what is single audit? - home | the university of texas at austin
TRANSCRIPT
4/13/11
1
County Auditors Institute Single Audit Overview
Julia Petty, Deloitte & Touche LLP May 2011
Copyright © 2009 Deloitte Development LLC. All rights reserved.
What is Single Audit?
Impact of ARRA
Planning
Controls & Compliance
Sampling
Reporting
Agenda
What is Single Audit?
4/13/11
2
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Single audit means an audit which includes both the entity's financial statements and the Federal awards conducted in accordance with generally accepted government auditing standards (GAGAS) *
* Excerpted from OMB Circular A-133
What is a “single audit”?
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Non-Federal entities that expend $500,000 or more in a year in Federal awards shall have a single audit conducted for that year *
In Texas, we have a parallel “state” single audit for expenditures of state awards, which is applicable to all entities except school districts
* Excerpted from OMB Circular A-133
Single Audit
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Grants
Loans
Loan guarantees*
Property
Cooperative agreements
Interest subsidies
Insurance
Food commodities*
Direct appropriations
Cost-reimbursement contracts - Received directly from Federal awarding agencies or indirectly from pass-through entities
* REMEMBER TO LOOK FOR NON-CASH PROGRAMS. THEY ARE OFTEN OVERLOOKED!
Types of Federal Awards
4/13/11
3
Copyright © 2009 Deloitte Development LLC. All rights reserved.
SEFA
The Schedule of Expenditures of Federal Awards (SEFA) details all federal awards expended during the fiscal year
• Prepared by client • Used to determine major programs • Be sure it reconciles to financial statements
Copyright © 2009 Deloitte Development LLC. All rights reserved.
OMB Circular A-133 • Federal guidance that sets forth standards for obtaining consistency and
uniformity among Federal agencies for the entities expending Federal awards
• www.whitehouse.gov/sites/default/files/omb/assets/a133/a133_revised_2007.pdf
A-133 Compliance Supplement • An appendix to A-133, updated annually, that sets forth specific audit
guidance for individual grants and programs • Make sure you use the correct compliance supplement when performing
the single audit (latest one issued in June 2010) • www.whitehouse.gov/omb/circulars/a133_compliance_supplement_2010
Grantors’ Websites
Guidance for Compliance Audits
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Yellow Book (Generally Accepted Government Auditing Standards) • Professional standards and guidance that provide a framework for
conducting high quality government audits and attestation engagements with competence, integrity, objectivity, and independence
• For use by auditors of government entities and entities that receive government awards and audit organizations performing GAGAS audits and attestation engagements
• Contains requirements and guidance dealing with: – Ethics – Independence – Auditors' professional competence and judgment – Quality control – Performance of field work – Reporting
• http://www.gao.gov/new.items/d07731g.pdf
Guidance for Compliance Audits
4/13/11
4
Impact of ARRA on Single Audits
Copyright © 2009 Deloitte Development LLC. All rights reserved.
What is ARRA?
• The American Recovery and Reinvestment Act of 2009
• Legislation was passed in February 2009; significant impact expected for 2010 and 2011 year-end audits
• Accountability and transparency are key features of the new law
– QCRs are built into the OMB guidance – results placed on Recovery.gov
– Auditees significantly affected by Section 1512 reporting – New body, Recovery Act Transparency Board (RATB), monitoring
activity and looking for fraud, waste and abuse – Much more interest in single audits by federal agencies and Congress
Impact of ARRA
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Identification of ARRA funding
• Direct receipts will be provided in a separate award document, but pass-through receipts may not be
• Look for: – New CFDA #’s – Federal award terms stating that a program is ARRA funded – Federal award terms requiring separate SEFA presentation
Impact of ARRA
4/13/11
5
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Presentation of ARRA Funding
• Separate presentation on SEFA – Even if awarded under a previous CFDA # – New level of detail required for R&D grants
• Separate presentation on the Data Collection Form (DCF)
Impact of ARRA
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Impact on Single Audits for periods ending on or after June 30, 2010
• Low-risk auditee status – Report submissions to the FAC must have been made by the due
date (no extensions) for the prior two audits
• Major program determination – Any program with ARRA expenditures does not qualify as low-risk
Type A • Even a de minimus amount of ARRA expenditures would not support a low-
risk determination • Clusters of programs with a new ARRA CFDA number added during the
current year should be considered a new program and would not qualify as low-risk Type A (i.e. the 3 year rotation plan does not apply)
Impact of ARRA
Copyright © 2009 Deloitte Development LLC. All rights reserved.
• Exception to high-risk rule for ARRA programs – A Type A program or cluster may be considered low-risk if ALL of the
following conditions are met: 1. Program of cluster had ARRA expenditures in the prior audit
period 2. Program or cluster was audited as a major program in the prior
audit period 3. ARRA expenditures in the current audit period are less than 20%
of the total program or cluster expenditures, and 4. Program or cluster is otherwise low-risk in accordance with
Section 520(c) and 525 of Circular A-133
Impact of ARRA
4/13/11
6
Copyright © 2009 Deloitte Development LLC. All rights reserved.
• Impact on Type B program risk assessment – All Type B programs and clusters with expenditures of ARRA awards
are considered higher risk in accordance with Section 525(d) of Circular A-133
– The presumption is that Type B programs or clusters with ARRA expenditures would be audited as major programs when applying the provisions of Section 520(e)(2)
– However, auditors are not precluded from selecting an especially risky Type B program that does not contain ARRA expenditures in lieu of a Type B program with ARRA expenditures
– The Type B risk assessment floor still applies, regardless of ARRA funding
Impact of ARRA
Copyright © 2009 Deloitte Development LLC. All rights reserved.
ARRA programs not subject to A-133:
• Build America Bonds – Subsidy payment should not be included on the SEFA and therefore
not included in the scope of the single audit
• COBRA – Tax credits to employers should not be presented by auditees on the
SEFA, and they should not be included in the scope of the single audit
Impact of ARRA
Single Audit Planning
4/13/11
7
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Determination of Low Risk Auditee • Unqualified opinions on financial statements and Schedule
of Expenditures of Federal Awards in previous year • No Material weakness in internal control • No Material noncompliance with laws and regulations • No Known or likely questioned costs exceeding 5% of total
program expenditures in a Type A program;
Planning
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Identifying Major Programs • Type A vs. Type B Programs – based on program risk, $
threshold and programs audited in previous years – Must cover a certain % of total amount spent – either 25% or 50%
depending on low-risk auditee status – 3 year rotation for Type A programs – Threshold is based on total amount spent
• Type A programs with ARRA funding must be selected
• Keep in mind program clusters – see Part 5 of the Compliance Supplement
Planning
Controls & Compliance
4/13/11
8
Copyright © 2009 Deloitte Development LLC. All rights reserved.
1. Activities Allowed or Unallowed
2. Allowable Cost/Cost Principles
3. Cash management - When entities are funded on a reimbursement basis, program costs must be paid for by entity funds before reimbursement is requested from the Federal Government. When funds are advanced, recipients must follow procedures to minimize the time elapsing between the transfer of funds from the U.S. Treasury and disbursement.
4. Davis-Bacon Act - All laborers and mechanics employed by contractors or subcontractors to work on construction contracts in excess of $2,000 financed by Federal assistance funds must be paid wages not less than those established for the locality of the project (prevailing wage rates) by the Department of Labor.
5. Eligibility – Some programs limit the individuals, groups of individuals, or subrecipients that can participate in the program and the amounts for which they qualify.
The 14 Compliance Requirements
Copyright © 2009 Deloitte Development LLC. All rights reserved.
6. Equipment and Real Property Management – The government must use, manage, and dispose of equipment acquired under a Federal grant in accordance with applicable laws and procedures.
7. Matching, Level of Effort, Earmarking: • Matching includes requirements to provide contributions (usually non-
Federal) of a specified amount or percentage to match Federal awards.
• Level of effort includes requirements for (a) a specified level of service to be provided from period to period, (b) a specified level of expenditures from non-Federal or Federal sources for specified activities to be maintained from period to period, and (c) Federal funds to supplement and not supplant non-Federal funding of services.
• Earmarking includes requirements that specify the minimum and/or maximum amount or percentage of the program’s funding that must/may be used for specified activities.
The 14 Compliance Requirements
Copyright © 2009 Deloitte Development LLC. All rights reserved.
8. Period of Availability of Federal Funds - Federal awards may specify a time period during which the non-Federal entity may use the Federal funds.
9. Procurement and Suspension and Debarment: • Procurement - States, and governmental subrecipients of States, shall
use the same State policies and procedures used for procurements from non-Federal funds.
• Suspension & Debarment - Non-Federal entities are prohibited from contracting with or making subawards under covered transactions to parties that are suspended or debarred or whose principals are suspended or debarred.
12. Program Income - Program income may be used in one of three methods: deducted from outlays, added to the project budget, or used to meet matching requirements.
The 14 Compliance Requirements
4/13/11
9
Copyright © 2009 Deloitte Development LLC. All rights reserved.
11. Real Property Acquisition and Relocation Assistance - Persons displaced by Federally funded projects must receive uniform and equitable replacement assistance for moving-related expenses and reestablishment expenses (for businesses).
12. Reporting: • Financial Reporting - Each recipient must report program outlays and
program income on a cash or accrual basis, as prescribed by the Federal awarding agency.
• Performance Reporting - Recipients shall submit performance reports at least annually but not more frequently than quarterly.
• Special Reporting - Non-Federal entities may be required to submit other reporting which may be used by the Federal agency for such purposes as allocating program funding.
• Section 1512 ARRA Reporting - Section 1512 of the Recovery Act requires reporting on the use of Recovery Act funding by recipients no later that the 10th day after the end of each calendar quarter (beginning the quarter ending September 30, 2009).
The 14 Compliance Requirements
Copyright © 2009 Deloitte Development LLC. All rights reserved.
13. Subrecipient Monitoring - A pass-through entity is responsible for: • Identifying to the subrecipient the Federal award information and
applicable compliance requirements. • Monitoring the subrecipient’s use of Federal awards to provide reasonable
assurance that the subrecipient administers Federal awards in compliance with laws, regulations, and the provisions of contracts or grant agreements and that performance goals are achieved.
• Auditing the subrecipient • Evaluating the impact of subrecipient activities on the pass-through
entity’s ability to comply with applicable Federal regulations.
14. Special Tests and Provisions - Unique to each Federal program
The 14 Compliance Requirements
Internal Control Testing
4/13/11
10
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Specifically required by GAS and OMB Circular A-133
Obtain an understanding of the entity’s internal controls to support a low assessed level of control risk for major programs;
Plan the testing of internal controls to support a low assessed level of control risk relevant to the compliance requirements for each major federal program;
Perform the testing of internal control as planned, UNLESS, the internal control is likely to be ineffective.
Requirements for Internal Control Testing
Copyright © 2009 Deloitte Development LLC. All rights reserved.
For each direct and material compliance control objective, include one or more control activities for each of the 5 COSO requirements.
Ensure that an appropriate number of selections are tested for each control activity
Testing Internal Controls
Compliance Testing
4/13/11
11
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Allowable Cost Resources • A-133 Compliance Supplement • Notice of Grant Award (NOGA) or Grant Agreement • OMB Circular A-87 Attachment A – Basic Guidelines for
Allowable Costs • OMB Circular A-87 Attachment B – Selected Items of Cost • U.S. General Services Administration (GSA) Domestic Per
Diem Rates • Federal Awarding Agency and Oversight Agency Websites
Allowable Activities/Allowable Costs Testing
Copyright © 2009 Deloitte Development LLC. All rights reserved.
A. Necessary and reasonable for the proper administration of the program
B. Allocable to a particular cost objective (e.g., a specific function, program, project, department, or the like) and properly classified and recorded
C. Authorized or not prohibited under applicable laws or regulations
D. Conformed to any limitations or exclusions set forth by the Federal awarding agency
E. Applied uniformly to federal and non-federal activities
F. Not included as a direct cost of the Federal program if the same or similar costs were allocated as an indirect cost to the same program
Allowable Costs Criteria
Copyright © 2009 Deloitte Development LLC. All rights reserved.
G. Calculated in conformity with GAAP, except as otherwise provided under the applicable OMB circular
H. Not included as a cost or used to meet cost sharing requirements of other federally-supported activities of the current or a prior period
I. Net of all applicable credits
J. Supported by appropriate documentation
K. For actual costs. (The charges are for actual costs rather than estimated based on budgeted or projected amounts.)
Allowable Costs Criteria
4/13/11
12
Sampling
Copyright © 2009 Deloitte Development LLC. All rights reserved.
How does each component maintain internal controls? (independently/centrally)
Considerations for separate populations (e.g., by location, program)
Properly identify the universe of transactions • Auditor’s opinion is on EACH major program
– Possible to test across major programs for controls – Treat each major program as a separate population for compliance testing
Clusters
ARRA vs. Non-ARRA components – may require separate populations if requirements are different
Understand the Population - Components
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Required to obtain high assurance (low level of control risk)
• High level of control assurance: 90-95% confidence level
• Plan for zero exceptions
• Take into consideration significance of control and inherent risk of compliance requirement
• Sampling requires “tolerance” for deviations (5 to 10%)
Control Test Sample Sizes
4/13/11
13
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Suggested minimum sample sizes
Populations > 250 items
Control Test Sample Sizes
Significance of Control and Inherent Risk of Compliance Requirement
Minimum Sample Size
(zero deviations planned)
Very Significant / Higher Inherent Risk 60 Very Significant / Limited Inherent Risk
or Moderately Significant / Higher Inherent Risk
40
Moderately Significant / Limited Inherent Risk 25
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Significance (all important, but range of significance) – Higher “what could go wrong” risk or “risk of material noncompliance”
Inherent Risk of Compliance Requirement – New program with little history of compliance requirements – Correspondence from grantor indicating noncompliance – High auditee turn over – Complex processing (non-routine, judgment, manual intervention) – New procedure or history of deviations – Substantial change in procedure from prior period – Program identified as High Risk by OMB
Significance and Inherent Risk
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Compliance Sample Sizes
Suggested minimum sample sizes
Populations > 250 items
Desired Level of Assurance (Remaining Risk of Material
Noncompliance)
Minimum Sample Size (zero exceptions
planned) High 60
Moderate 40 Low 25
4/13/11
14
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Compliance Sampling Considerations
• Identify each Direct and Material compliance requirement
• Design a separate compliance test for each Direct and Material compliance requirement – Determine the risk of material noncompliance (array of testing prior to
compliance testing with sampling) • Risk assessment procedures/inherent risk assessment • Controls testing results—control risk assessment • Analytical procedures • Individually important items
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Sample Sizes for Small Populations
Suggested minimum sample sizes
Populations < 250 items
Rule of thumb for populations between 52 and 250 items – use approximately 10% of population
Frequency (Population Size) Minimum Sample Size Quarterly (4) 2 Monthly (12) 2 – 4
Semimonthly (24) 3 – 8 Weekly (52) 5 – 9
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Sampling Method
Random Selection • all items have equal chance of selection
Haphazard Selection • not careless, auditors best effort to be random
Systematic Selection • every Nth item, with a random start
There is no method required to be used; just required to document method
4/13/11
15
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Deviations / Exceptions
Controls Testing = Deviation
Compliance Testing = Exception
Evaluate deviations/exceptions: • Understand the likely cause • Determine if it should be reported
Evaluation of deviations/exceptions may include: • Rate • Systematic nature of the issue • Pattern relative to past history • Relationship to other aspects of the audit
Reporting
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Three Opinions: • Report on the financial statements in accordance with GAS • Report on internal control over financial reporting and compliance and other
matters based on an audit performed in accordance with GAS • Report on compliance with requirements applicable to each major program and
internal control over compliance in accordance with OMB Circular A-133
Part I - Summary of Auditors’ Results
Part II – Financial Statement Findings: • All Material Weaknesses and Significant Deficiencies • Noncompliance with laws and regulations at the financial statement level
Part III – Federal and State Award Findings
Elements of Single Audit Reporting
4/13/11
16
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Reportable conditions in internal control over major programs
Material noncompliance with the provisions of laws, regulations, contracts, or grant agreements related to a major program
Known questioned costs: • When known questioned costs are greater than $10,000 for a type of compliance
requirement for a major program • When likely questioned costs are greater than $10,000 for a type of compliance
requirement for a major program (not required to report the likely amount)
Known questioned costs which are greater than $10,000 for a Federal program which is not audited as a major program
Audit findings should be presented in sufficient detail for the auditee to prepare a corrective action plan and take corrective action and for Federal agencies and pass-through entities to arrive at a management decision
When to Report a Finding (Part III)
Copyright © 2009 Deloitte Development LLC. All rights reserved.
5. Condition found
6. Questioned costs
7. Perspective
8. Cause
9. Effect or potential effect
10. Recommendation to prevent future occurrences
11. Views of responsible officials
1. Reference Number
2. Finding Type • Compliance requirement • MW or SD • Material noncompliance,
noncompliance, or controls
3. Program(s) affected and related CFDA #
4. Criteria or specific requirement on which the finding is based
Elements of a Single Audit Finding
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Circumstances concerning why the auditor's report on compliance for major programs is anything other than an unqualified opinion
Known fraud affecting a Federal award
Instances where the summary schedule of prior audit findings prepared by the auditee materially misrepresents the status of any prior audit finding
Other Items to be Reported
4/13/11
17
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Types of Questioned Costs: • Unallowable: Not allowed under general and special award
conditions or agency instructions • Undocumented: Amount charged to grant but lacked
adequate detail • Unapproved: Not in grant budget or lacks proper approval • Unreasonable: Not consistent with actions of a prudent
person in the given circumstances
There is no materiality level for questioning a cost, only for reporting questioned costs
What are Questioned Costs?
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Includes both current year and uncorrected prior findings
Auditee must provide response(s) and a corrective action plan for each finding
“Corrective Action Plan” must include: • Name and title of individual responsible for corrective action • Description of planned corrective action • Anticipated completion date
Auditor must review before issuance of report
Management’s Corrective Action Plan
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Should be provided at the beginning of the subsequent year's audit
Report status of all findings included in the prior year's schedule of findings and questioned costs. • Fully corrected findings – list and state that corrective action was taken • Partially corrected findings – describe planned corrective action and any partial
action taken • Significantly different action from that previously reported – provide an
explanation
Audit findings repeated from multiple years must include the fiscal year in which the finding initially occurred.
Summary Schedule of Prior Audit Findings
4/13/11
18
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Data Collection Form (DCF) should be submitted as part of the reporting package
Reporting package includes the basic financial statements, single audit report, and DCF
DCF should be completed by auditee, reconciled to the single audit reports and SEFA, and reviewed by auditor
Filled out, signed and submitted online: http://harvester.census.gov/fac/collect/ddeindex.html
Data Collection Form
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Questions?
About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.
Copyright © 2009 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu