Post Award
MUHAS, Dartmouth, UCSF
Surviving Audits
Tuesday October 21, 2014
Agenda
O Types of Audits
O Audits and the New Uniform Guidance
O Audit Requirements
O Audit Process (initiation to closure)
O Role of Internal Auditors
Positive Aspects of Audits
O Along with policies, procedures and internal
controls, audits are an essential tool in the
“compliance toolbox”
O Most audits are “not for cause” and designed as
a reasonable and efficient to see if we are:
O
O
O
O
O
O
Following sponsor rules
Following our rules
Implementing clear policies
Adequately training staff
Have adequate resources
Anything else?
At what time in the award
life-cycle should you think
about audits?
Discussion
Types of Audits
O Pre-award
O Financial Statement
O OMB Required Audit (formerly A133)
O Program Review (site visit that involves an
assessment of finance and administration)
O Internal audits
O “Not for cause” agency audits
O “For cause” agency audits
Foreign Recipients and the
Uniform Guidance
• Audit requirements (Subpart F) do not explicitly exclude foreign subrecipients,
unlike A-133 which stated specifically that it did not apply to “non-U.S. based
entities”.
• Subrecipient monitoring requirements suggest that prime recipients verify that
every subrecipient is audited as required by Subpart F when the subrecipient
reaches the audit threshold in UG § 200.501 ($750K).
• Sponsors may extend Subpart F or comparable audit requirements to foreign
recipients.
• If applicable, prime awardee must resolve foreign subrecipient audit findings
and issue a management decision.
• Common audit issues:– Effort reporting, VAT, indirect costs (under UG, foreign
subrecipients without an IDC rate may be eligible to charge the de minimus 10%
of MTDC, if not prohibited by sponsor policy. UG § 414(f)).
Do Audits Mitigate Risk to
the Project and the
Institution?
If “yes”, how? If “no”, how?
Discussion
Audits: Best Practices
O
Situations can be challenging due to:
O
O
O
O
Having to respond according to the auditor’s time frame
Staff may have to shift priorities on very short notice
Don’t panic
Assign a primary liaison: Think very very carefully about which staff are
tasked with working on the audit. It is never wise to deploy your least
experienced team member.
Notification
Institutional
Definition
Clearances
Management
Responses
of Scope
Audit
Report
Exit
Conference
&
Sponsor
Review
Preparation
Aar
Conditions
Fieldwork
Entrance
Conference
Sample Audit Roles and Responsibilities
Role
Responsibilities
Principal Investigator
•
•
•
Respond to questions about how expenses tie to program objectives
Respond to questions about personnel effort
Affirm awareness of controls and policies
Department Grant
Manager
•
•
•
Be available to meet with auditor along with OSP
Provide justification for expenses
Address department processes and controls
OSP
•
•
•
•
•
Receive audit notice and negotiate timing and scope
Serve as official point of contact
Clarify requests
Communicate with senior leaders
Document progress, items provided, resolution
Institutional Leadership
• Affirm institution’s standards of conduct, compliance
• Review responses and findings
• Respond to findings with resources, education or policy
Legal Counsel
• Review regulatory and sponsor audit provisions
• Assist in negotiation of scope and resolution as needed
Other Central Offices
• Provide source documentation
• Address policy questions
Preventive Audit “Medicine”
O Develop clear institutional policies and
O
O
O
O
continuously improve them
Identify areas of not meeting policies and
review and modify
Training
Limit exceptions to your policies and
document reasons
Monitor peer audits and sponsor guidance
Scope
O Request that the auditors provide a clear
definition of the timing, methodology, years
covered, and focus
O Is it reasonable to review every transaction?
O Refer to other recent audits including
internal reports that might have covered
part or all of the scope
O Express your position (in a nice way)
concerning the sample size and number of
years covered
Preparation
O Submit detailed transactional report for audit
O
O
O
O
sampling
Code every transaction selected on a tracking
tool to record date requested and provided
Review every transaction selected BEFORE
providing documents
Do not provide originals or working files
You are not required to provide more than
requested
Preparation
O Request and schedule an opening meeting to
discuss:
Scope and process
Timeline
Report
Ability of institution to review and comment on
report
O Close meeting
O
O
O
O
O Provide quiet space
O Appoint a liaison but stay actively involved with
daily updates
Fieldwork
O Always accompany the auditors for any visit
O
O
O
O
to a department or meeting with faculty or
staff
Instruct staff to not answer questions
outside of their job responsibilities
It’s ok to say “I will need to get back to you”
Respond with documentation and answers
as quickly as possible
Liaison to track all responses
Conclusion
O Obtain a copy of any report
O Confirm process and timeline for responses
NIH Grants Policy Statement
(until 12/26/14): Audits
16.7.4 Audit
Foreign grantees are subject to the same audit requirements as for-profit organizations (specified in
45 CFR 74.26(d) and in the Grants to For-Profit Organizations chapter).
18.4.5 Audit
The requirements for non-Federal audits of for-profit organizations are specified in 45 CFR 74.26(d). A
for-profit organization is required to have a non-Federal audit if, during its fiscal year, it expended a
total of $500,000 or more in Federal awards. 45 CFR 74.26(d) incorporates the thresholds and
deadlines of OMB Circular A-133 but provides for-profit organizations two options regarding the type
of audit that will satisfy the audit requirements. The grantee either may have (1) a financial-related
audit (as defined in, and in accordance with, the Government Auditing Standards (commonly known
as the "Yellow Book"), GPO stock 020-000-00-265-4, of a particular award in accordance with
Government Auditing Standards, in those cases where the recipient receives awards under only one
HHS program, or (2) an audit that meets the requirements of OMB Circular A-133.
OMB Circular A-133 is available electronically
athttp://www.whitehouse.gov/sites/default/files/omb/assets/a133/a133_revised_2007.pdf.
The Government Auditing Standards are available electronically
at http://www.gao.gov/govaud/ybk01.htm. Audits must be completed and submitted to the National
External Audit Review Center within 30 days after receipt of the auditor's report(s), or 9 months after
the end of the audit period, i.e., the end of the organization's fiscal year, whichever is earlier. The
address is found in Part III.
For-profit organizations expending less than $500,000 a year are not required to have an annual
audit for that year but must make their grant-related records available to NIH or other designated
officials for review or audit.
US Regulations: Single Audit
Act (A133)
O The Single Audit Act of 1984 established
requirements for audits of States, local
governments, and Indian tribal governments
that administer Federal financial assistance
programs.
O Threshold under Uniform Guidance will be
$750k
O Watch for agency implementations for nonUS recipients
COGR PRINCIPLE
VIII. ASSESSMENTS AND AUDITS
The institution has a formal system for compliance assessment and audit
that demonstrates that the institution complies with both federal
regulations and institutional and other sponsor policies.
Practice A. The institution has written policies and procedures drawn from
appropriate professional auditing standards for performing compliance
assessments, formal audits, and for reporting the results to the
appropriate, responsible official. These policies and procedures are
distributed to the appropriate institutional officials.
Indicator 1. The institution demonstrates a knowledge of and commitment
to compliance by performing risk-based compliance assessments in areas
of sponsored program activity and reports the results of such assessment
to the appropriate responsible official.
Indicator 2. The institution develops a risk-based assessment/audit plan
on a regular basis.
Principles
Indicator 3. The institution initiates formal risk-based
audits of administrative and financial systems that
support the sponsored program enterprise and reports the
results of such audits to the appropriate responsible
official. [See also, II-6, Subrecipient Monitoring.]
Indicator 4. The results of financial and compliance
audits are communicated to all affected individuals and
corrective action plans, as may be appropriate and
developed in response to compliance assessments, are
monitored for implementation.
Principles Audits
Practice B. The institution has written policies and procedures
for both its external audit and its internal audit responsibilities.
Indicator 1. There are policies in place to ensure the institution’s
auditor has the appropriate reporting relationship to ensure
independence within the organization.
Indicator 2. Procedures are in place to ensure that external
auditors are selected in accordance with a process that complies
with the requirements of OMB Circular A-133.
Indicator 3. The institution has an internal audit charter that
states the internal auditors’ responsibilities and authority.
Principles Audits
Practice C. The institution’s auditors and external auditors under
appropriate circumstances have unrestricted access to the institution’s
records, properties, and personnel as those relate to any given subject
under review.
Practice D. The institution has procedures for ongoing review of its
finances, compliance with its administrative directives, and conformance
with governmental laws and regulations.
Indicator 1. Audits of systems and operations are developed and
maintained on a regularly scheduled basis.
Indicator 2. Financial objectives, goals and control procedures are
established and maintained.
Indicator 3. Systems of controls adequately ensure the reliability and
integrity of financial and operating information.
Indicator 4. Systems of controls adequately safeguard and account for the
assets of the institution.
Indicator 5. Operations or programs are being conducted and their
performance measured consistent with established goals and objectives.
Principles Audits
Indicator 6. Systems of controls adequately measure
and ensure that resources are used economically and
efficiently.
Indicator 7. Reports are prepared for management
stating findings and recommendations, and significant
audit matters are reported directly to appropriate
officials.
Indicator 8. Adequate follow-up exists to determine that
appropriate actions are taken to resolve audit findings,
including those of subrecipients.
Principles Audits
Practice E. The institution complies with government auditing
requirements with respect to its federal programs.
Indicator 1. Controls are in place to ensure external audits are performed
in accordance with and submitted as required by federal regulations.
Indicator 2. Mechanisms exist to coordinate and manage the activities of
internal and external auditors.
Indicator 3. Controls are in place to ensure that nonprofit subrecipients
have met respective audit requirements and, in cases of noncompliance,
that corrective action is taken.
Indicator 4. There is periodic verification by internal and/or external
auditors of the subrecipient process instituted at the institution.
Indicator 5. The institution’s audit program includes tests for internal
controls and compliance with administrative requirements, such as the
compliance supplement to OMB Circular A-133.
Resources
O National Association of Cost Analysts
http://www.costaccounting.org/files/pdfs/01_2014_
audit_summary.pdf
O NACUBO http://www.nacubo.org/
O Single Audit Compliance supplement
http://www.whitehouse.gov/omb/circulars/a133_co
mpliance_supplement_2014
O MAXIMUS Higher Education Webinars on Federal
Compliance Webinar Series
http://www.maximus.com/highereducation/webinars