Lifecycle Approach to

advertisement
Lifecycle
Approach to
Audit
presented by:
Ruth Boardman
Mira L. Levine
Leading Excellence in Research
Costing Practices
Conference October 13 - 15, 2015
Data Analytics and Audits- how
does it work?
 Life
cycle Approach to Audit
 NSF Data Analytics
 A-133 Audits
 University
of Illinois Urbana-ChampaignSpecific example (A-133 vs. NSF Data
Analytics audits- what happened??)
2
Lifecycle of Audit
Entrance Conference and Data Request
Sample Analysis
Fieldwork
Post Fieldwork Follow up
Draft Audit Report
Final Audit Report/Audit Resolution
3
Entrance Conference and Data
Request
 Entrance



Conference
Audit logistics
Field work set up
Opportunity to ask questions
 Data



Request- NSF Data Analytics
includes:
General Ledger and Sub Ledgers
Data dictionaries and control totals
Data models and flow charts
4
NSF Data Analytics
 Data
analytics-driven risk-based
methodology to improve oversight and
identify institutions that may not used
Federal funds properly.
 Techniques

to surface questionable
expenditures
Opportunity for self assessment during
Sample Analysis
5
NSF Data Analytics (con’t)
 Lifecycle



approach to oversight.
Mapping of end to end processes to
identify adequacy of controls
100% review of key financial and
program information
Focus attention on award and
expenditure anomalies
 Complements
approaches
traditional oversight
6
NSF Data Analytics (con’t)
 Data





Analytics Audit Objectives
Target fieldwork phase of audit using
data analytics.
Monitor grant spending
Allowable, allocable and reasonable
Conformance with terms and conditions
In compliance with federal regs (UG)
7
Sample Analysis
 NSF

Data Analytics
NSF analyzes your data in conjunction
with their internal data
 Data

Analytics defined:
Utilizing set rules to perform knowledge
discovery on the receipt and use of
federal award funds
8
Sample Analysis
 Self

Assessment
Analyze data like NSF would
 Identify




Weaknesses
Broad- at college/department level
Discrete- at transaction level
Look for patterns and anomalies
What to do if you find an issue
9
Sample Analysis- Findings
 Manual


Audit Testing Worksheet
Transaction specific
Preliminary findings and audit specific
 Possible



focus areas:
Equipment at end of project period
Travel- not budgeted for
Examples from University
10
Fieldwork
 Onsite






Review
May result in follow up worksheet
Review transactions in detail prior to
giving to auditors
Organized documentation
Timely submission
Easy to follow explanations
Logistics- Room & Contacts
11
Post Fieldwork Follow up
 Initial





Institution Response-review findings
and provide explanation and supporting
documentation
Concede charge
Support charge
Detailed and clear explanations
Reference policies and procedures
Open lines of communication
12
Audit Reports
 Draft



Audit Report
Do detailed analysis
Request workpapers
Submit a comprehensive response
 Final



Audit Report
Findings resolved by sponsoring agency
Verify changes from draft report
Appeals
13
A-133 Audits- Annual Review
 OMB
Circular A-133- Audits of States, Local
Govts and other Non Profits
 One


annual audit
Rather than each agency conducting
their own individual audits
External auditor
14
A-133 Audits- Testing
 Updated
policies and procedures (UG!)
 General testing
 Specific




award testing
10-20 projects selected for detail testing
Major programs
Dollar amount and scope
Judgmental sample from auditors
15
A-133 Audits- Testing (con’t)
 Grant






testing
Award documents and reports
Expenditures- overall
Expenditures – payroll/effort
Subrecipients & Cost transfers
Equipment
F&A reconciliations
16
A-133 Audits- Testing (con’t)
 Grant






testing
Award documents and reports
Expenditures- overall
Expenditures – payroll/effort
Subrecipients & Cost transfers
Equipment
F&A reconciliations
17
University of Illinois UrbanaChampaign
 In



the beginning…
Policies and Procedure
Internal Controls
Staffing
 At


the end…
Corrective Action Plans
Audit Resolution
18
Policies and Procedures
 Rewrite
of policies undertaken with UG
 Multiple Stakeholders


Pre-Award
Post-Award
 Compliance


Internal Audits
Open Comment Period for all
19
Internal Controls
 What
are they?
 Are they documented?
 Can you explain them to an auditor?
20
Staffing
 Centralized

How do you keep them?
 Continuing
Education/Professional
Development
 Decentralized

How to you update and educate?
 Research
Administrator education series
 Tools to assist in decision-making, and
documentation
21
The Tale of Two Audits
22
A-133 Audit vs. NSF Audit- University of
Illinois at Urbana-Champaign
 A-133

Audit
Multiple findings
with no
materiality (few
questioned costs)
 Cross-cutting
 Resistant to
Agency input
 NSF

 Written

Challenging
working
relationship
Audit
Limited findings
 Small
dollar
 Documentation
issues


Should have been
able to support
Good working
relation with
auditors
23
A-133 Experience
 National
Firm
 Six year contract

Contracted by the State Auditor General
 Definite
ideas on “HOW” things “should”
be done.
 Every exception is a finding (internal
control).
24
Findings
 FY08
with former auditors
25
And the Next Year… 30
findings
 FY09
26
No Threshold of Materiality
 All
Findings were internal control findings
 Questioned Costs


Cannot be determined
Volunteer Rate - $111,146
 Management


is in SHOCK
Tries to mitigate through negotiations with
the firm.
With limited previous findings, should we
Accept all findings?
27
A New ERA Begins
 Federal






Audit Resolution
Formed a working group
Lead by Cognizants
Major Agencies involved
History Makers or Guinea Pigs
Management Decision Letters
Reliance on Audit Firm
28
Next Five Years
 Findings
decreased, but still addressed
business practices that were not like other
auditees
 Limited to no questioned costs
 Management understands importance of
not accepting findings based on
new/different Firm interpretation
 Agencies provide support to University
29
MDLs and the Firm
 Cost

Transfer Finding
Not Sustained in FY12 and FY13
 FY13

written as non-repeat
Repeat Finding in FY14
 Not
accepted and under Federal Audit
Resolution
 Firm did not find that the Banner Accounting
System Data met the needs of the external
user
 Documentation internal to Banner was for the
informed internal user
30
Changes in the
Compliance Supplement
 ARRA

Best available data methodology (using
COGR guidance)
 NSF

SEFA and Single Audit Treatment
Treat all as RD
31
Issues with State Agency
Audits
 Auditing
both State Agency and the
University on Pass-Thru from Feds
 Testing at University related to Agency
finding
 Call with Agency addressing exception
32
Agency MDLs and
Corrective Actions
 Difficult
to implement a strong corrective
action for one exception related to
human error.
 MDLs are not available for Subrecipient
monitoring (not sustained or corrective
action deemed adequate).
 Difficult to engage Agency due to
reduced staffing and increasing demands
(UG).
33
Modified or Increased
Terms and Conditions
 Very

few instances
NASA – clean audit (What does that
mean?)
 Institutions
the audit.


engaging in dialogue about
What did you think when you read it?
Overall supportive of UI approach.
 Substantial
time and resource
requirement.
34
What if this happens to
you?
35
Resources
 Hire
a great Compliance Staff!
 Reach out to your supportive Agency
contacts.

We relied on ONR and ED.
 Reach
out to FDP or COGR.
 Ask colleagues at other institutions.
 Reach out to your consultants.
 Find the expertise you need.
36
Attend Great Conferences
 NACCA



Learn from others.
Network and make contacts
Meet your Federal cognizants.
37
Share your Story and
Expertise

We need to work together to ensure that the
standards being pushed by the audit community
do not border on perfection (unattainable) but
provide reasonable assurances as required in the
regulations.
Uniform Guidance
§200.61 Internal controls.
Internal controls means a process, implemented by a non-Federal entity, designed to provide reasonable
assurance regarding the achievement of objectives in the following categories:
(a) Effectiveness and efficiency of operations;
(b) Reliability of reporting for internal and external use; and
(c) Compliance with applicable laws and regulations.
38
Questions and Comments
39
Contact Information
 Ruth
Boardman
Associate Director Audit and Compliance
University of Illinois Urbana-Champaign
rcoffey1@uillinois.edu
 Mira
L. Levine
Manager
MAXIMUS Higher Education Practice
mirallevine@maximus.com
40
Download