Lifecycle Approach to Audit presented by: Ruth Boardman Mira L. Levine Leading Excellence in...

Lifecycle Approach to Audit presented by:Ruth BoardmanMira L. Levine

Leading Excellence in Research Costing Practices

Conference October 13 - 15, 2015

2

Data Analytics and Audits- how does it work?

Life cycle Approach to Audit NSF Data Analytics A-133 Audits

University of Illinois Urbana-Champaign- Specific example (A-133 vs. NSF Data Analytics audits- what happened??)

3

Lifecycle of Audit

Entrance Conference and Data Request

Sample Analysis

Fieldwork

Post Fieldwork Follow up

Draft Audit Report

Final Audit Report/Audit Resolution

4

Entrance Conference and Data Request Entrance Conference Audit logistics Field work set up Opportunity to ask questions

Data Request- NSF Data Analytics includes:

General Ledger and Sub Ledgers Data dictionaries and control totals Data models and flow charts

5

NSF Data Analytics

Data analytics-driven risk-based methodology to improve oversight and identify institutions that may not used Federal funds properly.

Techniques to surface questionable expenditures

Opportunity for self assessment during

Sample Analysis

6

NSF Data Analytics (con’t)

Lifecycle approach to oversight. Mapping of end to end processes to identify adequacy of controls 100% review of key financial and program information Focus attention on award and expenditure anomalies

Complements traditional oversight approaches

7

NSF Data Analytics (con’t)

Data Analytics Audit Objectives

Target fieldwork phase of audit using data analytics. Monitor grant spending Allowable, allocable and reasonable Conformance with terms and

conditions In compliance with federal regs (UG)

8

Sample Analysis

NSF Data Analytics NSF analyzes your data in

conjunction with their internal data

Data Analytics defined: Utilizing set rules to perform

knowledge discovery on the receipt and use of federal award funds

9

Sample Analysis

Self Assessment Analyze data like NSF would

Identify Weaknesses Broad- at college/department level Discrete- at transaction level Look for patterns and anomalies What to do if you find an issue

10

Sample Analysis- Findings

Manual Audit Testing Worksheet Transaction specific Preliminary findings and audit specific

Possible focus areas: Equipment at end of project period Travel- not budgeted for Examples from University

11

Fieldwork

Onsite Review May result in follow up worksheet Review transactions in detail prior to giving to auditors Organized documentation Timely submission Easy to follow explanations Logistics- Room & Contacts

12

Post Fieldwork Follow up

Initial Institution Response-review findings and provide explanation and supporting documentation

Concede charge Support charge Detailed and clear explanations Reference policies and procedures Open lines of communication

13

Audit Reports

Draft Audit Report Do detailed analysis Request workpapers Submit a comprehensive response

Final Audit Report Findings resolved by sponsoring

agency Verify changes from draft report Appeals

14

A-133 Audits- Annual Review OMB Circular A-133- Audits of States,

Local Govts and other Non Profits

One annual audit Rather than each agency conducting their own individual audits External auditor

15

A-133 Audits- Testing

Updated policies and procedures (UG!) General testing

Specific award testing 10-20 projects selected for detail

testing Major programs Dollar amount and scope Judgmental sample from auditors

16

A-133 Audits- Testing (con’t) Grant testing Award documents and reports Expenditures- overall Expenditures – payroll/effort Subrecipients & Cost transfers Equipment F&A reconciliations

17

A-133 Audits- Testing (con’t) Grant testing Award documents and reports Expenditures- overall Expenditures – payroll/effort Subrecipients & Cost transfers Equipment F&A reconciliations

18

University of Illinois Urbana-Champaign

In the beginning… Policies and Procedure Internal Controls Staffing

At the end… Corrective Action Plans Audit Resolution

19

Policies and Procedures

Rewrite of policies undertaken with UG Multiple Stakeholders

Pre-Award Post-Award

Compliance Internal Audits Open Comment Period for all

20

Internal Controls

What are they? Are they documented? Can you explain them to an auditor?

21

Staffing

Centralized How do you keep them?

Continuing Education/Professional Development

Decentralized How to you update and educate?

Research Administrator education series Tools to assist in decision-making, and

documentation

22

The Tale of Two Audits

23

A-133 Audit vs. NSF Audit- University of Illinois at Urbana-Champaign

A-133 Audit Multiple findings

Written with no materiality (few questioned costs)

Cross-cutting Resistant to

Agency input Challenging

working relationship

NSF Audit Limited findings

Small dollar Documentation

issues Should have been

able to support Good working

relation with auditors

24

A-133 Experience

National Firm Six year contract

Contracted by the State Auditor General Definite ideas on “HOW” things “should”

be done. Every exception is a finding (internal

control).

25

Findings FY08 with former auditors

26

And the Next Year… 30 findings

FY09

27

No Threshold of Materiality

All Findings were internal control findings

Questioned Costs Cannot be determined Volunteer Rate - $111,146

Management is in SHOCK Tries to mitigate through negotiations with

the firm. With limited previous findings, should we

Accept all findings?

28

A New ERA Begins

Federal Audit Resolution Formed a working group Lead by Cognizants Major Agencies involved History Makers or Guinea Pigs Management Decision Letters Reliance on Audit Firm

29

Next Five Years

Findings decreased, but still addressed business practices that were not like other auditees

Limited to no questioned costs Management understands importance of

not accepting findings based on new/different Firm interpretation

Agencies provide support to University

30

MDLs and the Firm Cost Transfer Finding

Not Sustained in FY12 and FY13 FY13 written as non-repeat

Repeat Finding in FY14 Not accepted and under Federal Audit

Resolution Firm did not find that the Banner Accounting

System Data met the needs of the external user

Documentation internal to Banner was for the informed internal user

31

Changes in the Compliance Supplement

ARRA Best available data methodology (using

COGR guidance) NSF SEFA and Single Audit Treatment

Treat all as RD

32

Issues with State Agency Audits

Auditing both State Agency and the University on Pass-Thru from Feds

Testing at University related to Agency finding

Call with Agency addressing exception

33

Agency MDLs and Corrective Actions

Difficult to implement a strong corrective action for one exception related to human error.

MDLs are not available for Subrecipient monitoring (not sustained or corrective action deemed adequate).

Difficult to engage Agency due to reduced staffing and increasing demands (UG).

34

Modified or Increased Terms and Conditions

Very few instances NASA – clean audit (What does that

mean?) Institutions engaging in dialogue about

the audit. What did you think when you read it? Overall supportive of UI approach.

Substantial time and resource requirement.

35

What if this happens to you?

36

Resources

Hire a great Compliance Staff! Reach out to your supportive Agency

contacts. We relied on ONR and ED.

Reach out to FDP or COGR. Ask colleagues at other institutions. Reach out to your consultants. Find the expertise you need.

37

Attend Great Conferences

NACCA Learn from others. Network and make contacts Meet your Federal cognizants.

38

Share your Story and Expertise We need to work together to ensure that the

standards being pushed by the audit community do not border on perfection (unattainable) but provide reasonable assurances as required in the regulations.

Uniform Guidance

§200.61 Internal controls.Internal controls means a process, implemented by a non-Federal entity, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

(a) Effectiveness and efficiency of operations;(b) Reliability of reporting for internal and external use; and(c) Compliance with applicable laws and regulations.

39

Questions and Comments

40

Contact Information Ruth Boardman Associate Director Audit and Compliance University of Illinois Urbana-Champaign rcoffey1@uillinois.edu

Mira L. Levine Manager MAXIMUS Higher Education Practice mirallevine@maximus.com