Preparing for your Agency Audit under OMB CIRCULAR A 133 “What will auditors be testing?" 1 Presented by: ◦ Walter K. Frye, MBA, CPA Revelation Management Systems, LLC 320 Main Street West Orange, New Jersey 973-902-1040 walterfrye@aol.com Web address: www.fiscalinstitute.com 2 About the Presenter: Management Consultant – Head Start & CAP Agencies CFO Head Start Grantee Former Managing Partner of CPA Firm Former “Big 4” Senior Tax Accountant Former Assistant Professor of Accounting (Audit, Tax) T &TA Seminars On-Going Monitoring & Self Assessment (Head Start) 3 Single Audit Background Governmental and Non-profit organizations who receive over $500,000 of Federal Awards are required to have a Single Audit Single Audit includes: ◦ Schedule of Expenditures of Federal Awards. ◦ Reporting on internal controls. ◦ Reporting on compliance requirements There are 14 types of compliance requirements that may be applicable to a Federal program. 4 Compliance Requirements ◦ Activities Allowed or Unallowed ◦ Period of Availability of Federal Funds ◦ Allowable Costs/Cost Principles ◦ Procurement and Suspension and Debarment ◦ Cash Management ◦ Program Income ◦ Davis-Bacon Act ◦ Real Property Acquisition/Relocation Assistance ◦ Eligibility ◦ Equipment and Real Property Management ◦ Matching, Level of Effort, Earmarking ◦ Reporting ◦ Subrecipient Monitoring ◦ Special Tests and Provisions 5 Increased Publicity of Single Audit Reports Federal Audit Clearinghouse is required to make public all single audit reports filed for the year ending September 30, 2009 and thereafter. Therefore, the Schedule of Findings and Questioned costs will be made available to the public. Federal Agencies will prepare and submit to OMB synopses of single audit findings relating to obligations and expenditures of ARRA funding. OIG has increased their monitoring of Single Audits with a focus on ARRA funds. Results of these audits will also be made public. 6 OMB Circular A-133 Compliance Supplement The compliance supplement was previously updated on an annual basis. The March 2009 compliance supplement was issued on May 26, 2009. As a result of ARRA, OMB planned to issue periodic compliance supplement addendums. Addendum No. 1, dated June 30, 2009, was issued on August 4, 2009. Addendum No. 1 provided additional guidance for programs with expenditures of ARRA funding. The 2010 compliance supplement was issued June 2010. The 2011 Compliance Supplement was due March 31, 2011. The 2011 Compliance Supplement was issued June 1, 2011. Effective for audits FYE June 30, 2011 and after. 7 ARRA Impact on the Single Audit Documentation and testing of internal controls over ARRA and Non-ARRA funded programs. Compliance Testing of the applicable 14 compliance requirements will be performed for both ARRA and non-ARRA funded programs. Note:(May still be applicable for Head Start expansion grants) if agency fiscal year ended August 31 or prior or for Continued ARRA funding 8 Risk Assessment OMB has stated that all ARRA funds should be considered High-Risk. 9 Single Auditor’s Testing Requirements Internal Control ◦ Management must establish and maintain internal control designed to reasonably ensure compliance with Federal Laws, regulations, and program compliance requirements, including internal control designed to ensure compliance with ARRA requirements. ◦ Auditor will then perform and document test work related to internal control as required by OMB Circular A-133. 10 Single Auditor’s Testing Requirements Activities Allowed or Unallowed ◦ None of the funds appropriated or otherwise made available in ARRA may be used for any casino or other gaming establishment, aquarium, zoo, golf course or swimming pool. ◦ The auditor will sample vouchers to determine that funds were not expended on the items listed above. 11 Single Auditor’s Testing Requirements Davis-Bacon Act ◦ All laborers and mechanics employed by contractors and sub-contractors on projects in excess of $2,000 that are funded directly by or assisted in whole or in part by the ARRA are to be paid prevailing wages under the Davis-Bacon Act. 12 Single Auditor’s Testing Requirements Procurement and Suspension and Debarment ◦ None of the funds appropriated or otherwise made available by the ARRA may be used for the construction, alteration, maintenance or repair of a public building or public work unless all of the iron, steel, and manufactured goods used in the project are produced in the United States. Exceptions are as follows: (a) Iron, steel, or relevant manufactured goods are not produced in the United States in sufficient and reasonably available quantities and of a satisfactory quality; (b) Inclusion of iron, steel, or manufactured goods produced in the United States will increase the cost of the overall project by more than 25 percent; or (c) Applying the domestic preference would be inconsistent with the public interest. 13 Single Auditor’s New Testing Requirements Procurement and Suspension and Debarment ◦ A Buy-American award term is required in all awards for construction, alteration, maintenance, or repair of a public building or public work. ◦ Auditors will review contracts to determine that the award term has been included. 14 Single Auditor’s New Testing Requirements Reporting ◦ Specific and stricter reporting requirements for ARRA funds. ◦ The first reporting period for reports required by Section 1512 of ARRA commenced on September 30, 2009 and the reports were submitted by October 10, 2009. ◦ OMB issued M-1014 updated guidance on the ARRA (March 22, 2010) which provided for continuous corrections period. ◦ Recipients are required to report for themselves and their first-tier subrecipients. ◦ Recipients must require their subrecipients to properly report ARRA funds. ◦ Initial ARRA Awards 1.84% (Quality Improvement) for the period July 1, 2009 ended September 30, 2010; final reports due October 2010 or January 2011 (for close out). 15 Single Auditor’s Testing Requirements Reporting ◦ Recipients and “First-tier” recipients will be required to identify ARRA funds separately in their SEFA. ◦ “First-tier” subrecipients are those that receive an award directly from a recipient (i.e. county that receives money directly from the State who received their money from the Federal government.) 16 Single Auditor’s Testing Requirements Reporting ◦ Auditors must test the data elements of Section 1512 ◦ Award Number ◦ Award Amount ◦ Total Federal Amount of ARRA Funds Received/Invoiced ◦ Total Federal Amount of ARRA Expenditures ◦ # of Jobs – (The auditor is not required to test the number of jobs as part of compliance work performed on Section 1512 ARRA Reporting 17 Single Auditor’s Testing Requirements Subrecipient Monitoring ◦ Identify to first-tier subrecipients the requirements to register in the Central Contractor Registration (“CCR”), including obtaining a Dun and Bradstreet Universal Numbering System number. ◦ Pass through entities must determine that the subrecipients have current CCR registrations prior to making subawards and perform periodic checks to ensure that subrecipients are updating information, as necessary. 18 Single Auditor’s Testing Requirements Special Tests and Provisions ◦ Recipients and subrecipients need to maintain records that adequately identify the source and application of ARRA funds. The auditor will determine whether accounting records for ARRA funds provide for the separate identification and accounting required for ARRA awards and activity. 19 Single Auditor’s New Testing Requirements Special Tests and Provisions ◦ Recipients are required to separately identify ARRA awards in their Schedule of Expenditures of Federal Awards (“SEFA”) and in their SF-SAC (Data Collection Form). Also, the reported expenditures need to be supported by accounting records. 20 Single Auditor’s New Testing Requirements Special Tests and Provisions ◦ Recipients are required to separately identify to each subrecipient, and document at the time of the subaward and disbursement of funds, the Federal award number, CFDA number, and the amount of ARRA funds and require their subrecipients to provide similar identification in their SEFA and SF-SAC. 21 Best Practices Auditors’ Responsibilities under SAS #115 How to reduce your agency’s risk of a SAS #115 comment from your auditor Questions for your auditor? 22 SAS #115 Changed definitions of Significant Deficiencies and Material Weakness “Material weakness is a deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of an entity’s financial statements will not be prevented, or detected and corrected on a timely basis.” Reasonable possibility exists when the likelihood of the event is either reasonably possible or probable. Under SAS 112 – “Material weakness is a significant deficiency . . . That results in more that a remote likelihood that a material misstatement . . .” Significant Deficiency is a deficiency, or combination of deficiencies, in internal control, that is less severe that a material weakness, yet important enough to merit attention by those charged with governance. 23 SAS 115 Revised list of deficiencies that are indicators of material weaknesses. Identification of fraud at any level (regardless of amount) Prior period adjustment – reinstatement of previously issued final statements, resulting from correction of error or fraud. Identification of a material misstatement of the financial statements under audit that indicate the misstatements would not have been detected by entity’s internal control Ineffective oversight of the entity’s financial reporting and internal control by those charged with governance. 24 SAS 115 How to reduce your agency’s risk of a SAS #115 comment from your auditor Agencies should establish: 1. A complete Accounting Policies and Procedures Manual 2. Procedures should clearly identify controls in place to mitigate the risk of fraud and/or financial statement misstatement 3. Clearly document compliance with established control procedures 4. Provide sufficient training and necessary tools to employees to ensure competency and professional development 5. Continuously monitor the Agency’s environment to ensure that procedures are updated when needed (i.e. ACH transaction, direct deposit) 25 Points to Remember Auditor can not be part of the agency’s internal control. If the auditor is part of internal control then he/she is no longer independent. Auditor can not be a compensating control. The auditor is and must remain independent and the agency needs to establish and maintain internal control System of Internal control extends beyond the G/L and includes controls over preparation and reporting of the financial statements. 26 Points to Remember Once comments are included in the SAS 115 letter, they must remain in the letter until those charged with governance establish policies or procedures for dealing with the significant deficiency or material weakness. Management or those charged with governance may decide that the benefit does not outweigh the costs that would be incurred. Even though this evaluation has been made, the auditor is prohibited from removing the comment. 27 Questions ??? What do you really want to ask your auditor but were afraid to ask? 28