money in connection with any government-funded activities. Abuse involves behavior that is deficient or improper when compared with behavior that a prudent person would consider reasonable and necessary business practice given the facts and circumstances. 7

DATA FROM 2016 ACFE REPORT TO THE NATIONS

Victim Organizations - Government

How Occupational Fraud is Committed Duration of Fraud Based on Scheme Type

Detection of Fraud Schemes Initial Detection of Occupational Frauds

Detection of Fraud Schemes (Cont.) Source of Tips

Perpetrators Position of Perpetrator Frequency and Median Loss

Perpetrators (Cont.) Gender of Perpetrator Frequency

Perpetrators (Cont.) Age of Perpetrator Frequency & Median Loss

Perpetrators (Cont.) Tenure of Perpetrator Frequency and Median Loss

Perpetrators (Cont.) Behavioral Red Flags of Perpetrators

REAL LIFE CASES - DISCUSSION

ORGANIZATION'S ANTI-FRAUD SCORE? FOOD FOR THOUGHT

Organizational Fraud Checkup Purpose potential clients think about possible issues that could impact their organization. Consider offering this as a service to clients but remember, they should have legal representation involved. 20

Organizational Fraud Checkup (Cont.) Fraud risk oversight to what extent has the organization established a process for oversight of fraud risk by its governance? Fraud risk ownership how has the organization created ownership of fraud risk by identification of parties having responsibilities for fraud risk and communication to others in the organization of responsible parties? Fraud risk assessment to what extent has the organization implemented an ongoing process to evaluate the risk of fraud in the organization? 21

Organizational Fraud Checkup (Cont.) Fraud risk tolerance and risk management policy does the organization have an approved fraud risk tolerance and risk management policy which includes a fraud risk component? Process-level anti-fraud controls / re-engineering how has the organization implemented measures to reduce each of the significant fraud risks identified through the fraud risk assessment? 22

Organizational Fraud Checkup (Cont.) Environment-level anti-fraud controls to what extent has the organization implemented a process to promote ethical behavior, deter wrongdoing and promote two-way communication on difficult issues? Proactive fraud detection to what extent has the organization established a process to detect, investigate and resolve potentially significant fraud? 23

GOVERNMENT AUDIT EXPECTATION GAP

Types of Audits Financial statement audits Focuses on looking for misstatements in the financial statements OMB Circular A-133 Compliance Audits (or Single Audits) Focuses on compliance with federal programs requirements and internal control over federal expenditures Forensic (Fraud) Audits Focuses on identification of fraud. Usually, narrowly focuses on specific allegation or suspected fraudulent activity 25

Role of Financial Statement Audit Primarily for an opinion about the fair presentation of the financial statements Provide only reasonable assurance that the financial statements are free from material misstatement, regardless of cause, but reasonable is defined as a high level of assurance However, the role shouldn t be taken for granted, as many analytical relationships among the financial statements, when performed by the auditor, can expose the potential issue 26

Financial Statement Audits Only a small percentage of fraud detected by financial statement audit Financial statement audits are not fraud or forensic audits Objective is issuing an opinion of financial statements The auditor s report only gives reasonable assurance that there are no material misstatements in the financial statements Auditors are not required to detect fraud 27

Financial Statement Audits (Cont.) Auditor s consideration of fraud risk is limited to material misstatements in the financial statements Auditors obtain an understanding of internal control over financial reporting when planning the audit A financial statement audit can provide valuable insight into adequacy of internal controls Control weaknesses could be key indicator of a fraud opportunity Auditors must exercise professional skepticism during the audit 28

DATA MINING

Data Mining Basics Reasons for Using Challenges Process Basic Data Analysis Techniques 30

Data Mining - Basics Data analysis can be used to search for patterns, anomalies and trends which may indicate potential error or fraud Data analysis tools can be used as part of a governments monitoring component of internal controls Data analysis allows for the evaluation of large amounts of data (big data) Big data is defined by Merriam-Webster as an accumulation of data that is too large and complex for processing by traditional database management tools 31

Data Mining - Basics Big data associated terms; Volume amount of data Velocity speed of information generated and flowing into an entity Variety types and sources of data available Veracity/Value is the data useful for the purpose intended and what are the potential pitfalls of the data that might impact its usefulness Volatility how long is the data valid for, where and in what form should it be stored. When does it become obsolete for its intended use 32

Data Mining - Basics Forms of data; Structured data generally found in a data base, consists of a form that is usable and its form is predictable. Common example would be data in your financial accounting program such as utility billing, accounts payable, check registers, general ledger Unstructured data not found in traditional data bases. Examples include vendor invoices, emails, social media, internet 33

Data Mining - Basics Data analysis software; IDEA ACL ActiveData for Excel AutoAudit SNAP Reporter 34

Data Mining Reasons for Using Due to the volume of data. Manually reviewing all documents is inefficient and time consuming Data mining allows for the examination of millions of records quickly, easily, and efficiently Data extraction and analysis software assists by highlighting individual transactions that have characteristics identified by the user as an anomaly Data analytics software allows the user the ability to analyze data from previous years, compare data from different locations, and perform continuous monitoring 35

Data Mining Challanges Poorly defined scope Problems in obtaining data Manually maintained data False positives Failing to ensure data integrity Misinterpretation of results Improper data extraction Software costs Internal resources Buy in 36

Data Mining Process Data analysis involves running targeted tests on data to identify anomalies, the process includes four phases: 1. Planning 2. Preparation 3. Testing and interpretation 4. Post-analysis 37

Data Mining Process Planning Phase: 1. Understand/Identify the data to be mined/analyzed 2. Develop procedures and objectives 3. Evaluate the related process and identify risk 4. Develop the criteria for exceptions 38

Data Mining Process Preparation Phase: 1. Identify the relevant data. Data bases have many fields determine which ones will be required to properly perform the analysis 2. Obtain the data 3. Verify the data completeness and competence 4. Cleanse and normalize obtain uniformity for ease of analysis 39

Data Mining Process Testing and Interpretation: 1. Perform various data analysis techniques and identify anomalies 2. Investigate anomalies and determine; false positives, exceptions, errors, etc. 3. Report summarize results as necessary 40

Data Mining Process Post-analysis: 1. Respond to findings 2. Identification of improvements 3. Implementation of improvements 4. Review process for improvements 41

Data Mining Basic Techniques There are a number of basic tests that can be used on data to detect anomalies in a data base. The use of a particular technique can vary depending on the identified potential anomaly identified in the planning phase. Often to perform a proper analysis a combination of techniques are utilized. 42

Data Mining Basic Techniques Applying filters Gap detection Duplicate identification Data sorting Joining and matching Round dollar amounts Identification of amounts below a threshold Identification of unusual times and dates 43

Data Mining Basic Techniques Applying Filters A filter identifies only those records meeting userdefined criteria. After obtaining an overview of the data, the user can drill down into the details by specifying criteria to isolate certain records for review. The use of display criteria can focus attention on transactions outside of the ordinary and reduce review (and processing) time. The criteria can be used singly or in combination. 44

Data Mining Basic Techniques GAP Detection Search for missing items in a series or sequence of consecutive numbers. Completeness of the data is important in data analysis, it can also be an indicator of anomalies in data base. When searching a data base, identifying what is not there can often be as important as identifying what is there. Users should look for expected items to ensure they exist and investigate further if there is missing data. Some examples of data sets where this tool is useful include check numbers, purchase order numbers, and inventory tags. 45

Data Mining Basic Techniques Duplicate Identification Looking for unexpected duplicates in a data set is another way to uncover red flags. This technique can quickly review the file, or several files joined together, to highlight duplicate values of key fields. In many systems, the key fields should contain only unique values (no duplicate records). Although not necessarily proof of an issue, the presence of duplicate check numbers, direct deposit numbers, invoices, vendor names, and other data often merits further analysis. 46

Data Mining Basic Techniques Duplicate Identification (cont.) Duplicate transactions are not necessarily indications of problems with data completeness. There may be a valid reason for the duplicate records. Determining if a duplicate is an issue requires a sound understanding of the data is necessary before drawing conclusions. Ex. - two different payments coded to the same invoice number is a red flag that perhaps one invoice was paid twice. However, a reasonable explanation for this finding would be that the invoice was paid in two partial payments. 47

Data Mining Basic Techniques Data Sorting Sorting arranges the data in a file in ascending or descending order based on one or more specified key fields. Commands can arrange information on any number of key fields quickly and easily. However, unusual transactions can be found simply by sorting on a field, such as the date or account number. 48

Data Mining Basic Techniques Data Sorting Often, irregularities in the records are identified at the beginning or end of a sorted file. For example an inventory listing by acquisition date, might reveal obsolete inventory. Other irregularities to look for include: Values outside of the normal range for the field Character data in numeric fields (or vice versa) Records with blank field values Payee or vendor names starting with blanks or unusual characters 49

Data Mining Basic Techniques Joining and Matching Combining two to different data bases into one file can potentially identify anomalies which would require further analysis. Once the two files are combined the user must define a relationship, and compare and contrast the data. 50

Data Mining Basic Techniques Round Dollar Amounts Intentional errors often occur in round-dollar amounts. Often these amounts occur for the same amount and on a regular basis. Searching for these types of transactions can potentially uncover fraud 51

Data Mining Basic Techniques Amounts Below Thresholds Most governments have policies that disbursement amounts above a certain threshold require special consideration. For example, checks greater than $1,000 might require two signatures, or invoices greater than $15,000 might require three phone quotes Employees are aware of these thresholds and may try to circumvent them by keeping activities below these thresholds. 52

Data Mining Basic Techniques Unusual Dates and Times Most governments have normal working hours. Often fraud or errors can occur or corrections made during off hours. In considering off hours/days also consider breaks, early and late work day times. If an organization allows remote access consider evaluating what type of activity is occurring through that process as well. 53

RED FLAGS AND DATA MINING

Data Mining Billing Red Flags Red Flag Incomplete vendor information Vendor address not a business address Duplicate Payments Invoice payment unusually quick Excessive purchases of a particular item Technique Data Sorting Joining and matching Duplicate identification Applying filters 55

Data Mining Check Tampering Red Flags Red Flag Out-of-range checks Non-payroll checks to employees Round dollar amount Excessive void checks Excessive manual checks Technique Data Sorting Joining and matching Gap detection Applying filters Round dollar amounts 56

Data Mining Payroll Red Flags Red Flag Multiple employees using same bank accounts Payroll checks paid to employees not in employee master file Pay rate variance between payroll register and employee file Unsupported adjustments to gross or net pay Multiple payments to employee in one pay period Technique Data Sorting Joining and matching Applying filters Round dollar amounts 57

Data Mining Procurement Red Flags Red Flag Sequential purchase orders or invoices under competitive bidding limits Excessive change orders by vendor Vendor payments just under approval limits Payments to vendors not on approved vendor list Vendor payments posted to incorrect expenditure/expense account Technique Data Sorting Joining and matching Applying filters Identification of amounts below threshold Identification of unusual times and dates 58

SINGLE AUDIT UPDATE UNIFORM GUIDANCE OVERVIEW

Single Audit Update Overview of Uniform Guidance (UG) UG - Single Audit Changes UG - Impact on Auditee and Auditor UG - Focus on Internal Controls FL Single Audit and AG Findings FEMA 60

UG Components Subpart A - 200.0 Acronyms and Definitions Subpart B - 200.100 General Provisions Subpart C - 200.200 Pre-Award Federal Requirements and Contents of Federal Awards Subpart D - 200.300 Post Federal Award Requirements Subpart E - 200.400 Cost Principles Subpart F - 200.500 Audit Requirements 61

UG Appendices Appendix I - Full Text of Notice of Funding Opportunity Appendix II - Contract Provisions for Non-Federal Entity Contracts under Federal Awards Appendix III - Indirect Cost Procedures Educational Institutions (IHEs) Appendix IV - Cost Identification and Assignment, and Rate Determination for NFPs Appendix V - S&LG, Indian Tribes - Wide Central Service Cost Allocation Plans 62

UG Appendices (Cont.) Appendix VI - Public Assistance Cost Allocation Plans Appendix VII - S&LG and Indian Tribe Indirect Cost Proposals Appendix VIII - NFPs Exempted from Subpart E - Cost Principles Appendix IX - Hospital Cost Principles Appendix X - Data Collection Form Appendix XI - Compliance Supplement 63

Regulatory Changes - Part D Post Award Awarded entity responsible for implementing and maintaining effective internal control (utilizing Green Book model) (200.303 (a)) Awarded entity to comply, evaluate, monitor and take prompt corrective action related to compliance with federal statutes, regulations, and grant agreements (200.303 (b), (c), (d)) Awarded entity to take reasonable measures to safeguard PPI (200.303 (e)) 64

UG IMPACT ON SINGLE AUDITS

Basic Structure of Single Audit Process Unchanged Audit threshold (200.501) Subrecipient vs. Contractor (200.501(f) & 200.330) Biennial (200.504) & Program-specific (200.507) audits Non-federal entity selects auditor (200.509) Auditee prepares financial statements & SEFA (200.510) Audit follow-up & corrective action (200.511 & 200.521) 9 month due date (set in law) (200.512(a)) Reporting to Federal Audit Clearinghouse (200.512) Major programs determined based on risk (200.518) Compliance Supplement overall format 66

Single Audit Changes Increase audit threshold from $500,000 to $750,000 Expected to reduce burden on 5,000 non-federal entities Maintains coverage of more than 99% of federal grant funds currently covered 67

Single Audit Changes (Cont.) Increase minimum threshold for Type A programs from $300,000 to $750,000 Utilize table format for ease of comprehension Federal Awards Expended $750,000 less than equal to $25 million $750,000 Type A/B Threshold Exceed $25 million less than equal to $100 million Amt. of Federal Awards times.03 Exceed $100 million less than equal to $1 billion $3 million Exceed $1 billion less than equal to $10 billion Amt. of Federal Awards times.003 Exceed $10 billion less than equal to $20 billion $30 million Exceed $20 billion Amt. of Federal Awards times.0015 68

Single Audit Changes (Cont.) Audit Coverage Rule If auditee meets criteria in 200.520 (low risk), all major programs in aggregate must cover at least 20% of federal awards. Reduced from 25%. If auditee does not meet criteria in 200.520 (low risk), all major programs in aggregate must cover at least 40% of federal awards. Reduced from 50%. Focus continues to be on highest risk programs 69

Single Audit Changes (Cont.) As in UG, auditee will qualify as low risk only for each of the preceding two audit periods: Single audits were performed on an annual basis and DCF and reporting package were submitted timely (200.512) Opinions on F/S and SEFA were unmodified No material weaknesses in internal control under GAGAS No audit findings for Type A programs that either were material weaknesses in internal control, resulted in modified opinion on a major program, or had known or likely questioned costs that exceeded 5% of program expenditures 70

Single Audit Changes (Cont.) Auditor Type B Program Analysis Identify Type B programs which are high risk using professional judgment and criteria in 200.519 Expected to perform risk assessment of Type B programs that exceed 25% of the Type A threshold (previously stepped approach) (ex., $750k *.25 = $187,500) Continues to encourage utilization of an assessment of risk that would result in different Type B programs to be audited over a period of time 71

Single Audit Changes (Cont.) Findings and Questioned Costs Must report known or questioned costs that are greater than $25,000 (increase from $10,000) Continued emphasis on findings, including detail with specifics to allow auditee to prepare the appropriate corrective action plan Continued emphasis on identification of prior findings, including updates and details as to why finding is not corrected, if applicable 72

Changes to Major Program Determination As in UG, Type A programs will be designated as low risk only if: In the most recent period, the program received an unmodified opinion; No material weakness in internal controls were reported; and There were no questioned costs exceeding 5% of program expenditures The program must have been audited as major in at least one of the two most recent audit periods 73

Changes to Major Program Determination (Cont.) Reduce the number of Type B programs that must be tested as major from at least one-half (1/2) to at least one-fourth (1/4) of the number of low-risk Type A programs identified Continues to allow the auditor to stop the risk assessment process at this point 74

Designation of Agency Officials Single Audit Accountable Official - Official responsible for ensuring the agency is in compliance with all audit requirements and improving effectiveness of agency s use of single audits Single Audit Liaison - Official serving as agency s point of contact for the single audit process. Appointed by the Single Audit Accountable Official 75

UG AUDITEE AND AUDITOR IMPACT

Auditee and Auditor Impact Important aspects of UG that impact auditees and the Single Audit process related to federal awards: UG - not just an auditor responsibility Financial Management System Procurement Cost Principles - Personal and Indirect Costs Subrecipients and related monitoring Internal Controls 77

Grant Process Narrative Internal Controls over Grants - General In addition to controls over compliance for major programs, auditees should maintain a narrative of internal controls for overall grant management Grant process narrative should include the following: o Key Personnel o IT Systems o Major Classes of Transactions o Information/Work Flow o Risks Inherent in the Process o Key Grant Controls 78

Scope of Audit under Uniform Guidance Pursuant to Section 200.514 General Must be conducted in accordance with GAGAS Must cover entire operations of the auditee Must encompass financial statements and SEFA F/S and SEFA must be for the same period 79

Scope of Audit under Uniform Guidance (Cont.) Financial Statements Must determine if F/S are presented fairly in accordance with GAAP Must determine if SEFA is stated fairly in relation to the F/S as a whole 80

Scope of Audit under Uniform Guidance (Cont.) Internal Controls (in addition to GAGAS) Auditor must obtain understanding of internal control over federal programs to support a low assessed level of control risk of noncompliance for major programs If controls are effective, auditor must plan the testing of internal control over compliance for major programs to support a low assessed level of control risk for the assertions relevant to the compliance requirements for each major program 81

Scope of Audit under Uniform Guidance (Cont.) Internal Controls (in addition to GAGAS) Auditor must perform testing of internal control as planned If internal control likely to be ineffective, the Auditor must report a significant deficiency or material weakness, assess the control risk at maximum, and consider whether additional compliance tests are required 82

Scope of Audit under Uniform Guidance (Cont.) Compliance (in addition to GAGAS) Auditor must determine whether the auditee has complied with federal statutes, regulations, and the terms and conditions of federal awards that may have a direct and material effect on each of its major programs Auditor must determine the current compliance requirements and modify audit procedures accordingly 83

Scope of Audit under Uniform Guidance (Cont.) Compliance (in addition to GAGAS) For federal programs not included in the Compliance Supplement, the Auditor must follow the Compliance Supplement s guidance for programs not included in the supplement Compliance testing must include tests of transactions and such other auditing procedures necessary to provide the Auditor sufficient audit evidence to support an opinion on compliance 84

Scope of Audit under Uniform Guidance (Cont.) Audit follow-up Auditor must follow-up on prior audit findings, perform procedures to assess the reasonableness of the summary schedule of prior audit findings, and report, as a current year audit finding, if the auditee materially mispresented the status of the prior audit finding Auditor must perform follow-up procedures regardless of whether a prior audit finding relates to a major program in the current year 85

Scope of Audit under Uniform Guidance (Cont.) Data Collection Form Auditor must complete and sign specified sections of the Data Collection Form 86

Scope of Audit under Uniform Guidance (Cont.) Audit Documentation - General SEFA (reconciled to G/L, accounting records) Determination of major programs o Including low-risk Type A assessments and high-risk Type B assessments 2017 Compliance Supplement, including matrix Audit programs and SEFA disclosure checklist Grant Process Narrative Sampling documentation 87

Scope of Audit under Uniform Guidance (Cont.) Audit Documentation - Each Major Program All grant agreements with expenditures Compliance Supplement specific to the program Auditee worksheet to identify applicable grant requirements and responsible personnel Populations for sample selection that reconcile to SEFA 88

Scope of Audit under Uniform Guidance (Cont.) Audit Documentation - Each Major Program Risk assessment for compliance requirements Understanding of internal control over compliance, including identification of key internal controls for each direct and material compliance requirement Testing procedures that incorporate previously identified key internal controls for each direct and material compliance requirement 89

UG - INTERNAL CONTROLS

UG Definitions - Internal Controls Section 200.61 - Internal controls (IC) means a process, implemented by a non-federal entity, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: (a) Effectiveness and efficiency of operations (b) Reliability of reporting for internal and external use (c) Compliance with applicable laws and regulations 91

UG Definitions - Internal Controls (Cont.) Section 200.62 - IC over compliance requirements for federal awards means a process implemented by a nonfederal entity designed to provide reasonable assurance that transactions are properly reported and accounted for in order to: Properly prepare financial statements and federal reports Maintain accountability over assets Demonstrate compliance with applicable statutes, regulations, and award terms and conditions Ensure funds, property, and other assets are safeguarded against loss from unauthorized use or disposition 92

Part D Post Award - Internal Controls Section 200.303 - The non-federal entity must: establish and maintain effective internal control over the federal award that provides reasonable assurance that the nonfederal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should (best practice) be in compliance with guidance in Standards for Internal Control in the Federal Government issued by the Comptroller General of the United States or the Internal Control Integrated Framework issued by COSO. 93

Impact - Internal Controls General notes about Internal Controls: Provide reasonable assurance that objectives are met Procedures must be documented Manuals Written Procedures Management is responsible for Developing Documenting Implementing Monitoring 94

Standards: COSO vs. Green Book Component COSO Green Book Control Environment Risk Assessment Control Activities Information & Communication Monitoring 5 Principles 20 Points of Focus 4 Principles 27 Points of Focus 3 Principles 16 Points of Focus 3 Principles 14 Points of Focus 2 Principles 10 Points of Focus 5 Principles 13 Attributes 4 Principles 10 Attributes 3 Principles 11 Attributes 3 Principles 7 Attributes 2 Principles 6 Attributes Note: GAO combined COSO s points of focus into attributes 95

Example - Activities Allowed or Unallowed; Allowable Costs/Cost Principles Component Control Activities Control Environment Management sets reasonable budgets, enforces appropriate penalties for misuse of funds, and provides personnel approving expenditures with cost principles for allowable and unallowable expenditures. 96

Example - Activities Allowed or Unallowed; Allowable Costs/Cost Principles (Cont.) Component Control Activities Risk Assessment Key manager has a sufficient understanding of staff, processes, and controls to identify where unallowable activities or costs could be charged to a federal program and not be detected. Key manager reviews staffing and processes on a regular basis. 97

Example - Activities Allowed or Unallowed; Allowable Costs/Cost Principles (Cont.) Component Control Activities Control Activities Accountability provided for charges and costs between federal and non-federal activities. Process in place for timely updating of procedures for changes in activities allowed and cost principles. Computations checked for accuracy. Supporting documentation compared to OMB A-87 of allowable and unallowable expenditures. Adjustments to unallowable costs made, where appropriate, and follow-up action taken to determine the cause. Adequate segregation of duties in review and authorization of costs. Accountability for authorization-by program or department-is fixed in an individual who is knowledgeable of the requirements for determining activities allowed and allowable costs. 98

Example - Activities Allowed or Unallowed; Allowable Costs/Cost Principles (Cont.) Component Information and Communication Control Activities Reports, such as a comparison of budget to actual, provided to appropriate management for review on a timely basis. Establishment of internal and external communication channels on activities and costs allowed, and follow grant budget. Training programs, both formal and informal, provide knowledge and skills necessary to determine activities and costs allowed. Interaction between management and staff regarding questionable costs. Grant agreements (including referenced program laws, regulations, handbooks, etc.) and cost principles circulars available to staff responsible for determining activities allowed and allowable costs under federal awards. 99

Example - Activities Allowed or Unallowed; Allowable Costs/Cost Principles (Cont.) Component Control Activities Monitoring Management reviews supporting documentation of allowable cost information. Flow of information from federal agency to appropriate management personnel. Comparisons made with budget and expectations of allowable costs. Analytic reviews (e.g., comparison of budget to actual or prior year to current year) and audits performed. 100

FLORIDA SINGLE AUDIT UPDATE AND AG FINDINGS

Florida Single Audit Update Chapter 10.550 - Local Government Chapter 10.650 - For Profit and NFP Chapter 10.800 - District School Boards Chapter 10.850 - Charter Schools Link to website - http://www.myflorida.com/audgen/ 102

Florida Single Audit Update (Cont.) Increase threshold from $500,000 to $750,000 in line with UG Increased reporting of questioned costs from $10,000 to $25,000 in line with UG For NFP and For Profit applicable for FY ended July 1, 2016 and thereafter Local Governments for FY ended September 30, 2016 and thereafter 103

Florida AG Findings Obtained from Report No. 2017-180 Issued March 2017 State of Florida - Single Audit Report (SFQC) Selected findings that could be found in local entity reports Provided for information and consideration purposes 104

Florida AG Findings Procedures were not adequate to ensure that subrecipient audit reports were obtained and reviewed for all subrecipients and subrecipient deficiencies were timely followed up on. Data reported on quarterly Federal Financial Reports (FFRs) was not always accurate, complete, or adequately supported. Federal matching requirements not met and amounts were incorrectly reported. 105

Florida AG Findings Prior to awarding contracts, grantee did not always obtain conflict-of-interest forms from employees taking part in contract procurement activities. Grantee did not maintain appropriate records to support the salary and benefit costs for employees paid solely from program. Grantee did not always limit federal funds draws to amounts needed for immediate cash needs. 106

HHS/FEMA GRANT 97.036

FEMA GRANT - 97.036 General Information Funds received following a Presidential declaration of a major disaster Assistance provided for debris removal, emergency protective measures, and the restoration of disasterdamaged, publically owned facilities The state generally acts as grantee for the program and is responsible for providing technical advice and assistance to the local governments 108

FEMA GRANT - 97.036 General Information (Cont.) Program awards are based upon a Project Worksheet (PW) PWs are prepared by a project formulation team, which generally consists of representatives from FEMA, the state and local government The PW documents the project formulation team s determination of the eligible scope of work and cost estimate Each PW has a control number and supplemental PWs will reference the original PW 109

FEMA GRANT - 97.036 General Information (Cont.) Accelerated debris removal - to incentivize, FEMA offers a sliding scale for cost-sharing of debris removal The scale is 85% cost share for 1-30 days, 80% for 31-90 days and 75% for 91-180 days Unless FEMA authorizes an extension, no federal dollars will be provided for debris removal after 180 days 110

FEMA GRANT - 97.036 General Information (Cont.) Record expenditures on the SEFA when: 1. FEMA has approved the non-federal entity s PW, and 2. The non-federal entity has incurred the eligible expenditures. Federal awards expended in years subsequent to the fiscal year in which the PW is approved are to be recorded on the non-federal entity s SEFA in those subsequent years. 111

FEMA GRANT - 97.036 General Information (Cont.) Example: 1. FEMA approves the PW in fiscal year 2017 and eligible expenditures are incurred in the non-federal entity s fiscal year 2018; record the eligible expenditures in its fiscal year 2018 SEFA. 2. Eligible expenditures incurred in fiscal year 2017 and FEMA approves the PW in fiscal year 2018; record the eligible expenditures in fiscal year 2018 SEFA with a footnote that discloses the amount included on the SEFA that was incurred in a prior year. 112

Questions or Comments

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback