engagements under government auditing standards under government auditing standards diane ......
TRANSCRIPT
8/8/2014
1
Engagements under Government
Auditing Standards
Diane Edelstein, CPA
Flo Ostrum, CPA
American Institute of CPAs®
Presenter Diane Edelstein, CPA
Diane is a partner at Maher Duessel, CPAs in Pittsburgh, PA. She is a
graduate of George Mason University in Fairfax, VA and has worked in
non-profit and government auditing for over 20 years.
Diane was a member of the Executive Committee of the AICPA
Governmental Audit Quality Center from 2007-2011. She is also a member
of the Steering Committee for the AICPA NPO conference held each June
in Washington, DC.
Diane is a member of the AICPA Practice Monitoring Task Force A-133
Subgroup and has lectured for the AICPA and other organizations on the
topics of Single Audit.
2
8/8/2014
2
American Institute of CPAs®
Presenter
Flo Ostrum, CPA Flo is a partner and National Professional Practice Director –
Government and Not-for-Profit at Grant Thornton. She serves as a
technical accounting and auditing resource specializing in not-for-profit
accounting, performing audits in accordance with Government Auditing
Standards and conducting OMB A-133 audits. She is a member of the
AICPA Practice Monitoring Task Force- A-133 Subgroup.
Flo performs technical reviews of public and private clients. She also
acts as the liaison to the not-for-profit, health-care, Public Sector, and
Financial Services industry groups.
Flo’s industry experience includes not-for-profit organizations, consumer
industrial products companies, and governmental entities as well as
various other industries. She is a frequent presenter at AICPA and state
society conferences on Government Auditing Standards, OMB A-133 and
general auditing and accounting matters.
3
American Institute of CPAs®
Topics to cover today
Revisit of 2011 Yellow Book Independence
Peer Review matters and revised A-133 checklist
Revised Data Collection Form
Emphasis Areas
Frequent Findings of Technical Reviewers
GAO
New OMB Changes – Uniform Guidance
4
8/8/2014
3
American Institute of CPAs®
Revisit of 2011 Yellow Book
Independence
5
American Institute of CPAs®
2011 Yellow Book Peer Review Changes
Revised Peer Review Engagement Profiles and
Yellow Book Supplemental Audit and AUP
Checklists
• Trigger questions on the profile
• Independence questions in the checklists
Supplemental Guidance PRP Section 3100 for
evaluating noncompliance with Yellow Book
6
8/8/2014
4
American Institute of CPAs®
Engagement Profile Trigger Questions
7
American Institute of CPAs®
Yellow Book Independence Engagement
Checklist Questions
PRP Section 22110/22120, questions GA101-GA115
GA105- Has the auditor listed all nonaudit services
provided to the auditee?
GA108- If the auditor is performing the preparation
of the financial statements, if significant threats
were not identified, does this seem reasonable?
GA113- If the auditor has not documented
independence in accordance with Interpretation 101-
3 and GAGAS, did firm otherwise provide
convincing evidence that independences was not
impaired?
8
8/8/2014
5
American Institute of CPAs®
Peer Review Matters and
Revised A-133 Checklist
9
American Institute of CPAs®
Peer Review Matters:
Common Governmental MFCs
Reporting
Failure to include all of the required elements of
professional standards in the Auditor’s Report on
Internal Control and Compliance
Failure to include all of the required elements of
professional standards in the Auditor’s Report
SINGLE AUDIT: Failure to properly report
information on the Schedule of Expenditures of
Federal Awards
10
8/8/2014
6
American Institute of CPAs®
Peer Review Matters:
Common Governmental MFCs
Documentation
Failure to properly document the evaluation of
management’s skills, knowledge and experience
SINGLE AUDIT:
• written management representations
• an understanding of internal control over compliance of federal
awards
• testing of controls and compliance for the relevant assertions
related to each compliance requirement with a direct and
material effect for the major program.
• Improper identification of an auditee as low-risk
11
American Institute of CPAs®
Peer Review Matters:
Common Governmental MFCs
General
Clarity: Failure to update the audit report to conform
to the clarity standards
Failure to document a sufficient audit plan to
consider fraud risk and comprehensive risk
assessment procedures, including failure to link the
risk assessment to the audit procedures performed
Failure to adequately document procedures
performed over balances and transactions
12
8/8/2014
7
American Institute of CPAs®
Revised A-133 Checklist
Section 22,100 – Part A and B
Issued in April 2014
Instructions clarified as to completion of Part B
13
American Institute of CPAs®
Revised A-133 Checklist
14
8/8/2014
8
American Institute of CPAs®
Data Collection Form
15
American Institute of CPAs®
Federal Audit Clearinghouse – 2013 Form
Changes
2013 Form SF-SAC
• The new form and instructions will be applicable for
audit periods ending in 2013, 2014 and 2015
• More significant changes this time around
16
8/8/2014
9
American Institute of CPAs®
Federal Audit Clearinghouse – 2013 Form
Changes
Part I – General Information
• Beginning with 2013 audits, all audit firms must report their
Employer Identification Number (EIN)
• Secondary auditors must report their EIN on the secondary
auditor contact information page
Part III: Federal Programs
• Identify Loan/Loan Guarantee
• Standardized Audit Finding Reference Numbers: YYYY-###, (ex.
2014-001)
17
American Institute of CPAs®
Federal Audit Clearinghouse – 2013 Form
Changes – New Items in Part III: Federal
Programs
18
8/8/2014
10
American Institute of CPAs®
Federal Audit Clearinghouse – 2013 Form
Changes
New Part III, Item 7: Federal Awards Findings
Summary
• Audit findings must be listed once for each Federal award
affected by that finding
• Auditor must report the Type of Compliance Requirement
(moved from Part III: Federal Programs) using letters A-N
or P from the annual Circular A-133 Compliance
Supplement. ‘O’ (for ‘None’) will no longer be needed as it
was only used when there was no finding
• Type of finding to be indicated
• Report questioned costs related to the finding
• See next slide for example Part III, Item 7
19
American Institute of CPAs®
Federal Audit Clearinghouse – 2013 Form
Changes – New Part III, Item 7: Federal
Awards Findings Summary
20
8/8/2014
11
American Institute of CPAs®
Federal Audit Clearinghouse – 2013 Form
Changes
Personally Identifiable Information Certification (PII)
• Auditors and auditees will be required to certify that
their reporting package does not contain Personally
Identifiable Information (PII)
Unlocked, unencrypted, and at least 85% text-
searchable PDFs. (2014 YE for < $50 million)
21
American Institute of CPAs®
Federal Audit Clearinghouse – 2013 Form
Changes
For 2013 Audits due before the 2013 Form is ready,
OMB has added the following guidance to the FAC
home page regarding extension:
“If a single audit for a fiscal period ending in 2013 is
due before the 2013 Form is available, auditees will
not be able to meet the thirty-day deadline for
submission prescribed by OMB Circular A-133
§_.320(a). Therefore, OMB has granted an
extension until March 2014 for reporting packages
due to the Clearinghouse before that date. The
extension is automatic and there is no approval
required. The extension applies only to single audits
for the fiscal periods ending in 2013.”
22
8/8/2014
12
American Institute of CPAs®
Federal Audit Clearinghouse – 2013 Form
Changes
New Submission Process
• New user profiles
• For 2013 audits with cognizant agency (and remaining audits in
2014), all reporting package uploads must be text searchable,
unlocked, and unencrypted PDF files (FAC provides instructions
when filing reports this year)
FAC working towards making all reporting packages
transparent to the public
• Financial statements, SEFA
• Auditor reporting
• Schedule of Findings and Questioned Costs
23
American Institute of CPAs®
Emphasis Areas
24
8/8/2014
13
American Institute of CPAs®
Current Environment – Financial Statement
Audits
Consider effect of current environment on the
financial statement audits
• Continued fiscal stress
• Going concern/fiscal uncertainty
• Client revenue recognition issues?
• Public pension challenges (funding issues, new GASB
standards, SEC interest in municipal issuer disclosure)
• Don’t ignore fraud risk
• Continued fee pressure
25
American Institute of CPAs®
GASB's New Pension Standards
Peer reviewers to understand implementation issues
associated with the GASB’s new pension standards
April 2014 – Reviewer Focus
GASB’s employer standard—GASB Statement No.
68, Accounting and Financial Reporting for
Pensions—an amendment of GASB Statement No.
27—is not required until June 30, 2015 year-ends
Potential for employer auditors to issue modified
opinions
26
8/8/2014
14
American Institute of CPAs®
GASB's New Pension Standards
The AICPA State and Local Government Expert
Panel (SLGEP) was charged with addressing the
various accounting and auditing implementation
issues that have resulted from the new GASB
standards.
SLGEP Pension Whitepaper on Employer and
Related Auditor Issues: Agent Plans
SLGEP Pension Whitepaper on Employer and
Related Auditor Issues: Cost-Sharing Plans
SLGEP Pension Whitepaper on Census Data Related
to Single-Employer and Cost-Sharing Plans
27
American Institute of CPAs®
GASB's New Pension Standards
Interpretation to auditing standards
AICPA Audit and Attest Team website: Recently
Issued Audit Interpretations
The following includes a brief summary of the agent
interpretations and provides direct links to each
interpretation:
Interpretation No. 3, "Auditor of Participating
Employer in a Governmental Agent Multiple-
Employer Pension Plan”
Interpretation No. 2, "Auditor of Governmental Agent
Multiple-Employer Pension Plan”
28
8/8/2014
15
American Institute of CPAs®
GASB's New Pension Standards - Resources
April 2014 AICPA Peer Reviewer Focus
http://www.aicpa.org/InterestAreas/PeerReview/NewsAnd
Publications/DownloadableDocuments/ReviewerFocus04
14.pdf
AICPA GAQC GASB Matters Page
http://www.aicpa.org/interestareas/governmentalauditqua
lity/resources/gasbmatters/pages/default.aspx
29
American Institute of CPAs®
Current Environment – Compliance Audits
Documentation of the effect of current environment
on the compliance audit
• Continued fiscal stress
- Allowable use of grant funds?
• Subrecipient Monitoring
• Designing/Updating Controls
• Don’t Ignore Fraud Risk
- Employee Defalcation
- Journal Entries Create Risk
30
8/8/2014
16
American Institute of CPAs®
Group Audits in a Governmental Audit
Peer Review Engagement Profile
• Is this engagement part of a group audit?
• If a group audit, describe the level of reliance on the
work of component auditors
PRP Section 20500, questions G122-G131
31
Governmental Audit Quality Center
AICPA Auditing Standards – Clarity One-Year
Later - Group Audits Challenges Areas
IDENTIFYING COMPONENTS CAN BE CHALLENGING
DETERMINING SIGNIFICANCE OF COMPONENTS
MATERIALITY DECISIONS
SUBSEQUENT EVENTS
COMMUNICATIONS WITH COMPONENT AUDITORS, GROUP GOVERNANCE AND MANAGEMENT
32
8/8/2014
17
American Institute of CPAs®
AICPA Auditing Standards – Clarity One-Year
Later – Auditor Reporting Challenge Areas
Ensure that all clarity reporting changes were
incorporated into the auditor report templates
How is the Firm addressing compliance audits for
States or federal regulators that have outdated
report examples?
33
American Institute of CPAs®
AICPA Auditing Standards – Clarity One-Year
Later – Auditor Reporting Challenge Areas
Current questions on audit reports
• Confusion over terminology (e.g., modified versus
qualified)
• Reporting on state and local government opinion units
when unmodified opinions and also modified opinions
• Reporting on compliance when have unmodified opinions
and modified opinions
• Referencing the management letter in Government
Auditing Standards report (not required)
• Restricted use alerts versus purpose alerts
34
8/8/2014
18
American Institute of CPAs®
AICPA Auditing Standards – Additional
GAQC/AICPA Guidance
GAQC Archived Web Event titled, Group Audits: A Look Back
One Year Later and Lessons Learned (held 2/14)
GAQC Archived Web Event titled, Understanding the Potential
Impacts of the New Group Audits SAS on Your Governmental and
Not-For-Profit Audit Engagements (held 12/11 but still relevant)
Technical Questions and Answers on Group Audits (located in
TIS Section 8800, Audits of Group Financial Statements and Work
of Others on AICPA Website)
AICPA Audit Risk Alert - Understanding the Responsibilities of
Auditors for Audits of Group Financial Statements
AICPA Audit and Accounting Guide, State and Local
Governments (SLG Guide)
AICPA Audit Guide, Government Auditing Standards and Circular
A-133 Audits (GAS-A133 Guide)
35
American Institute of CPAs®
Common Quality Issues
Found in Peer Reviews and
Ethics Referrals
36
8/8/2014
19
American Institute of CPAs®
Common Audit Quality Issues
The examples of single audit errors found on an
engagement profile are the following:
• Incorrectly computed Type A threshold
• Misidentification of Type A programs
• Missed clusters
• Not selecting appropriate programs (i.e. Type A program not
identified as low risk – not audited in prior 2 years)
37
American Institute of CPAs®
Common Audit Quality Issues
Most Common Yellow Book and A-133 Clarified
Reporting Questions
• Where are the Yellow Book report illustrations for
NFP entities?
• Why did you add the title “Independent Auditor’s
Report” to the Yellow Book reports?
• Why was the reference to management responsibility
for internal control over financial reporting in the
Yellow Book report removed?
38
8/8/2014
20
American Institute of CPAs®
Common Audit Quality Issues
Most Common Yellow Book and A-133 Clarified
Reporting Questions
• Why was the reference to management letter
removed from the Yellow Book report?
• Why was the "restricted use alert" replaced with a
"purpose alert“ and why only in internal control
section in A-133 report?
• Do I have to follow these formats exactly for my A-
133 reports?
39
American Institute of CPAs®
Common Audit Quality Issues
Missed major programs
Documentation of internal control over compliance
understanding
Testing and documentation of compliance testing
Sampling adequacy and documentation
Schedule of Expenditures of Federal Awards (SEFA)
Issues
GAQC Web Event: How to Avoid Common Audit
Quality Issues: Compliance Audits, Governmental
Audits, and Not-for-Profit Audits
40
8/8/2014
21
American Institute of CPAs®
Common Audit Quality Issues
More federal focus on findings
Be sure findings include all required elements
• Remember ensure that you have no PII in findings
Tell the whole story in your findings
• Helps avoid follow-up after the fact by a federal
agency trying to resolve the finding
41
American Institute of CPAs®
Common Audit Quality Issues
Findings Reminder
• Tell the whole story:
42
Good finding
What was wrong
Frequency
Magnitude
8/8/2014
22
American Institute of CPAs®
Audit Quality Issues and non conforming
engagements
When does a 'no' answer result in a nonconforming
engagement?
What if there is a nonconforming engagement in an
Engagement review?
What if there is a nonconforming engagement in a
System Review?
What are the reviewed firm's responsibilities?
• How to remediate?
What is the reviewer's responsibilities?
• Evaluate the response
• Should there be monitoring
43
American Institute of CPAs®
Common Audit Quality Issues for
SLG Audits
Management’s Discussion and Analysis Issues
Defining the Reporting Entity
Disclosures (for example, component units,
transfers)
Reporting Units and Opinion Units
GASB 54, Fund Balance Reporting & Governmental
Fund Type Definitions
More details available in GAQC Archived Web Event
• How to Avoid Common Audit Quality Issues: Compliance Audits,
Governmental Audits, and Not-for-Profit Audits - Member Web
Event
44
8/8/2014
23
American Institute of CPAs®
Use the Federal Audit Clearinghouse as a
Tool to Identify Audit Quality Issues
Consider using the database to perform a few
quality checks
• Check type A program thresholds for your audits (if
you find $500,000, you probably have a problem)
• See if doing any program-specific audits; if so, look at
the data collection form (DCF) to determine if only
one program or cluster noted
• Randomly drill down into some of your organization’s
DCFs to see if any other trends noted
45
American Institute of CPAs®
QCR and Desk Review Checklists
Inspector General community has issued the
following checklists for use by federal agencies:
• Guide for Quality Control Reviews of OMB Circular A-133
Audits
• Guide for Desk Reviews of OMB Circular A-133 Audit
Report
Both can be found at:
http://www.ignet.gov/pande/audit1.html#reports
(look under Single Audit Guides)
Consider using these checklists as an additional QC
tool
46
8/8/2014
24
American Institute of CPAs®
Case Study 1: Low Risk Auditee
You are reviewing the engagement profile of an OMB
A-133 engagement and note that the auditee is a low
risk auditee. What procedures do you think you
should perform as the reviewer to establish that the
determination is correct?
47
American Institute of CPAs®
Case Study 1: Low Risk Auditee
Review responses with firm to ensure they
understood the question on profile sheet
Reviewer to recompute info on profile sheet
48
8/8/2014
25
American Institute of CPAs®
Case Study 1: Low Risk Auditee
What are peer reviewers doing about checking DCF
filing dates?
What are reviewers doing about comparing the DCF
to the A-133 reports?
49
American Institute of CPAs®
Case Study 2: Control testing and evaluation
You are evaluating an A-133 engagement and completing
Part A of the checklist. In evaluating the engagement’s
risk assessment workpapers, the firm has indicated
control risk as high for the applicable, direct and material
compliance requirements for the particular major
program tested. There was no testing performed on
internal controls. The A-133 report on internal control
and compliance over major programs has no findings.
Further review of the compliance testing indicates no
deviations on the compliance testing. Documentation of
the compliance testing performed is in compliance with
the Yellow Book documentation standards. Does this
work appear acceptable or do you need to make further
inquiries?
50
8/8/2014
26
American Institute of CPAs®
Case Study 2: Control testing and evaluation
How was control risk determined to be high?
Firm responsibilities?
Reviewer?
51
American Institute of CPAs®
Case Study 2: Control testing and evaluation
A-133 internal control over federal programs
• Internal control pertaining to the compliance requirements for
federal programs (internal control over federal programs) means
a process—effected by an entity's management and other
personnel—designed to provide reasonable assurance
regarding the achievement of the following objectives for federal
programs….
52
8/8/2014
27
American Institute of CPAs®
Government Accountability
Office (GAO)
53
Yellow Book: The Next Revision
We are working towards a 2015 Yellow Book.
• Revise and modernize CPE.
• Make some refinements to Independence based on user experience with the conceptual framework and SKE.
• Consider how the report on internal control and compliance can be made more relevant.
• Incorporate the 2013 peer review guidance.
• Clarity format?
54
8/8/2014
28
Yellow Book: The Next Revision
2013 Peer Review Guidance
Explicitly draws parallels between:
• Unmodified Opinion (2007) and Pass rating (2011).
• Modified Opinion and Pass with Deficiencies rating.
• Adverse Opinion and Fail rating.
Incorporates the AICPA peer review definitions of
Matter, Finding, Deficiency, and Significant
Deficiency.
55
Yellow Book: The Next Revision
We are working towards a 2015 Yellow Book.
What can we change or add that would help
peer reviewers do their work more
effectively?
56
8/8/2014
29
57
Where to Find the Yellow Book
The Yellow Book is available on GAO’s
website at:
www.gao.gov/yellowbook
For technical assistance, contact us at:
or call (202) 512-9535
American Institute of CPAs®
New OMB Changes - Uniform
Guidance
58
8/8/2014
30
American Institute of CPAs®
Sources
AICPA GAQC
COFAR Training held January 27, 2014
59
American Institute of CPAs®
New Uniform Guidance
In late December 2013, the U.S. Office of
Management and Budget (OMB) issued Uniform
Administrative Requirements, Cost Principles, and
Audit Requirements for Federal Awards (Uniform
Grant Guidance or Guidance) 2 CFR 200. This 103
page document combines eight existing OMB
Circulars (A-21, A-87, A-89, A-102, A-110, A-122, A-
133 and sections of A-50).
http://www.gpo.gov/fdsys/pkg/FR-2013-12-
26/pdf/2013-30465.pdf
60
8/8/2014
31
American Institute of CPAs®
Replaces prior Circulars
Streamlining of Related Circulars and Guidance
• A-21, Cost Principles for Educational Institutions
• A-50, Audit Follow-Up, related to Single Audit
• A-87, Cost Principles for State, Local, and Indian Tribal
Governments
• A-89, Federal Domestic Assistance Program Information
• A-102, Awards and Cooperative Agreements with State and
Local Governments
• A-110, Uniform Administrative Requirements for Awards and
Other Agreements with Institutions of Higher Education,
Hospitals, and Other Nonprofit Organizations
• A-122, Cost Principles for Non-Profit Organizations
• A-133, Audits of States, Local Governments and Non-Profit
Organizations
61
American Institute of CPAs®
Prior Circulars
The original circulars are available on the OMB
website at:
http://www.whitehouse.gov/omb/grants_circulars
62
8/8/2014
32
American Institute of CPAs®
Important Dates
The Uniform Guidance will be implemented one year
from publication: December 26, 2014. OMB and the
COFAR will continue to engage Federal and Non-
Federal stakeholders over the next year to facilitate
a smooth implementation process. Please submit
any comments or questions to [email protected].
Single Audits beginning December 31, 2015 year-
end
No early implementation permitted
63
American Institute of CPAs®
COFAR Presentation
On Monday, January 27th COFAR, held a training
webcast on the major updates to OMB’s recently
reformed guidance on Uniform Administrative
Requirements, Cost Principles, and Audit
Requirements for Federal Awards (Uniform Grant
Guidance or Guidance).
64
8/8/2014
33
American Institute of CPAs®
COFAR Presentation
Links to the Uniform Guidance 1-27-14 Training
Webcast:
COFAR Training Intro 1-27-14
http://youtu.be/SOET4b-7my8
COFAR Training Administrative Requirements 1-27-
14
http://youtu.be/BP3l3PjI1JQ
COFAR Training Cost Principles 1-27-14
http://youtu.be/q0rWXdy2ICM
COFAR Training Audit Requirements 1-27-14
http://youtu.be/g-U8HGbbC-Y
65
American Institute of CPAs®
Administrative Requirements
Reforms to A-102,
Circular A-110, and
Circular A-89
66
8/8/2014
34
American Institute of CPAs®
Procurement
Five prescriptive procurement methods:
• Micro-purchase – supplies or services with aggregate
amount does not exceed $3K, or $2K in case subject
to Davis-Bacon Act
• Small purchase procedures – subject to Simplified
Acquisition Threshold (currently $150K)
• Sealed bids (formal advertising)
• Competitive proposals
• Noncompetitive proposals
67
OMB Circular A-110 is arguably more simple and allows more flexibility in
selecting procurement method.
American Institute of CPAs®
Procurement
Must perform cost or price analysis in connection
with every procurement action in excess of
Simplified Acquisition Threshold, including contract
modifications
• As starting point, must make independent estimate
before receiving bids or proposals
68
8/8/2014
35
American Institute of CPAs®
Procurement
Must negotiate profit as a separate element of price
for each contract where no price competition and in
all cases where cost analysis is performed
Competition provisions of section 200.319 prohibit
use of statutorily imposed state or local geographic
preferences in procurement
69
American Institute of CPAs®
Cost Principles
Reforms to Circulars A-21,
A-87, and
A-122
70
8/8/2014
36
American Institute of CPAs®
Compensation – Personal Services
Significant differences in time and effort
documentation requirements under the three
existing cost circulars
• A-21 is based on estimates that produce a
reasonable approximation of the activity
• A-87 and A-122 are based on periodic (at least
monthly) time and effort reporting of employees
71
§ 200.430
Many commenters of NPG requested additional flexibility, while others
requested stricter uniformity in the provision of specific certification language to
better prevent and facilitate prosecution of fraud.
American Institute of CPAs®
Compensation – Personal Services
Uniform Guidance loosely based on concepts from
all three circulars
• Increases emphasis on internal controls
• Provides less prescriptive guidance on
documentation
72
§ 200.430
Many commenters of NPG requested additional flexibility, while others
requested stricter uniformity in the provision of specific certification language to
better prevent and facilitate prosecution of fraud.
8/8/2014
37
American Institute of CPAs®
Compensation – Personal Services (continued) Charges to Federal awards for salaries and wages must be
based on records that accurately reflect the work. They must:
73
Be incorporated into official records of non- Federal entity
Be supported by a system of internal
control which provides reasonable
assurance that charges are accurate,
allowable, and properly documented.
Comply with established
accounting policies of non-Federal entity
Encompass both federally assisted and
all other activities
Support distribution of employee’s salary
or wages among activities or cost
objectives
Reasonably reflect the total activity for which
employee is compensated
The standards for documentation contain several references to entity’s written policy.
American Institute of CPAs®
Compensation – Personal Services
(continued)
Budget estimates alone do not qualify as support,
but may be used for interim charges provided that:
• System for establishing the estimate produces reasonable
approximations of the activity actually performed
• Significant changes in corresponding work activity are
identified and entered into records on a timely basis
- Short term (such as one or two months) fluctuations
between workload categories need not be considered
as long as distribution reasonable over long term
• Entity’s system of internal controls include process to
review after-the-fact interim charges based on budget
74
8/8/2014
38
American Institute of CPAs®
Compensation – Personal Services
(continued)
Charges for salaries and wages of nonexempt
(hourly) employees must also be supported by
records indicating total hours worked each day
maintained in accordance with Department of Labor
regulations
Salaries and wages of employees used in meeting
cost sharing or matching requirements must be
supported in same way as if claimed for
reimbursement
75
Most time and effort reporting systems for NFP and SLG entities are
based on time actually incurred (allocated to Federal awards each period
based on actual hours incurred for each activity). In near term, it is likely
these entities will not revise IT systems because of cost.
American Institute of CPAs®
Compensation – Personal Services
(continued)
For non-Federal entity that do not meet these
standards, the Federal government may require
personnel activity reports
For states, local governments, and Indian tribes,
substitute process or systems for allocating salaries
may be used if approved by cognizant agency for
indirect costs
76
Most time and effort reporting systems for NFP and SLG entities are
based on time actually incurred (allocated to Federal awards each period
based on actual hours incurred for each activity). In near term, it is likely
these entities will not revise IT systems because of cost.
8/8/2014
39
American Institute of CPAs®
Written Policies
“Written Policy” reference in Uniform Guidance (25
times)
• Financial management – section 200.302
• Payment – section 200.305
• Procurement – sections 200.318, 200.319, 200.320
• Compensation – sections 200.430 and 200.431
• Relocation costs – section 200.464
• Travel costs – section 200.474
77
American Institute of CPAs®
Audit Requirements
Reforms to Circulars
A-133 and A-50
78
8/8/2014
40
American Institute of CPAs®
Targeting Audit Requirements on Risk of
Waste, Fraud, and Abuse
The final guidance right-sizes the footprint of
oversight and Single Audit requirements to
strengthen oversight and focus audits where there
is greatest risk of waste, fraud, and abuse of
taxpayer dollars
It improves transparency and accountability by
making single audit reports available to the public
online, and encourages Federal agencies to take a
more cooperative approach to audit resolution in
order to more conclusively resolve underlying
weaknesses in internal controls
79
American Institute of CPAs®
Revisions Focus Audit On Risk
Increases audit threshold
Strengthens risk-based approach to determine
Major Programs
Provides for greater transparency of audit results
Strengthens agency use of the single audit process
Provides for public outreach to focus Compliance
Supplement on requirements of highest risk
80
8/8/2014
41
American Institute of CPAs®
Basic Structure of Single Audit Process
Unchanged
Audit threshold (200.501)
Subrecipient vs. Contractor (200.501(f) & 200.330)
Biennial (200.504) & Program-specific (200.507) audits
Non-Federal entity selects auditor (200.509)
Auditee prepares financial statements & SEFA (200.510)
Audit follow-up & corrective action (200.511 & 200.521)
9-month due date (set in law) (200.512(a))
Reporting to Federal Audit Clearinghouse (200.512)
Major programs determined based on risk (200.518)
Compliance Supplement overall format
81
American Institute of CPAs®
Audit Threshold (200.501)
The COFAR considered that raising the threshold would
allow Federal agencies to focus their audit resolution
resources on the findings that put higher amounts of
taxpayer dollars at risk, thus better mitigating overall
risks of waste, fraud, and abuse across the government
Further, the COFAR notes that provisions throughout the
guidance, including pre-award review of risks, standards
for financial and program management, subrecipient
monitoring and management, and remedies for
noncompliance provide a strengthened level of oversight
for non-Federal entities that would fall below the new
threshold
82
8/8/2014
42
American Institute of CPAs®
Audit Threshold
Increases audit threshold from $500,000 to $750,000
Maintains oversight over 99.7% of the dollars
currently subject to Single Audits and reduces audit
burden for approximately 5,000 entities
Increase of $250,000 is in line with previous
threshold increase in 2003
83
American Institute of CPAs®
6,115 14%
38,704 86%
2010 FAC Total # of Audits
<$750k
>$750k
0.3%
99.7%
2010 FAC Total Dollars
<$750k
>$750k
Impact of Threshold
84
8/8/2014
43
American Institute of CPAs®
Single Audits by Agency
Agency As Cognizant As Oversight
> $750 < $750
Education 508 8,936 1,601
HUD 259 10,383 1,588
HHS 239 6,368 1,028
Transportation 69 1,272 228
Labor 12 538 68
Agriculture 9 2,483 561
Energy 8 395 62
Homeland
Security
5 702 193
NSF 5 95 20
85
American Institute of CPAs®
Major Program Determination
200.518 Major Program Determination focuses
audits on the areas with internal control deficiencies
that have been identified as material weaknesses.
Future updates to the Compliance Supplement will
reflect this focus as well
86
8/8/2014
44
American Institute of CPAs®
Type A/B Threshold (Step 1)
Programs are grouped based on dollars
• Type A programs are those above the threshold
• Type B are those below the threshold
Type A/B threshold is a sliding scale with minimum
• Minimum increases from $300,000 to $750,000
• Threshold presented in table to be more easily understood.
Audit threshold and Type A/B minimum threshold
will be the same at $750,000
87
American Institute of CPAs®
Type A/B Threshold – Table (200.518(b)(1))
Type A/B Threshold Total Federal Awards Expended (FAE)
$750,000 Equal to $750,000 but LT or EQ to $25 M
Total FAE times .03 Exceed $25M but LT or EQ to $100M
$3,000,000 Exceed $100M but LT or EQ to $1B
Total FAE times .003 Exceed $1B but LT or EQ to $10B
$30M Exceed $10B but LT or EQ to $20B
Total FAE times .0015 Exceed $20B
88
M means Million Dollars and B means Billion Dollars
LT means Less Than
EQ means Equal To
8/8/2014
45
American Institute of CPAs®
Current A-133 criteria:
Not audited as major program in
1 of 2 most recent audit periods
In most recent period had ANY
AUDIT FINDING
• Provided for auditor judgment in
limited cases, e.g., very small
questioned costs
• Other – Auditor judgment
- Oversight exercised by
Federal agencies or pass-
through entities, audit follow-
up, or changes in personnel
or systems which significantly
increased risk
Uniform Guidance:
SAME
In most recent period had a
HIGH RISK AUDIT FINDING
• Modified opinion
• Material weakness in internal
control
• Known or likely questioned
costs exceeding 5% of total
program expenditures
• Other – Auditor judgment
- Basically unchanged
High-Risk Type A Program (200.518(c)) (Step 2)
89
Key – An entity with strong internal controls and few audit findings will
have less high-risk Type A program
American Institute of CPAs®
Current A-133 criteria:
Currently there are two
Type B risk assessment
options: • Option 1 – Perform risk
assessments on ALL Type B
programs and select at least 50%
of Type B programs identified as
high risk up to number of low-risk
Type A programs
• Option 2 – Perform risk
assessments on all Type B
programs until as many high-risk
Type B programs have been
identified as there are low-risk
Type A programs
New criteria:
Perform risk assessments
on Type B programs until
high-risk Type B programs
have been identified UP
TO at least 25% of number
of low-risk Type A
programs
High-Risk Type B Program (200.518(d))
(Step 3)
90
8/8/2014
46
American Institute of CPAs®
Percentage of Coverage Rule (200.518(f))
(Step 4)
Guidance reduces the minimum coverage as
follows:
91
Type of Auditee Current New
Not low-risk 50% 40%
Low-risk 25% 20%
American Institute of CPAs®
Low-Risk Auditee
200.520 Criteria for a Low-Risk Auditee
Members of the audit community and states
commented on the criteria for a low-risk auditee that
includes whether the financial statements were
prepared in accordance with GAAP. Members of the
audit community note that GAAP is the preferred
method, and states note that state law sometimes
provides for other methods of preparation. The
COFAR considered this and recommended revised
language to allow for exceptions where state law
requires otherwise.
92
8/8/2014
47
American Institute of CPAs®
Current (2 prior years)
Annual single audits
Unmodified opinion on financial
statements in accordance with
GAAP
Unmodified SEFA in relation to
opinion
No GAGAS material weaknesses
In either of preceding two years,
none of Type A programs had:
• Material Weakness
• Material noncompliance
• Questioned costs that exceed 5%
Timely filing with FAC
Auditor reporting going concern
not preclude low-risk
Waivers
New (2 prior years)
SAME
Unmodified opinions on statements
in accordance with GAAP or basis of
accounting required by state law
SAME
SAME
SAME
SAME
No Audit reporting of going concern
No waivers
Low-Risk Auditee (200.520)
93
American Institute of CPAs®
Single Audit Report Submission (Cont’d)
All auditees must submit the reporting package and
the data collection form electronically to the Federal
Audit Clearinghouse (FAC) (200.512(d))
FAC responsible to make the reports available on a
Web site (200.512(g))
• Exception for Indian tribes will be discussed later
94
8/8/2014
48
American Institute of CPAs®
Single Audit Reports on the Web - PPII
Auditors and auditees must ensure reports do not
include protected personally identifiable information
(PPII) (200.82 & 200.512(a)(2))
Auditee must sign statement that (200.512(b)(1)):
• Reports do not include PPII
• Authorizes FAC to make reports publically available
on a Web site
- Exception for Indian tribes as defined in 200.54
- No exception for tribal organization not meeting
the 200.54 definition
95
American Institute of CPAs®
Exception for Indian Tribes (200.512(b)(2))
Tribal reports may include confidential business
information that would be redacted under the
Freedom of Information Act
May elect to not authorize the FAC to make reporting
package publically available on the Web site
If elected, Indian tribe must:
• Submit reporting package directly to pass-through
entities
• Make reporting package available for public
inspection as required by the Single Audit Act
96
8/8/2014
49
American Institute of CPAs®
FAC Repository of Record for Reporting
Packages (200.36 & 200.512(b))
Federal agencies, pass-through entities, and others
obtain copies by accessing FAC website
Subrecipient only required to submit report to FAC
and no longer required to submit to pass-through
entity
Pass-through entity no longer required to retain
copy of subrecipient report as available on the Web
97
American Institute of CPAs®
Single Audit Accountable Official
200.513 Responsibilities
Requires Federal awarding agencies to designate a
Senior Accountable Official who will be responsible for
overseeing effective use of the Single Audit process
and implementing metrics to evaluate audit follow-up.
98
8/8/2014
50
American Institute of CPAs®
Single Audit Accountable Official
(200.513(c)(5))
Ensure agency effectively uses the single audit
process
Develop a baseline, metrics, and targets to track,
over time, the effectiveness of:
• The agency’s process to follow-up on audit findings
• Single Audits in:
- Improving non-Federal entity accountability for Federal
awards
- Use by the agency in making award decisions
Designate the agency’s Key Management Single
Audit Liaison
99
American Institute of CPAs®
Agency Key Management Single Audit Liaison
(200.513(c)(6))
Agency management’s point of contact for single audit
Promote interagency coordination
Oversee training for agency’s program management
personnel related to the single audit process
Promote use of cooperative audit resolution
Coordinate agency’s audit follow-up to ensure timely
corrective action on audit findings
Organize cognizant agency for audit follow-up
Ensure agency provides annual updates to the
Compliance Supplement
Support the Senior Audit Accountable Official
100
8/8/2014
51
American Institute of CPAs®
Cooperative Audit Resolution
200.513(c)(3)(iii) Responsibilities
Encourages Federal awarding agencies to make
effective use of cooperative audit resolution practices
in order to reduce repeat audit findings.
101
American Institute of CPAs®
Cooperative Audit Resolution (200.25)
Cooperative audit resolution means the use of audit
follow-up techniques which promote prompt corrective
action by improving communication, fostering
collaboration, promoting trust, and developing an
understanding between the Federal agency and the
non-Federal entity. This approach is based upon:
a) A strong commitment by Federal agency and non-
Federal entity leadership to program integrity
b) Federal agencies strengthening partnerships and
working cooperatively with non-Federal entities and
their auditors; and non-Federal entities and their
auditors working cooperatively with Federal
agencies
102
8/8/2014
52
American Institute of CPAs®
Cooperative Audit Resolution (200.25)
c) A focus on current conditions and corrective action
going forward;
d) Federal agencies offering appropriate relief for past
noncompliance when audits show prompt corrective
action has occurred; and
e) Federal agency leadership sending a clear message
that continued failure to correct conditions identified
by audits which are likely to cause improper
payments, fraud, waste, or abuse is unacceptable
and will result in sanctions.
103
American Institute of CPAs®
Appendix XI - Compliance Supplement
While most commenters were in favor of the proposed
reduction of the number of types of compliance
requirements, many voiced concern about the process to
implement such changes. Comments questioned
whether Federal agencies adding back provisions under
special tests and provisions would result in increased
administrative burden.
Since the Supplement is published as part of a separate
process, the COFAR recommended that any future
changes to its structure be based on available evidence
of impact on past findings and include further public
outreach to mitigate potential risks of an inadvertent
increase in administrative burden.
104
8/8/2014
53
American Institute of CPAs®
Compliance Supplement
Supplement is published as separate process so the
final changes are not included in the Guidance
Future changes will be based on available evidence
of past audit findings & potential impact of non-
compliance
Further public outreach will be conducted prior to
making structural changes to Supplement format
• 2014 Supplement will preview the implementation of
changes
• Changes will not be effective until the 2015
Supplement
105
American Institute of CPAs®
Audit Findings (200.516)
Increases the threshold for reporting known and
likely questioned costs from $10,000 to $25,000
(200.516(a)(3) & (4))
Requires that questioned costs be identified by
CFDA number and applicable award number
(200.516(b)(6))
Requires identification of whether audit finding is a
repeat from the immediately prior audit and if so the
prior year audit finding number (200.516(b)(8))
Provides that audit finding numbers be in the format
prescribed by the data collection form (200.516(c))
106
8/8/2014
54
American Institute of CPAs®
Finding Elements
107
§ 200.516
Finding Elements
Program
Information Criteria
Condition
Found
Context
Questioned
Costs Whether
Sampling was Statistically Valid
Repeat Finding from Prior Year
Cause & Effect
Recommendation
Views of Responsible
Officials
American Institute of CPAs®
Single Audit Reporting
Face of schedule of expenditures of federal awards
(SEFA) must include all Federal awards expended
including:
• Noncash assistance
• Loan programs (beginning balance of outstanding loans plus
loans disbursed during period plus interest subsidy, cash, or
administrative cost allowance)
• Loan guarantee programs
Amounts in data collection form should be same as
SEFA
Reports submitted to FAC will be publically available
except for Indian tribes
108
We recommend including rollforward of loan and loan guarantee programs
in the notes to the SEFA.
8/8/2014
55
American Institute of CPAs®
Additional Audit Requirements
List of program specific audit guides will be
provided beginning with the 2014 Supplement
including (200.517(a)):
• Agency contact information
• Web site where copy of guide is available
Clarified that if report due date is on a Saturday,
Sunday, or Federal legal holiday, report submission
is due the next business day (200.512(a))
Provides for a government-wide audit quality project
once every 6 years beginning in 2018
(200.513(a)(3)(ii))
Made technical edits to align with current auditing
standards
109
American Institute of CPAs®
Effective Date for Audit Requirements
(200.110(b))
Subpart F will be effective for non-Federal entity
Fiscal Years (FY) or biennial periods beginning on or
after December 26, 2014
First year examples:
• FY beginning January 1, 2015 and ending December
31, 2015
• Biennial period beginning January 1, 2015 and
ending December 31, 2017
Early implementation of Subpart F is not permitted
110
8/8/2014
56
American Institute of CPAs®
Reaching COFAR
Please submit questions to [email protected].
All questions will be reviewed and some may be
included in a frequently asked questions document
that will be posted on the COFAR website,
https://cfo.gov/cofar/
111
American Institute of CPAs®
COFAR – Frequently Asked Questions
The Council on Financial Assistance Reform
(COFAR) released on February 12, 2014 an FAQ
document titled, Frequently Asked Questions for
New Uniform Guidance at 2 CFR 200, covering
certain aspects of the Uniform Grant Guidance. To
date, COFAR has received over two hundred
questions from grant stakeholders. This FAQ
issuance is the first attempt by COFAR to respond to
those questions and it plans to release additional
FAQs in the future. Therefore, continue to send any
questions or comments that you have to
112
8/8/2014
57
American Institute of CPAs®
Next Steps
Read Uniform Guidance
Attend COFAR webcast (8 hours) – Jan. 27, 2014
Develop implementation plan
Identify changes to policies and procedures
Develop training plan
113
American Institute of CPAs®
OMB - Uniform Grant Guidance
Client Education:
• Concern that auditees not paying attention; consider using “fear
factor” – that is, non-action could result in material weakness or
significant deficiency findings
• Need to start now!
• Ask clients:
- Have you read the new guidance?
- Do you have a plan to become compliant?
- How are you going to be addressing the new rules for
procurement, allocating indirect costs, time and effort
reporting, subrecipient monitoring, and internal control?
- Is senior management involved?
- Are you aware of available resources?
- How do you plan to train your staff?
114
8/8/2014
58
American Institute of CPAs®
OMB - Uniform Grant Guidance
Client Education - Internal Control Clarification
§ 200.303 Internal controls.
The non-Federal entity must: (a) Establish and maintain effective
internal control over the Federal award that provides reasonable
assurance that the non-Federal entity is managing the Federal award
in compliance with Federal statutes, regulations, and the terms and
conditions of the Federal award. These internal controls should be
in compliance with guidance in “Standards for Internal Control in the
Federal Government” [Green Book] issued by the Comptroller General
of the United States and the “Internal Control Integrated Framework”,
issued by the Committee of Sponsoring Organizations of the Treadway
Commission (COSO).
OMB has stated that the should is meant to be a “best
practice” and not a presumptively mandatory
requirement 115
American Institute of CPAs®
Resources and Tools Available
from the GAQC and AICPA
116
8/8/2014
59
American Institute of CPAs®
Primary Guidance for Yellow
Book and Single Audit
Requirements
• Government Auditing
Standards & Circular A-133
Audits
Other Industries Include:
• State and Local Governments
• Not for Profit Entities
• Health Care Entities
• Gaming
• Sampling
Audit Risk Alerts
Checklists & Illustrative
Statements
AICPA Audit Guides are Valuable Tools
117
American Institute of CPAs®
GAQC Resources
GAQC Web site (www.aicpa.org/GAQC)
118
8/8/2014
60
American Institute of CPAs®
GAQC Mission and History
Overall mission to improve governmental audit quality and to
be a resource to members
Why Center launched?
• Indicators of problems with these audits from federal agencies
(e.g., PCIE study), peer reviews, and ethics referrals
• Proactive launch in light of expected federal study on single audit
quality which began in 2005 (report issued in 2007)
Milestones
• Council approved concept in 2003
• Board approved GAQC membership requirements in 2004
• Center launched September 2004
• Board approved state audit organization membership in 2009
• 10th year anniversary 2014
119
American Institute of CPAs®
92%
8%
Dollar Coverage
GAQC member firms
Non-GAQC member firms
64%
36%
Number of Single Audits
GAQC member firms
Non-GAQC member firms
GAQC Member Firm Coverage of Single
Audits
120