Preparing for your Agency Audit
under OMB CIRCULAR A 133
“What will auditors be testing?"
1
Presented by:
◦ Walter K. Frye, MBA, CPA
Revelation Management Systems, LLC
320 Main Street
West Orange, New Jersey
973-902-1040
walterfrye@aol.com
Web address:
www.fiscalinstitute.com
2
About the Presenter:







Management Consultant – Head Start & CAP
Agencies
CFO Head Start Grantee
Former Managing Partner of CPA Firm
Former “Big 4” Senior Tax Accountant
Former Assistant Professor of Accounting
(Audit, Tax)
T &TA Seminars
On-Going Monitoring & Self Assessment (Head
Start)
3
Single Audit Background
Governmental and Non-profit organizations
who receive over $500,000 of Federal Awards
are required to have a Single Audit
 Single Audit includes:

◦ Schedule of Expenditures of Federal Awards.
◦ Reporting on internal controls.
◦ Reporting on compliance requirements

There are 14 types of compliance requirements
that may be applicable to a Federal program.
4
Compliance Requirements
◦ Activities Allowed or
Unallowed
◦ Period of Availability of
Federal Funds
◦ Allowable Costs/Cost
Principles
◦ Procurement and Suspension
and Debarment
◦ Cash Management
◦ Program Income
◦ Davis-Bacon Act
◦ Real Property
Acquisition/Relocation
Assistance
◦ Eligibility
◦ Equipment and Real Property
Management
◦ Matching, Level of Effort,
Earmarking
◦ Reporting
◦ Subrecipient Monitoring
◦ Special Tests and Provisions
5
Increased Publicity of
Single Audit Reports
Federal Audit Clearinghouse is required to make public
all single audit reports filed for the year ending
September 30, 2009 and thereafter.
 Therefore, the Schedule of Findings and Questioned
costs will be made available to the public.
 Federal Agencies will prepare and submit to OMB
synopses of single audit findings relating to obligations
and expenditures of ARRA funding.
 OIG has increased their monitoring of Single Audits
with a focus on ARRA funds. Results of these audits will
also be made public.

6
OMB Circular A-133 Compliance
Supplement









The compliance supplement was previously updated on an annual
basis.
The March 2009 compliance supplement was issued on May 26,
2009.
As a result of ARRA, OMB planned to issue periodic compliance
supplement addendums.
Addendum No. 1, dated June 30, 2009, was issued on August 4,
2009.
Addendum No. 1 provided additional guidance for programs with
expenditures of ARRA funding.
The 2010 compliance supplement was issued June 2010.
The 2011 Compliance Supplement was due March 31, 2011.
The 2011 Compliance Supplement was issued June 1, 2011.
Effective for audits FYE June 30, 2011 and after.
7
ARRA Impact on the Single Audit
Documentation and testing of internal controls
over ARRA and Non-ARRA funded programs.
 Compliance Testing of the applicable 14
compliance requirements will be performed for
both ARRA and non-ARRA funded programs.


Note:(May still be applicable for Head Start
expansion grants) if agency fiscal year ended
August 31 or prior or for Continued ARRA
funding
8
Risk Assessment

OMB has stated that all ARRA funds should be
considered High-Risk.
9
Single Auditor’s
Testing Requirements

Internal Control
◦ Management must establish and maintain internal
control designed to reasonably ensure compliance
with Federal Laws, regulations, and program
compliance requirements, including internal control
designed to ensure compliance with ARRA
requirements.
◦ Auditor will then perform and document test work
related to internal control as required by OMB
Circular A-133.
10
Single Auditor’s
Testing Requirements

Activities Allowed or Unallowed
◦ None of the funds appropriated or otherwise
made available in ARRA may be used for any
casino or other gaming establishment,
aquarium, zoo, golf course or swimming pool.
◦ The auditor will sample vouchers to
determine that funds were not expended on
the items listed above.
11
Single Auditor’s
Testing Requirements

Davis-Bacon Act
◦ All laborers and mechanics employed by
contractors and sub-contractors on
projects in excess of $2,000 that are funded
directly by or assisted in whole or in part by
the ARRA are to be paid prevailing wages
under the Davis-Bacon Act.
12
Single Auditor’s
Testing Requirements

Procurement and Suspension and Debarment
◦ None of the funds appropriated or otherwise made available by the
ARRA may be used for the construction, alteration, maintenance or
repair of a public building or public work unless all of the iron, steel,
and manufactured goods used in the project are produced in the
United States. Exceptions are as follows:
 (a) Iron, steel, or relevant manufactured goods are not produced in the
United States in sufficient and reasonably available quantities and of a
satisfactory quality;
 (b) Inclusion of iron, steel, or manufactured goods produced in the United
States will increase the cost of the overall project by more than 25
percent; or
 (c) Applying the domestic preference would be inconsistent with the
public interest.
13
Single Auditor’s New
Testing Requirements

Procurement and Suspension and Debarment
◦ A Buy-American award term is required in all awards
for construction, alteration, maintenance, or repair of
a public building or public work.
◦ Auditors will review contracts to determine that the
award term has been included.
14
Single Auditor’s New
Testing Requirements

Reporting
◦ Specific and stricter reporting requirements for ARRA funds.
◦ The first reporting period for reports required by Section 1512 of
ARRA commenced on September 30, 2009 and the reports were
submitted by October 10, 2009.
◦ OMB issued M-1014 updated guidance on the ARRA (March 22, 2010)
which provided for continuous corrections period.
◦ Recipients are required to report for themselves and their first-tier
subrecipients.
◦ Recipients must require their subrecipients to properly report ARRA
funds.
◦ Initial ARRA Awards 1.84% (Quality Improvement) for the period July
1, 2009 ended September 30, 2010; final reports due October 2010 or
January 2011 (for close out).
15
Single Auditor’s
Testing Requirements

Reporting
◦ Recipients and “First-tier” recipients will be
required to identify ARRA funds separately in
their SEFA.
◦ “First-tier” subrecipients are those that
receive an award directly from a recipient (i.e.
county that receives money directly from the
State who received their money from the
Federal government.)
16
Single Auditor’s
Testing Requirements

Reporting
◦ Auditors must test the data elements of Section
1512
◦ Award Number
◦ Award Amount
◦ Total Federal Amount of ARRA Funds
Received/Invoiced
◦ Total Federal Amount of ARRA Expenditures
◦ # of Jobs – (The auditor is not required to test
the number of jobs as part of compliance work
performed on Section 1512 ARRA Reporting
17
Single Auditor’s
Testing Requirements

Subrecipient Monitoring
◦ Identify to first-tier subrecipients the requirements
to register in the Central Contractor Registration
(“CCR”), including obtaining a Dun and Bradstreet
Universal Numbering System number.
◦ Pass through entities must determine that the
subrecipients have current CCR registrations prior
to making subawards and perform periodic checks
to ensure that subrecipients are updating
information, as necessary.
18
Single Auditor’s
Testing Requirements

Special Tests and Provisions
◦ Recipients and subrecipients need to maintain
records that adequately identify the source and
application of ARRA funds. The auditor will
determine whether accounting records for ARRA
funds provide for the separate identification and
accounting required for ARRA awards and activity.
19
Single Auditor’s New
Testing Requirements

Special Tests and Provisions
◦ Recipients are required to separately identify ARRA
awards in their Schedule of Expenditures of Federal
Awards (“SEFA”) and in their SF-SAC (Data
Collection Form). Also, the reported expenditures
need to be supported by accounting records.
20
Single Auditor’s New
Testing Requirements

Special Tests and Provisions
◦ Recipients are required to separately identify to each
subrecipient, and document at the time of the subaward and disbursement of funds, the Federal award
number, CFDA number, and the amount of ARRA
funds and require their subrecipients to provide
similar identification in their SEFA and SF-SAC.
21
Best Practices
Auditors’ Responsibilities under SAS
#115
 How to reduce your agency’s risk of a
SAS #115 comment from your auditor
 Questions for your auditor?

22
SAS #115
Changed definitions of Significant Deficiencies and Material Weakness

“Material weakness is a deficiency, or combination of deficiencies, in internal control,
such that there is a reasonable possibility that a material misstatement of an
entity’s financial statements will not be prevented, or detected and corrected on a
timely basis.”
 Reasonable possibility exists when the likelihood of the event is either
reasonably possible or probable.

Under SAS 112 – “Material weakness is a significant deficiency . . . That results in
more that a remote likelihood that a material misstatement . . .”

Significant Deficiency is a deficiency, or combination of deficiencies, in internal
control, that is less severe that a material weakness, yet important enough to merit
attention by those charged with governance.
23
SAS 115
Revised list of deficiencies that are indicators of material
weaknesses.

Identification of fraud at any level (regardless of amount)

Prior period adjustment – reinstatement of previously issued final
statements, resulting from correction of error or fraud.

Identification of a material misstatement of the financial statements under
audit that indicate the misstatements would not have been detected by
entity’s internal control

Ineffective oversight of the entity’s financial reporting and internal control
by those charged with governance.
24
SAS 115
How to reduce your agency’s risk of a SAS #115 comment from your
auditor
Agencies should establish:
1.
A complete Accounting Policies and Procedures Manual
2.
Procedures should clearly identify controls in place to mitigate the risk of fraud
and/or financial statement misstatement
3.
Clearly document compliance with established control procedures
4.
Provide sufficient training and necessary tools to employees to ensure competency
and professional development
5.
Continuously monitor the Agency’s environment to ensure that procedures are
updated when needed (i.e. ACH transaction, direct deposit)
25
Points to Remember

Auditor can not be part of the agency’s internal control. If the
auditor is part of internal control then he/she is no longer
independent.

Auditor can not be a compensating control. The auditor is and
must remain independent and the agency needs to establish and
maintain internal control

System of Internal control extends beyond the G/L and includes
controls over preparation and reporting of the financial statements.
26
Points to Remember

Once comments are included in the SAS 115 letter, they must
remain in the letter until those charged with governance establish
policies or procedures for dealing with the significant deficiency or
material weakness.

Management or those charged with governance may decide that
the benefit does not outweigh the costs that would be incurred.
Even though this evaluation has been made, the auditor is
prohibited from removing the comment.
27
Questions ???
What do you really want to ask your
auditor but were afraid to ask?
28