Upload
noah-farmer
View
213
Download
1
Tags:
Embed Size (px)
Citation preview
Lifecycle Approach to Audit presented by:Ruth BoardmanMira L. Levine
Leading Excellence in Research Costing Practices
Conference October 13 - 15, 2015
2
Data Analytics and Audits- how does it work?
Life cycle Approach to Audit NSF Data Analytics A-133 Audits
University of Illinois Urbana-Champaign- Specific example (A-133 vs. NSF Data Analytics audits- what happened??)
3
Lifecycle of Audit
Entrance Conference and Data Request
Sample Analysis
Fieldwork
Post Fieldwork Follow up
Draft Audit Report
Final Audit Report/Audit Resolution
4
Entrance Conference and Data Request Entrance Conference Audit logistics Field work set up Opportunity to ask questions
Data Request- NSF Data Analytics includes:
General Ledger and Sub Ledgers Data dictionaries and control totals Data models and flow charts
5
NSF Data Analytics
Data analytics-driven risk-based methodology to improve oversight and identify institutions that may not used Federal funds properly.
Techniques to surface questionable expenditures
Opportunity for self assessment during
Sample Analysis
6
NSF Data Analytics (con’t)
Lifecycle approach to oversight. Mapping of end to end processes to identify adequacy of controls 100% review of key financial and program information Focus attention on award and expenditure anomalies
Complements traditional oversight approaches
7
NSF Data Analytics (con’t)
Data Analytics Audit Objectives
Target fieldwork phase of audit using data analytics. Monitor grant spending Allowable, allocable and reasonable Conformance with terms and
conditions In compliance with federal regs (UG)
8
Sample Analysis
NSF Data Analytics NSF analyzes your data in
conjunction with their internal data
Data Analytics defined: Utilizing set rules to perform
knowledge discovery on the receipt and use of federal award funds
9
Sample Analysis
Self Assessment Analyze data like NSF would
Identify Weaknesses Broad- at college/department level Discrete- at transaction level Look for patterns and anomalies What to do if you find an issue
10
Sample Analysis- Findings
Manual Audit Testing Worksheet Transaction specific Preliminary findings and audit specific
Possible focus areas: Equipment at end of project period Travel- not budgeted for Examples from University
11
Fieldwork
Onsite Review May result in follow up worksheet Review transactions in detail prior to giving to auditors Organized documentation Timely submission Easy to follow explanations Logistics- Room & Contacts
12
Post Fieldwork Follow up
Initial Institution Response-review findings and provide explanation and supporting documentation
Concede charge Support charge Detailed and clear explanations Reference policies and procedures Open lines of communication
13
Audit Reports
Draft Audit Report Do detailed analysis Request workpapers Submit a comprehensive response
Final Audit Report Findings resolved by sponsoring
agency Verify changes from draft report Appeals
14
A-133 Audits- Annual Review OMB Circular A-133- Audits of States,
Local Govts and other Non Profits
One annual audit Rather than each agency conducting their own individual audits External auditor
15
A-133 Audits- Testing
Updated policies and procedures (UG!) General testing
Specific award testing 10-20 projects selected for detail
testing Major programs Dollar amount and scope Judgmental sample from auditors
16
A-133 Audits- Testing (con’t) Grant testing Award documents and reports Expenditures- overall Expenditures – payroll/effort Subrecipients & Cost transfers Equipment F&A reconciliations
17
A-133 Audits- Testing (con’t) Grant testing Award documents and reports Expenditures- overall Expenditures – payroll/effort Subrecipients & Cost transfers Equipment F&A reconciliations
18
University of Illinois Urbana-Champaign
In the beginning… Policies and Procedure Internal Controls Staffing
At the end… Corrective Action Plans Audit Resolution
19
Policies and Procedures
Rewrite of policies undertaken with UG Multiple Stakeholders
Pre-Award Post-Award
Compliance Internal Audits Open Comment Period for all
20
Internal Controls
What are they? Are they documented? Can you explain them to an auditor?
21
Staffing
Centralized How do you keep them?
Continuing Education/Professional Development
Decentralized How to you update and educate?
Research Administrator education series Tools to assist in decision-making, and
documentation
22
The Tale of Two Audits
23
A-133 Audit vs. NSF Audit- University of Illinois at Urbana-Champaign
A-133 Audit Multiple findings
Written with no materiality (few questioned costs)
Cross-cutting Resistant to
Agency input Challenging
working relationship
NSF Audit Limited findings
Small dollar Documentation
issues Should have been
able to support Good working
relation with auditors
24
A-133 Experience
National Firm Six year contract
Contracted by the State Auditor General Definite ideas on “HOW” things “should”
be done. Every exception is a finding (internal
control).
25
Findings FY08 with former auditors
26
And the Next Year… 30 findings
FY09
27
No Threshold of Materiality
All Findings were internal control findings
Questioned Costs Cannot be determined Volunteer Rate - $111,146
Management is in SHOCK Tries to mitigate through negotiations with
the firm. With limited previous findings, should we
Accept all findings?
28
A New ERA Begins
Federal Audit Resolution Formed a working group Lead by Cognizants Major Agencies involved History Makers or Guinea Pigs Management Decision Letters Reliance on Audit Firm
29
Next Five Years
Findings decreased, but still addressed business practices that were not like other auditees
Limited to no questioned costs Management understands importance of
not accepting findings based on new/different Firm interpretation
Agencies provide support to University
30
MDLs and the Firm Cost Transfer Finding
Not Sustained in FY12 and FY13 FY13 written as non-repeat
Repeat Finding in FY14 Not accepted and under Federal Audit
Resolution Firm did not find that the Banner Accounting
System Data met the needs of the external user
Documentation internal to Banner was for the informed internal user
31
Changes in the Compliance Supplement
ARRA Best available data methodology (using
COGR guidance) NSF SEFA and Single Audit Treatment
Treat all as RD
32
Issues with State Agency Audits
Auditing both State Agency and the University on Pass-Thru from Feds
Testing at University related to Agency finding
Call with Agency addressing exception
33
Agency MDLs and Corrective Actions
Difficult to implement a strong corrective action for one exception related to human error.
MDLs are not available for Subrecipient monitoring (not sustained or corrective action deemed adequate).
Difficult to engage Agency due to reduced staffing and increasing demands (UG).
34
Modified or Increased Terms and Conditions
Very few instances NASA – clean audit (What does that
mean?) Institutions engaging in dialogue about
the audit. What did you think when you read it? Overall supportive of UI approach.
Substantial time and resource requirement.
35
What if this happens to you?
36
Resources
Hire a great Compliance Staff! Reach out to your supportive Agency
contacts. We relied on ONR and ED.
Reach out to FDP or COGR. Ask colleagues at other institutions. Reach out to your consultants. Find the expertise you need.
37
Attend Great Conferences
NACCA Learn from others. Network and make contacts Meet your Federal cognizants.
38
Share your Story and Expertise We need to work together to ensure that the
standards being pushed by the audit community do not border on perfection (unattainable) but provide reasonable assurances as required in the regulations.
Uniform Guidance
§200.61 Internal controls.Internal controls means a process, implemented by a non-Federal entity, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
(a) Effectiveness and efficiency of operations;(b) Reliability of reporting for internal and external use; and(c) Compliance with applicable laws and regulations.
39
Questions and Comments
40
Contact Information Ruth Boardman Associate Director Audit and Compliance University of Illinois Urbana-Champaign [email protected]
Mira L. Levine Manager MAXIMUS Higher Education Practice [email protected]