POST-AWARD FINANCIAL COMPLIANCE Presented by: Jerry Fife, Assistant Vice Chancellor for Research Finance, Vanderbilt University, jerry.g.fife@vanderbilt.edu Ted Mordhorst, Assistant Director for Post Award Compliance, University of Washington, tedm2@u.washington.edu Introduction COMPLIANCE: The legal and ethical conduct of sponsored projects or programs. This includes both the administrative and technical conduct of the project or program. Workshop Goal Participants will: gain a greater understanding of the post award compliance issues we all face. be provided with a tool for assessing and monitoring the various areas of compliance. Compliance – Why? Maintains relationship of TRUST with sponsors Provides for proper stewardship to safeguard investments in research. It is the right thing to do! What are the Risk Factors? Withholding of future awards. Audit findings/cost disallowances Criminal, civil and administrative penalties. Loss of administrative flexibility. What are the Risk Factors? Reputation with sponsors, donors, legislators, staff, faculty and students. Public embarrassment. Loss of public confidence. Financial Mismanagement Incorrect reporting of time and effort. Not accounting for or reporting program income. Improper allocation of costs. Financial Mismanagement Inconsistent/improper accounting of F&A costs. Last minute cost transfers. Improper payments to subcontractors. Federal Sentencing Guidelines One significant aspect of the Guidelines is that each organization is responsible for the wrongful acts of its employees as long as the employees were acting in their official capacity. The theory is that the organization shares a degree of culpability if an employee acts in an unlawful manner, even if the organization did not know of or approve of their actions. Federal Sentencing Guidelines Important factors upon which organizations will be judged by the federal government include: 1. 2. 3. 4. 5. the absence of proper internal controls, knowing participation by high level management, previous violations, lack of anti-fraud procedures and the absence of ethics training. What can we do? Initiate or maintain a proactive compliance program. The NIH Office of Inspector General suggested compliance program guidelines. NIH - OIG Compliance Program Guidance (CPG)for Recipients of NIH Research Grants The purpose of this guidance will be to assist organizations in preventing fraud and abuse and in better complying with Federal requirements. We anticipate that the guidance for recipients of NIH research grants will contain seven elements that we consider necessary for a comprehensive compliance program. These seven elements include: NIH – OIG (continued) Implementing written policies and procedures that foster an institutional commitment to stewardship and compliance; Designating a compliance officer and compliance committee; Conducting effective training and education; NIH – OIG (continued) Developing effective lines of communication; Conducting internal monitoring and auditing; Enforcing standards through wellpublicized disciplinary guidelines: NIH – OIG (continued) Responding promptly to detected problems, undertaking corrective action, and reporting to the appropriate Federal agency. NIH is also considering an eighth element, ``Defining roles and responsibilities and assigning oversight responsibility, '' that would include a discussion of the importance of effectively delegating oversight authority. Where to Begin? Identify areas that most commonly result in non-compliance Review recent audit results. Review agency audit plans DHHS PILOT AUDITS The DHHS OIG’s office plans to conduct pilot audits at universities in five areas. 1. 2. 3. 4. 5. Direct Charging of Clerical and Administrative Salaries Cost Transfers Cost Sharing/Matching Sub recipient Monitoring Effort Risk Management Plan Key component of institutional defense “due diligence”. Used to mitigate institutional risk to an acceptable level. Risk Assessment RISK – An uncertainty that could impact the institution’s ability to achieve it’s goals and objectives. Identify areas of Risk. Develop a Matrix Borrowed from the University of Texas at San Antonio web site with permission from Donna Holmes The Risk Matrix In the left hand column, Identify activities with the greatest risk. Examples: Allowable costs ? ? ? In the rows identify the risk factors. Example for allowable costs: Costs charged to a grant are not allocable to the grant. Areas used to Evaluate Risk level Balance size of population in dollars, (materiality). Size of area. Overall budgetary responsibility. Responsibility for federal funds. Areas used to Evaluate Risk level Employee turnover. Level of automation. Extent of decentralization. Areas used to Evaluate Risk level Segregation of duties. Applicability of external laws, regulations and terms & conditions Areas used to Evaluate Risk level Frequency of audit. Audit finding history Interest shown by outside constituents. Basis for Determining Compliance Federal regulations: OMB Circulars, FAR, etc. Award Terms & Conditions Non-federal Terms & Conditions Institutional Policies and Procedures, CAS Ethical Conduct Monitoring Plan Area to be assessed Specific risks Risk Rating Regulatory Basis Institutional Policy Person Responsible Monitoring Matrix Operating control Evidence of control Supervisory Control Evidence of control Oversight Control Evidence of control Training Matrix Who to train Level of knowledge required Frequency Trainer Testing method Reporting Matrix Activity to be reported Type of information to be reported Frequency of Reporting Recipient of report Key Components Written Policies & Procedures Assessment Training Anonymous reporting Wrap-Up Questions? Resources University Compliance web pages Agency OIG web pages NCURA and (SRA)