Effort Reporting: A Departmental Approach to Meeting Audit Requirements Dianne Valdez, MBA, CIA, CISA, CCSA Enrique Valdez Jr., MBA Overview of Audit What do you think when you hear “Internal Audit”? What and Who is Internal Audit? • “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” 1 • “Performed by professionals with an in-depth understanding of the business culture, systems, and processes, the internal audit activity provides assurance that internal controls in place are adequate to mitigate the risks, governance processes are effective and efficient, and organizational goals and objectives are met.” 2 Internal Audit vs. External Audits Internal • Performed by auditors who are independent of operations, but are part of, and familiar with your institution. 3 • Audits based on: • Annual Risk Assessments • Management Requests • Specific Events and/or Incidents. External • Performed by State/Private/ Federal auditors to provide an independent opinion. 3 • Audits based on: • Regular Schedule • Special Requests • Specific Events and/or Incidents. • Samples are often extrapolated to full population. Types of Audits • Operational • Process • Departmental • Financial • Compliance • Combination What is Effort Reporting? • Required by Federal Government as requirement as condition for receiving federal funding.* • It is the means for reporting work on sponsored and non-sponsored funding sources. • A way for sponsors to be assured that they are getting what they are paying for. *Uniform Guidance discussion later in presentation. Effort Reporting Audits • Why are they Performed? • What is the Process? • What are the Benefits? The Auditor’s Role • Examine, evaluate, and recommend improvements to Internal Controls. • Internal Controls encompass the policies, procedures, activities, and systems that are designed to ensure: • • • • • Reliability, integrity, and security of information Compliance with regulations and guidance Safeguarding of assets Financial efficiency Accomplishment of objective/goals. The Department’s Role • Examine and evaluate policies, procedures, and systems in place. • Ensure: • Reliability and integrity of information • Compliance with policies, procedures, regulations, and guidance • Accomplishment of established objectives and goals. Effort Reporting Audits What auditors are looking for and how to prepare. Educated Faculty and Staff What Auditors look for: How Departments can prepare: • Understanding by faculty and staff of effort reporting requirements. • Consistency between reported and stated effort in interviews with faculty and staff. • No delegation of responsibility to unqualified individuals. • Send faculty and staff to institutional training, including refresher training. • Encourage departmental discussions and reviews of effort reporting. • Meet with faculty and staff to review applicable policies and procedures. Documented Controls What Auditors look for: How Departments can prepare: • Documented procedures that are clear and easy to understand. • Procedures that are compliant with institutional and sponsor requirements. • Indications that procedures are being followed. • Document and review procedures to ensure that they represent what you do. • Periodically review institutional and sponsor requirements. • Do what you say you will do and keep records as proof. All Effort Cards Certified in a Timely Manner What Auditors look for: • All cards are certified. • Cards were completed within the prescribed reporting period. • No cards were not reopened and recertified. How Departments can prepare: • Monitor and follow up with key personnel concerning all open effort cards. • Diligently follow institutional timeline requirements. • Make sure that effort reporting is done correctly the first time. Reasonable Level of Effort Commitments What Auditors look for: • Commitments commensurate with the level effort of the individual and at least 1% for Principal Investigators. • Commitment levels that allow time for other duties. • Consideration during preaward of what is reasonable if proposal is awarded. How Departments can prepare: • Periodically review total effort commitment levels for key personnel. • Ensure that key personnel have time for institutional and other duties. • Scrutinize proposed effort in applications, have a plan for requesting reductions if required. Reasonable Estimates of Effort What Auditors look for: • Effort not less than salary, but exact ties between salary and effort for the duration of the project can raise questions. • Effort not certified to the hundredth of a percent. • How Justified? • Effort applied to non project responsibilities • Teaching • Administrative Duties • Proposal writing. How Departments can prepare: • Report effort as an estimate that is not based upon salary: effort drives salary. • Encourage key personnel to review calendars, lab notebooks, data, and/or other documents to refresh their memories. • Avoid simply replicating previously reported effort percentages. Fulfilment of Effort Commitments What Auditors look for: How Departments can prepare: • Monitoring of changes • Consistently monitor, do not assume that the in reported effort to Sponsor will allow committed effort. Effort changes in commitment. commitments are • Initiate effort reduction obligations to sponsors. requests if required. Institutions do not have • Timely notification of authority to reduce sponsors in event that committed effort on a adjustment in sponsored program without approval. commitment needs to be made. Effort Reports are Consistent with Other Reports What Auditors look for: How Departments can prepare: • Consistency with Appointment Letters. • Consistency with Clinical Reporting Requirements, if applicable. • Consistency with progress reports. • Periodically review and compare Appointment Letters to effort. • Ensure that key personnel are meeting sponsor requirement as well as clinical responsibilities. • Prior to submitting progress reports, review certified effort for consistency. Dealing with Auditors • Treat internal auditors as professionals, and with respect. • They work for the same institution! • Be truthful and succinct with answers. • Qualify your responses if required. • Ask for clarification if required. • Demonstrates a desire to understand. • Keep an audit perspective by leaving a clean audit trail. • Document actions. • Develop processes that are easy for you to understand and explain. • This will promote understanding by the auditors. • Establish an audit file that contains: • Audit correspondence • Conversation notes. • Copies of all documentation provided to the internal auditor. Uniform Guidance Internal Controls get tested. Questions? References • 1 The Institute of Internal Auditors. (2013). Definition of Internal Auditing in The IIA's International Professional Practices Framework (IPPF). Retrieved from: https://na.theiia.org/standards-guidance/mandatoryguidance/Pages/Definition-of-Internal-Auditing.aspx • 2 The Institute of Internal Auditors. Retrieved from: https://na.theiia.org/about-us/about-ia/Pages/Aboutthe-Profession.aspx • 2 The Institute of Internal Auditors. Retrieved from: https://na.theiia.org/about-us/aboutia/Pages/frequently-asked-questions.aspx