Lifecycle Approach to Audit presented by: Ruth Boardman Mira L. Levine Leading Excellence in Research Costing Practices Conference October 13 - 15, 2015 Data Analytics and Audits- how does it work? Life cycle Approach to Audit NSF Data Analytics A-133 Audits University of Illinois Urbana-ChampaignSpecific example (A-133 vs. NSF Data Analytics audits- what happened??) 2 Lifecycle of Audit Entrance Conference and Data Request Sample Analysis Fieldwork Post Fieldwork Follow up Draft Audit Report Final Audit Report/Audit Resolution 3 Entrance Conference and Data Request Entrance Conference Audit logistics Field work set up Opportunity to ask questions Data Request- NSF Data Analytics includes: General Ledger and Sub Ledgers Data dictionaries and control totals Data models and flow charts 4 NSF Data Analytics Data analytics-driven risk-based methodology to improve oversight and identify institutions that may not used Federal funds properly. Techniques to surface questionable expenditures Opportunity for self assessment during Sample Analysis 5 NSF Data Analytics (con’t) Lifecycle approach to oversight. Mapping of end to end processes to identify adequacy of controls 100% review of key financial and program information Focus attention on award and expenditure anomalies Complements approaches traditional oversight 6 NSF Data Analytics (con’t) Data Analytics Audit Objectives Target fieldwork phase of audit using data analytics. Monitor grant spending Allowable, allocable and reasonable Conformance with terms and conditions In compliance with federal regs (UG) 7 Sample Analysis NSF Data Analytics NSF analyzes your data in conjunction with their internal data Data Analytics defined: Utilizing set rules to perform knowledge discovery on the receipt and use of federal award funds 8 Sample Analysis Self Assessment Analyze data like NSF would Identify Weaknesses Broad- at college/department level Discrete- at transaction level Look for patterns and anomalies What to do if you find an issue 9 Sample Analysis- Findings Manual Audit Testing Worksheet Transaction specific Preliminary findings and audit specific Possible focus areas: Equipment at end of project period Travel- not budgeted for Examples from University 10 Fieldwork Onsite Review May result in follow up worksheet Review transactions in detail prior to giving to auditors Organized documentation Timely submission Easy to follow explanations Logistics- Room & Contacts 11 Post Fieldwork Follow up Initial Institution Response-review findings and provide explanation and supporting documentation Concede charge Support charge Detailed and clear explanations Reference policies and procedures Open lines of communication 12 Audit Reports Draft Audit Report Do detailed analysis Request workpapers Submit a comprehensive response Final Audit Report Findings resolved by sponsoring agency Verify changes from draft report Appeals 13 A-133 Audits- Annual Review OMB Circular A-133- Audits of States, Local Govts and other Non Profits One annual audit Rather than each agency conducting their own individual audits External auditor 14 A-133 Audits- Testing Updated policies and procedures (UG!) General testing Specific award testing 10-20 projects selected for detail testing Major programs Dollar amount and scope Judgmental sample from auditors 15 A-133 Audits- Testing (con’t) Grant testing Award documents and reports Expenditures- overall Expenditures – payroll/effort Subrecipients & Cost transfers Equipment F&A reconciliations 16 A-133 Audits- Testing (con’t) Grant testing Award documents and reports Expenditures- overall Expenditures – payroll/effort Subrecipients & Cost transfers Equipment F&A reconciliations 17 University of Illinois UrbanaChampaign In the beginning… Policies and Procedure Internal Controls Staffing At the end… Corrective Action Plans Audit Resolution 18 Policies and Procedures Rewrite of policies undertaken with UG Multiple Stakeholders Pre-Award Post-Award Compliance Internal Audits Open Comment Period for all 19 Internal Controls What are they? Are they documented? Can you explain them to an auditor? 20 Staffing Centralized How do you keep them? Continuing Education/Professional Development Decentralized How to you update and educate? Research Administrator education series Tools to assist in decision-making, and documentation 21 The Tale of Two Audits 22 A-133 Audit vs. NSF Audit- University of Illinois at Urbana-Champaign A-133 Audit Multiple findings with no materiality (few questioned costs) Cross-cutting Resistant to Agency input NSF Written Challenging working relationship Audit Limited findings Small dollar Documentation issues Should have been able to support Good working relation with auditors 23 A-133 Experience National Firm Six year contract Contracted by the State Auditor General Definite ideas on “HOW” things “should” be done. Every exception is a finding (internal control). 24 Findings FY08 with former auditors 25 And the Next Year… 30 findings FY09 26 No Threshold of Materiality All Findings were internal control findings Questioned Costs Cannot be determined Volunteer Rate - $111,146 Management is in SHOCK Tries to mitigate through negotiations with the firm. With limited previous findings, should we Accept all findings? 27 A New ERA Begins Federal Audit Resolution Formed a working group Lead by Cognizants Major Agencies involved History Makers or Guinea Pigs Management Decision Letters Reliance on Audit Firm 28 Next Five Years Findings decreased, but still addressed business practices that were not like other auditees Limited to no questioned costs Management understands importance of not accepting findings based on new/different Firm interpretation Agencies provide support to University 29 MDLs and the Firm Cost Transfer Finding Not Sustained in FY12 and FY13 FY13 written as non-repeat Repeat Finding in FY14 Not accepted and under Federal Audit Resolution Firm did not find that the Banner Accounting System Data met the needs of the external user Documentation internal to Banner was for the informed internal user 30 Changes in the Compliance Supplement ARRA Best available data methodology (using COGR guidance) NSF SEFA and Single Audit Treatment Treat all as RD 31 Issues with State Agency Audits Auditing both State Agency and the University on Pass-Thru from Feds Testing at University related to Agency finding Call with Agency addressing exception 32 Agency MDLs and Corrective Actions Difficult to implement a strong corrective action for one exception related to human error. MDLs are not available for Subrecipient monitoring (not sustained or corrective action deemed adequate). Difficult to engage Agency due to reduced staffing and increasing demands (UG). 33 Modified or Increased Terms and Conditions Very few instances NASA – clean audit (What does that mean?) Institutions the audit. engaging in dialogue about What did you think when you read it? Overall supportive of UI approach. Substantial time and resource requirement. 34 What if this happens to you? 35 Resources Hire a great Compliance Staff! Reach out to your supportive Agency contacts. We relied on ONR and ED. Reach out to FDP or COGR. Ask colleagues at other institutions. Reach out to your consultants. Find the expertise you need. 36 Attend Great Conferences NACCA Learn from others. Network and make contacts Meet your Federal cognizants. 37 Share your Story and Expertise We need to work together to ensure that the standards being pushed by the audit community do not border on perfection (unattainable) but provide reasonable assurances as required in the regulations. Uniform Guidance §200.61 Internal controls. Internal controls means a process, implemented by a non-Federal entity, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: (a) Effectiveness and efficiency of operations; (b) Reliability of reporting for internal and external use; and (c) Compliance with applicable laws and regulations. 38 Questions and Comments 39 Contact Information Ruth Boardman Associate Director Audit and Compliance University of Illinois Urbana-Champaign rcoffey1@uillinois.edu Mira L. Levine Manager MAXIMUS Higher Education Practice mirallevine@maximus.com 40