what is single audit? - home | the university of texas at austin

4/13/11

1

County Auditors Institute Single Audit Overview

Julia Petty, Deloitte & Touche LLP May 2011

Copyright © 2009 Deloitte Development LLC. All rights reserved.

What is Single Audit?

Impact of ARRA

Planning

Controls & Compliance

Sampling

Reporting

Agenda

What is Single Audit?

4/13/11

2


Single audit means an audit which includes both the entity's financial statements and the Federal awards conducted in accordance with generally accepted government auditing standards (GAGAS) *

* Excerpted from OMB Circular A-133

What is a “single audit”?


Non-Federal entities that expend $500,000 or more in a year in Federal awards shall have a single audit conducted for that year *

In Texas, we have a parallel “state” single audit for expenditures of state awards, which is applicable to all entities except school districts

* Excerpted from OMB Circular A-133

Single Audit


Grants

Loans

Loan guarantees*

Property

Cooperative agreements

Interest subsidies

Insurance

Food commodities*

Direct appropriations

Cost-reimbursement contracts - Received directly from Federal awarding agencies or indirectly from pass-through entities

* REMEMBER TO LOOK FOR NON-CASH PROGRAMS. THEY ARE OFTEN OVERLOOKED!

Types of Federal Awards

4/13/11

3


SEFA

The Schedule of Expenditures of Federal Awards (SEFA) details all federal awards expended during the fiscal year

•  Prepared by client •  Used to determine major programs •  Be sure it reconciles to financial statements


OMB Circular A-133 •  Federal guidance that sets forth standards for obtaining consistency and

uniformity among Federal agencies for the entities expending Federal awards

•  www.whitehouse.gov/sites/default/files/omb/assets/a133/a133_revised_2007.pdf

A-133 Compliance Supplement •  An appendix to A-133, updated annually, that sets forth specific audit

guidance for individual grants and programs •  Make sure you use the correct compliance supplement when performing

the single audit (latest one issued in June 2010) •  www.whitehouse.gov/omb/circulars/a133_compliance_supplement_2010

Grantors’ Websites

Guidance for Compliance Audits


Yellow Book (Generally Accepted Government Auditing Standards) •  Professional standards and guidance that provide a framework for

conducting high quality government audits and attestation engagements with competence, integrity, objectivity, and independence

•  For use by auditors of government entities and entities that receive government awards and audit organizations performing GAGAS audits and attestation engagements

•  Contains requirements and guidance dealing with: –  Ethics –  Independence –  Auditors' professional competence and judgment –  Quality control –  Performance of field work –  Reporting

•  http://www.gao.gov/new.items/d07731g.pdf

Guidance for Compliance Audits

4/13/11

4

Impact of ARRA on Single Audits


What is ARRA?

•  The American Recovery and Reinvestment Act of 2009

•  Legislation was passed in February 2009; significant impact expected for 2010 and 2011 year-end audits

•  Accountability and transparency are key features of the new law

– QCRs are built into the OMB guidance – results placed on Recovery.gov

–  Auditees significantly affected by Section 1512 reporting –  New body, Recovery Act Transparency Board (RATB), monitoring

activity and looking for fraud, waste and abuse – Much more interest in single audits by federal agencies and Congress

Impact of ARRA


Identification of ARRA funding

•  Direct receipts will be provided in a separate award document, but pass-through receipts may not be

•  Look for: –  New CFDA #’s –  Federal award terms stating that a program is ARRA funded –  Federal award terms requiring separate SEFA presentation

Impact of ARRA

4/13/11

5


Presentation of ARRA Funding

•  Separate presentation on SEFA –  Even if awarded under a previous CFDA # –  New level of detail required for R&D grants

•  Separate presentation on the Data Collection Form (DCF)

Impact of ARRA


Impact on Single Audits for periods ending on or after June 30, 2010

•  Low-risk auditee status –  Report submissions to the FAC must have been made by the due

date (no extensions) for the prior two audits

•  Major program determination –  Any program with ARRA expenditures does not qualify as low-risk

Type A •  Even a de minimus amount of ARRA expenditures would not support a low-

risk determination •  Clusters of programs with a new ARRA CFDA number added during the

current year should be considered a new program and would not qualify as low-risk Type A (i.e. the 3 year rotation plan does not apply)

Impact of ARRA


•  Exception to high-risk rule for ARRA programs –  A Type A program or cluster may be considered low-risk if ALL of the

following conditions are met: 1.  Program of cluster had ARRA expenditures in the prior audit

period 2.  Program or cluster was audited as a major program in the prior

audit period 3.  ARRA expenditures in the current audit period are less than 20%

of the total program or cluster expenditures, and 4.  Program or cluster is otherwise low-risk in accordance with

Section 520(c) and 525 of Circular A-133

Impact of ARRA

4/13/11

6


•  Impact on Type B program risk assessment –  All Type B programs and clusters with expenditures of ARRA awards

are considered higher risk in accordance with Section 525(d) of Circular A-133

–  The presumption is that Type B programs or clusters with ARRA expenditures would be audited as major programs when applying the provisions of Section 520(e)(2)

–  However, auditors are not precluded from selecting an especially risky Type B program that does not contain ARRA expenditures in lieu of a Type B program with ARRA expenditures

–  The Type B risk assessment floor still applies, regardless of ARRA funding

Impact of ARRA


ARRA programs not subject to A-133:

•  Build America Bonds –  Subsidy payment should not be included on the SEFA and therefore

not included in the scope of the single audit

•  COBRA –  Tax credits to employers should not be presented by auditees on the

SEFA, and they should not be included in the scope of the single audit

Impact of ARRA

Single Audit Planning

4/13/11

7


Determination of Low Risk Auditee •  Unqualified opinions on financial statements and Schedule

of Expenditures of Federal Awards in previous year •  No Material weakness in internal control •  No Material noncompliance with laws and regulations •  No Known or likely questioned costs exceeding 5% of total

program expenditures in a Type A program;

Planning


Identifying Major Programs •  Type A vs. Type B Programs – based on program risk, $

threshold and programs audited in previous years – Must cover a certain % of total amount spent – either 25% or 50%

depending on low-risk auditee status –  3 year rotation for Type A programs –  Threshold is based on total amount spent

•  Type A programs with ARRA funding must be selected

•  Keep in mind program clusters – see Part 5 of the Compliance Supplement

Planning

Controls & Compliance

4/13/11

8


1.  Activities Allowed or Unallowed

2.  Allowable Cost/Cost Principles

3.  Cash management - When entities are funded on a reimbursement basis, program costs must be paid for by entity funds before reimbursement is requested from the Federal Government. When funds are advanced, recipients must follow procedures to minimize the time elapsing between the transfer of funds from the U.S. Treasury and disbursement.

4.  Davis-Bacon Act - All laborers and mechanics employed by contractors or subcontractors to work on construction contracts in excess of $2,000 financed by Federal assistance funds must be paid wages not less than those established for the locality of the project (prevailing wage rates) by the Department of Labor.

5.  Eligibility – Some programs limit the individuals, groups of individuals, or subrecipients that can participate in the program and the amounts for which they qualify.

The 14 Compliance Requirements


6.  Equipment and Real Property Management – The government must use, manage, and dispose of equipment acquired under a Federal grant in accordance with applicable laws and procedures.

7.  Matching, Level of Effort, Earmarking: •  Matching includes requirements to provide contributions (usually non-

Federal) of a specified amount or percentage to match Federal awards.

•  Level of effort includes requirements for (a) a specified level of service to be provided from period to period, (b) a specified level of expenditures from non-Federal or Federal sources for specified activities to be maintained from period to period, and (c) Federal funds to supplement and not supplant non-Federal funding of services.

•  Earmarking includes requirements that specify the minimum and/or maximum amount or percentage of the program’s funding that must/may be used for specified activities.



8.  Period of Availability of Federal Funds - Federal awards may specify a time period during which the non-Federal entity may use the Federal funds.

9.  Procurement and Suspension and Debarment: •  Procurement - States, and governmental subrecipients of States, shall

use the same State policies and procedures used for procurements from non-Federal funds.

•  Suspension & Debarment - Non-Federal entities are prohibited from contracting with or making subawards under covered transactions to parties that are suspended or debarred or whose principals are suspended or debarred.

12. Program Income - Program income may be used in one of three methods: deducted from outlays, added to the project budget, or used to meet matching requirements.


4/13/11

9


11. Real Property Acquisition and Relocation Assistance - Persons displaced by Federally funded projects must receive uniform and equitable replacement assistance for moving-related expenses and reestablishment expenses (for businesses).

12. Reporting: •  Financial Reporting - Each recipient must report program outlays and

program income on a cash or accrual basis, as prescribed by the Federal awarding agency.

•  Performance Reporting - Recipients shall submit performance reports at least annually but not more frequently than quarterly.

•  Special Reporting - Non-Federal entities may be required to submit other reporting which may be used by the Federal agency for such purposes as allocating program funding.

•  Section 1512 ARRA Reporting - Section 1512 of the Recovery Act requires reporting on the use of Recovery Act funding by recipients no later that the 10th day after the end of each calendar quarter (beginning the quarter ending September 30, 2009).



13. Subrecipient Monitoring - A pass-through entity is responsible for: •  Identifying to the subrecipient the Federal award information and

applicable compliance requirements. •  Monitoring the subrecipient’s use of Federal awards to provide reasonable

assurance that the subrecipient administers Federal awards in compliance with laws, regulations, and the provisions of contracts or grant agreements and that performance goals are achieved.

•  Auditing the subrecipient •  Evaluating the impact of subrecipient activities on the pass-through

entity’s ability to comply with applicable Federal regulations.

14. Special Tests and Provisions - Unique to each Federal program


Internal Control Testing

4/13/11

10


Specifically required by GAS and OMB Circular A-133

Obtain an understanding of the entity’s internal controls to support a low assessed level of control risk for major programs;

Plan the testing of internal controls to support a low assessed level of control risk relevant to the compliance requirements for each major federal program;

Perform the testing of internal control as planned, UNLESS, the internal control is likely to be ineffective.

Requirements for Internal Control Testing


For each direct and material compliance control objective, include one or more control activities for each of the 5 COSO requirements.

Ensure that an appropriate number of selections are tested for each control activity

Testing Internal Controls

Compliance Testing

4/13/11

11


Allowable Cost Resources •  A-133 Compliance Supplement •  Notice of Grant Award (NOGA) or Grant Agreement •  OMB Circular A-87 Attachment A – Basic Guidelines for

Allowable Costs •  OMB Circular A-87 Attachment B – Selected Items of Cost •  U.S. General Services Administration (GSA) Domestic Per

Diem Rates •  Federal Awarding Agency and Oversight Agency Websites

Allowable Activities/Allowable Costs Testing


A.  Necessary and reasonable for the proper administration of the program

B.  Allocable to a particular cost objective (e.g., a specific function, program, project, department, or the like) and properly classified and recorded

C.  Authorized or not prohibited under applicable laws or regulations

D.  Conformed to any limitations or exclusions set forth by the Federal awarding agency

E.  Applied uniformly to federal and non-federal activities

F.  Not included as a direct cost of the Federal program if the same or similar costs were allocated as an indirect cost to the same program

Allowable Costs Criteria


G.  Calculated in conformity with GAAP, except as otherwise provided under the applicable OMB circular

H.  Not included as a cost or used to meet cost sharing requirements of other federally-supported activities of the current or a prior period

I.  Net of all applicable credits

J.  Supported by appropriate documentation

K.  For actual costs. (The charges are for actual costs rather than estimated based on budgeted or projected amounts.)

Allowable Costs Criteria

4/13/11

12

Sampling


How does each component maintain internal controls? (independently/centrally)

Considerations for separate populations (e.g., by location, program)

Properly identify the universe of transactions •  Auditor’s opinion is on EACH major program

–  Possible to test across major programs for controls –  Treat each major program as a separate population for compliance testing

Clusters

ARRA vs. Non-ARRA components – may require separate populations if requirements are different

Understand the Population - Components


Required to obtain high assurance (low level of control risk)

•  High level of control assurance: 90-95% confidence level

•  Plan for zero exceptions

•  Take into consideration significance of control and inherent risk of compliance requirement

•  Sampling requires “tolerance” for deviations (5 to 10%)

Control Test Sample Sizes

4/13/11

13


Suggested minimum sample sizes

Populations > 250 items

Control Test Sample Sizes

Significance of Control and Inherent Risk of Compliance Requirement

Minimum Sample Size

(zero deviations planned)

Very Significant / Higher Inherent Risk 60 Very Significant / Limited Inherent Risk

or Moderately Significant / Higher Inherent Risk

40

Moderately Significant / Limited Inherent Risk 25


Significance (all important, but range of significance) –  Higher “what could go wrong” risk or “risk of material noncompliance”

Inherent Risk of Compliance Requirement –  New program with little history of compliance requirements –  Correspondence from grantor indicating noncompliance –  High auditee turn over –  Complex processing (non-routine, judgment, manual intervention) –  New procedure or history of deviations –  Substantial change in procedure from prior period –  Program identified as High Risk by OMB

Significance and Inherent Risk


Compliance Sample Sizes


Populations > 250 items

Desired Level of Assurance (Remaining Risk of Material

Noncompliance)

Minimum Sample Size (zero exceptions

planned) High 60

Moderate 40 Low 25

4/13/11

14


Compliance Sampling Considerations

•  Identify each Direct and Material compliance requirement

•  Design a separate compliance test for each Direct and Material compliance requirement –  Determine the risk of material noncompliance (array of testing prior to

compliance testing with sampling) •  Risk assessment procedures/inherent risk assessment •  Controls testing results—control risk assessment •  Analytical procedures •  Individually important items


Sample Sizes for Small Populations


Populations < 250 items

Rule of thumb for populations between 52 and 250 items – use approximately 10% of population

Frequency (Population Size) Minimum Sample Size Quarterly (4) 2 Monthly (12) 2 – 4

Semimonthly (24) 3 – 8 Weekly (52) 5 – 9


Sampling Method

Random Selection •  all items have equal chance of selection

Haphazard Selection •  not careless, auditors best effort to be random

Systematic Selection •  every Nth item, with a random start

There is no method required to be used; just required to document method

4/13/11

15


Deviations / Exceptions

Controls Testing = Deviation

Compliance Testing = Exception

Evaluate deviations/exceptions: •  Understand the likely cause •  Determine if it should be reported

Evaluation of deviations/exceptions may include: •  Rate •  Systematic nature of the issue •  Pattern relative to past history •  Relationship to other aspects of the audit

Reporting


Three Opinions: •  Report on the financial statements in accordance with GAS •  Report on internal control over financial reporting and compliance and other

matters based on an audit performed in accordance with GAS •  Report on compliance with requirements applicable to each major program and

internal control over compliance in accordance with OMB Circular A-133

Part I - Summary of Auditors’ Results

Part II – Financial Statement Findings: •  All Material Weaknesses and Significant Deficiencies •  Noncompliance with laws and regulations at the financial statement level

Part III – Federal and State Award Findings

Elements of Single Audit Reporting

4/13/11

16


Reportable conditions in internal control over major programs

Material noncompliance with the provisions of laws, regulations, contracts, or grant agreements related to a major program

Known questioned costs: •  When known questioned costs are greater than $10,000 for a type of compliance

requirement for a major program •  When likely questioned costs are greater than $10,000 for a type of compliance

requirement for a major program (not required to report the likely amount)

Known questioned costs which are greater than $10,000 for a Federal program which is not audited as a major program

Audit findings should be presented in sufficient detail for the auditee to prepare a corrective action plan and take corrective action and for Federal agencies and pass-through entities to arrive at a management decision

When to Report a Finding (Part III)


5.  Condition found

6.  Questioned costs

7.  Perspective

8.  Cause

9.  Effect or potential effect

10.  Recommendation to prevent future occurrences

11.  Views of responsible officials

1.  Reference Number

2.  Finding Type •  Compliance requirement •  MW or SD •  Material noncompliance,

noncompliance, or controls

3.  Program(s) affected and related CFDA #

4.  Criteria or specific requirement on which the finding is based

Elements of a Single Audit Finding


Circumstances concerning why the auditor's report on compliance for major programs is anything other than an unqualified opinion

Known fraud affecting a Federal award

Instances where the summary schedule of prior audit findings prepared by the auditee materially misrepresents the status of any prior audit finding

Other Items to be Reported

4/13/11

17


Types of Questioned Costs: •  Unallowable: Not allowed under general and special award

conditions or agency instructions •  Undocumented: Amount charged to grant but lacked

adequate detail •  Unapproved: Not in grant budget or lacks proper approval •  Unreasonable: Not consistent with actions of a prudent

person in the given circumstances

There is no materiality level for questioning a cost, only for reporting questioned costs

What are Questioned Costs?


Includes both current year and uncorrected prior findings

Auditee must provide response(s) and a corrective action plan for each finding

“Corrective Action Plan” must include: •  Name and title of individual responsible for corrective action •  Description of planned corrective action •  Anticipated completion date

Auditor must review before issuance of report

Management’s Corrective Action Plan


Should be provided at the beginning of the subsequent year's audit

Report status of all findings included in the prior year's schedule of findings and questioned costs. •  Fully corrected findings – list and state that corrective action was taken •  Partially corrected findings – describe planned corrective action and any partial

action taken •  Significantly different action from that previously reported – provide an

explanation

Audit findings repeated from multiple years must include the fiscal year in which the finding initially occurred.

Summary Schedule of Prior Audit Findings

4/13/11

18


Data Collection Form (DCF) should be submitted as part of the reporting package

Reporting package includes the basic financial statements, single audit report, and DCF

DCF should be completed by auditee, reconciled to the single audit reports and SEFA, and reviewed by auditor

Filled out, signed and submitted online: http://harvester.census.gov/fac/collect/ddeindex.html

Data Collection Form


Questions?

About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.

Copyright © 2009 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu

what is single audit? - home | the university of texas at austin

Documents