Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
PROCUREMENT (ANAUDITOR’S PERSPECTIVE)
Presented ByJeff Goolsby, CPA, CGMA
2
AGENDA• Understand Auditor Requirements for Governments
• Understand Special Considerations for Single Audits
• Smoothing the Audit Process
• Special Requirements For Selecting Auditors
• Overview Piggy Back Contracting
• Fraud Considerations in Procurement
• Answer Questions and Make You Smile
6
Expressions That “D” Has Proven Wrong
“You Can’t Put a Price on Happiness”
“A Picture is Worth A Thousand Words”
7
Governmental Audits
9
The External Auditor
• Issue an opinion on whether the financial statements are reasonable in all material respects with generally accepted accounting principles
• Understand effectiveness of internal controls as they relate to financial matters
10
Auditor Tasks
• Auditors have certain required tasks (universal):• Understanding internal controls and control
environment • Testing internal controls under governmental
standards• Understanding actual to budget and variances • Grant compliance• Testing of material items
Internal Controls Impacting Financial Matters
• Financial Reporting
• Journal Entries
• Revenue / Receivable Cycle
• Payroll Cycle
• Purchasing / Payable Cycle
• Grant compliance
12
New COSO Internal Control Framework
Updated COSO Framework: Components of Internal Control
Control Environment
Risk Assessment
Control Activities
Information & Communication
Monitoring Activities
1. Demonstrates commitment to integrity and ethical values2. Exercises oversight responsibility3. Establishes structure, authority and responsibility4. Demonstrates commitment to competence5. Enforces accountability
6. Specifies suitable objectives7. Identifies and analyzes risk8. Assesses fraud risk9. Identifies and analyzes significant change
10. Selects and develops control activities11. Selects and develops general controls over technology12. Deploys through policies and procedures
13. Uses relevant information14. Communicates internally15. Communicates externally
16. Conducts ongoing and/or separate evaluations17. Evaluates and communicates deficiencies
14
Governmental Audits
Audit of Financial Statements• Independent Auditor’s Report
• Independent Auditor’s Report on Internal Controls Over Financial Reporting and on Compliance and Other Matters Based on Audit of Financial Statements Performed in Accordance with Governmental Auditing Standards
• Independent Auditor’s Management Letter
15
Auditor Selection Guidelines (2007)
16
Required Management Letter (Rules of Auditor General 10.554
• (1)(i)1 – Whether corrective actions have been taken on prior findings / recommendations
• (1)(i)2 – Current recommendations on financial matters
• (1)(i)3 – Noncompliance with provisions of contracts and grant agreements or abuses that have occurred, or likely to have occurred (not material but more than inconsequential)
17
Required Management Letter (Rules of Auditor General 10.554 (Cont’d)
(1)(i)5 – Determination of Financial Emergency 218.503. Due to lack of funds failure to pay:– Short-term loans or bonds when due– Uncontested claims from creditors within 90 days– Transmit taxes withheld on employee income /
social security (appropriate time frame)– Failure for one pay period to pay wages and salaries
/ retirement benefits owed
SingleAudits
19
Single Audits (Federal or State)
• Independent Auditor’s Report on Compliance for Each Major Federal Program and State Project and on Internal Control over Compliance in Accordance with OMB Circular A-133 and Chapter 10.550, Rules of the Auditor General
• Independent Auditor’s Report on Schedule of Expenditures of Federal Awards and State Financial Assistance
• Schedule of Findings and Questioned Costs• Summary Schedule of Prior Audit Findings
20
INTERNAL CONTROL TESTING
• Each major program• Each direct and material compliance requirement• Each of the 5 elements of COSO• Management responsible for maintaining an
adequate system of IC over compliance• Consider whether control procedures in place over
Federal expenditures are appropriate, working properly, and are designed to prevent noncompliance
21
Overview of Compliance Matrix Requirements
Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Cash Management Davis-Bacon Act Eligibility Equipment and Real
Property Management Matching, Level of Effort,
Earmarking Period of Availability
Procurement, Suspension and Debarment
Program Income Real Property Acquisition
and Relocation Assistance Reporting Sub-recipient Monitoring Special Tests and
Provisions
22
Overview of 14 Compliance Requirements (Cont’d)
• Activities Allowed or Unallowed (A)– Specifies the activities that can or cannot be
funded under a specific program
• Allowable Costs / Cost Principles (B)– Specifies the costs that can and cannot be funded
under a specific program and how they are calculated and supported
23
DIRECT COSTS
• Are costs that can be specifically identified to the program– Compensation of employees– Cost of materials– Equipment– Travel– Other
24
INDIRECT COSTS
• Are costs that can not be specifically identified to the program
• These types of costs benefit more than one function of the organization. For example, building costs, administrative staff, etc
• The rule of allowability:“Indirect costs need to be equitable to relative benefits received”
• Required testing of “Total Indirect Costs" when Direct and Material to the program being audited
25
Overview of 14 Compliance Requirements (Cont’d)
• Cash Management (C)– Reimbursements are properly supported– Advance payments are properly managed– Interest earned on advance payments is
inconsequential or remitted to grantor
• Davis-Bacon Act (D)– Contractors are paid the prevailing wages of the
local Department of Labor
26
Overview of 14 Compliance Requirements (Cont’d)
• Eligibility (E)– Participants meet the program criteria to receive
grant funding
• Equipment and Real Property Management (F)– Management, use and disposal of equipment or
real property
27
Overview of 14 Compliance Requirements (Cont’d)
• Matching, Level of Effort, Earmarking (G)– Matching, required cost share– Level of effort, required participation from period
to period– Earmarking, setting aside funding for a purpose
• Period of Availability of Federal Funds (H)– Expenditures are within the granting period– Claims have been made within a reasonable
period of time after the granting period
28
Overview of 14 Compliance Requirements (cont’d)
• Procurement and Suspension and Debarment (I)– Federal, state or local procurement laws are
followed– Vendors and sub-recipients are not suspended or
debarred
• Program Income (J)– Income generated by Federal funds are used for
program expenditures– Income generated by Federal program offset
Federal claims
29
Overview of 14 Compliance Requirements (cont’d)
• Real Property Acquisition and Relocation Assistance(K)– Equal treatment by persons displaced by the
Federal government
• Reporting (L)– Reporting results
• Performance• Financial • Special reporting
30
Overview of 14 Compliance Requirements (cont’d)
• Sub-recipient Monitoring (M)– Monitoring pass-through funding
• Special Tests (N)– Other
31
Overview of 14 Compliance Requirements (cont’d)
• Form and extent of documentation of auditee’scompliance with major program requirements will vary– Accounting data– Statistical data– Case files– Policy and procedure manuals– Narrative memoranda– Calculations
32
COMPLIANCE TESTING
Excerpt from Auditor’s OMB A-133 Report“…we plan and perform the audit to obtain reasonable assurance about whether noncompliance with the types of compliance requirements referred to above that could have a direct and material effect on a major federal program occurred.”
“In our opinion, entity complied, in all material respects, with the requirements referred to above that could have a direct and material effect on each of its major federal programs for the year ended …”
33
Compliance Testing
Among applicable compliance requirements, identify direct and material compliance requirementsDirect and material effect means that
noncompliance could result in being denied reimbursement of program expenditures or having to refund Federal monies or make other restitution in an amount that would be material to the major program Qualitative and quantitative considerations
34
COMPLIANCE TESTING (CONT’D)
DIRECT AND MATERIAL - QUALITATIVE• Needs and expectations of federal or pass-through
agencies
• Noncompliance could cause Federal agency to take action
–Seeking reimbursement of program costs–Suspending participation in the program
• Public or political sensitivity
35
COMPLIANCE TESTING (CONT’D)
DIRECT AND MATERIAL - QUANTITATIVE• Noncompliance could likely result in questioned costs
• Requirement affects large part of the program– Material amount of program dollars
• Materiality assessments– Example: X% of expenditures, etc.
Smooth Audits
37
Assisting The Auditor
• Assisting the Auditor can make for an efficient audit process and achieve your goals as well
38
Assisting The Auditor (Cont’d)
• Ways you can assist auditors:• Provide written policies and procedures• Let them know updates or changes to your systems• Be ready to discuss your checks and balances
(maintain evidence of performing them)• Provide data files electronically
39
Effective Use of IT
• When you provide data electronically, the process is often smoother and more effective.
• Auditors can employ computer assisted auditing techniques (i.e. CAAT) which allows them to process:• Test mathematical accuracy of detail• Use statistical sampling• Use logic parameters to verify accuracy of data
• Example. Comparison of addresses in vendor master file to payroll master file
40
Understanding Sampling
• Generally, auditors will sample (test less than 100%) and have a significant amount of judgment into how to do so
• Coverage versus Random / Statistical
• Understanding the sampling unit• Pro-Tip: Checks versus invoices
41
Possible Negative Outcomes
• Deficiency?
• Significant deficiency?
• Material weakness?
• Need to expand compliance testing?
42
Negative Audit Findings
• Determine what went wrong. Was it?• Inadequate Design. Controls / policies were
inadequate to prevent the problem found or to assure compliance with grant provisions
• Failure to Comply. Existing policies and controls were not followed or were otherwise circumvented
43
Negative Audit Findings
• Respond quickly and correct the matter prior to the issuance of the audit• If inadequate design – put new control in place that
would prevent a similar issue • If failure to comply – hold training and put in new
monitoring function that would detect noncompliance
• Provide written response noting that corrections have already been put into place
Auditor Selection
45
Auditor Selection FL Statutes Section 218.391
• Governing body of each local government shall establish an audit committee:• Charter County• Municipality• Special District• District School Board• Charter School / Charter Technical School
• Specific Composition Required for Non Charter County
46
Auditor Selection (Cont’d)FL Statutes Section 218.391
• Primary purpose of audit committee is to assist in selection of auditor to conduct annual financial audit
• Specific duties required:• Establish evaluation factors for audit services / firms• Public announcement of request for proposal (RFP)• Provide RFP to interested audit firms• Perform evaluation of proposals of qualified firms• Rank and recommendation in order of no fewer than
three* firms deemed be most qualified
47
Auditor Selection (Cont’d)FL Statutes Section 218.391
• Sample factors to be used in evaluation criteria include:• Ability of audit firm personnel• Experience• Ability to provide requested services
• Public cannot be excluded from evaluation process
• Compensation (fee) cannot be the sole or predominant factor
48
Auditor Selection (Cont’d)FL Statutes Section 218.391
• Requires that every procurement of audit services beevidenced by written contract embodying all provisionsand conditions of the procurement of such services• Specifying the services to be provided and fees or other
compensations for such services• Provision that requires that invoices for fees be
submitted in sufficient detail to demonstrate compliancewith the terms of the contract
• Specific provisions about contract period and renewals /terminations. Allows renewals without an RFP**
49
Auditor Selection Guidelines (2007)
50
Audit Committee Recommendations
• Audit Committee should have a basic understanding ofgovernmental financial statements and auditing
• Audit committee should have access as to at least onefinancial expert (committee member or 3rd party)
• Generally should be members of governing board• Minimum of three
• Audit Committee should be educated on responsibilitiesand encouraged to exercise professional skepticism
51
Suggested Evaluation Criteria of Audit Firms
• Continuing professional education by key personnel
• Peer review results (within past three years)
• Reputation / history of performing quality audits
• Past experience / performance on comparables
• Quality of individuals to be assigned
• Single audit (specific grant program) knowledge
• Information technology ability
PIGGY BACKCONTRACTS
53
“Piggy Back” Contracts
• Example of cooperative purchasing
• Permitted by FL Statute 287.57
• Permits an agency to utilize the bid price from a vendor for its contract that was negotiated as part of an open competitive bid process for another agency
• The original request for proposal of the initiating agency includes specific language to allow vendors to elect if they will permit the pricing / terms to be extended to other agencies (without penality)
54
Advantages of Piggy Back Contracts
• Encourages vendors to offer stronger discounts in pricing in anticipation of larger buying volume from other agencies not included in the original RFP
• Allows subsequent agencies the opportunity to avoid the time-consuming process of soliciting bids for the same commodity or services
• Efficient way to contract
55
Negatives of Piggy Back Contracts
• Need to be comfortable with original bid requirements(was it consistent with your normal requirements)
• Generally, term changes are not permitted (quantity, timelines, price)
• Gives a lot of power to those authorized
• Vendor for piggy back may not honor local vendor preferences
• Increased public scrutiny
56
Sarasota County
• "The County acted arbitrarily and capriciously when it violated the terms of the piggyback provision of its Code in entering into the three agreements. The agreements must therefore be deemed void and of no effect” - 2008 Appellant Court Ruling
• Headline: “Sarasota Piggyback Contracts Ripe For Abuse”- Herald Tribute, April 2, 2011
57
Audit Considerations of Piggy Back Contracts
• An Approved written policy should be in place:• Outlines conditions and procedures for authorizing a
piggy back contract• Documentation requirements of original RFP / bid• Dollar limits and thresholds
• Adherence to policy • Informal bids needed to price check Piggy Back• Original contract term / extension still in place?
• Documentation maintained to support compliance
If Oz Were a Horror Movie…
FRAUD DISCUSSION
62
Fraud Triangle…
Opportunity
The capability to commit the
fraud
63
The Fraud Environment
RATIONALIZATIONI deserve a raise...I work long hours..I should have been
promoted..I’ll pay it back…
INCENTIVEHow will I pay
my bills?Kids need….
I want ….Casino night ….
Drugs …
PROCUREMENT OPPORTUNITYAccess to credit card, kickbacks, false
vendors
64
The Fraud Diamond – Considers Two Types of Fraudsters
The capability to commit the fraud
65
Fraudsters – More Details
Accidental Fraudster
Focus of Fraud Triangle
First-Time Offender
Well-Educated, Male, Middle Class, Good Person
Pressure Occurs
Rationalization
Predator Fraudster
Deliberate, Arrogant
Seeks Opportunities
No Pressure or Rationalization
May Begin as Accidental
Criminal Mindset
66
Fraud, Waste and AbuseFraud – as defined by Generally Accepted Government Auditing Standards:
A type of illegal act involving the obtaining of something of value through willful misrepresentation. Whether an act is, in fact, fraud is a determination to be made through the judicial or other adjudicative system and is beyond the auditor’s professional responsibility.
67
Fraud, Waste and Abuse (Cont.)
Waste – involves the taxpayers/public not receiving reasonable value for money in connection with any government funded activities due to an inappropriate act or omission by individuals with control over or access to government resources Waste goes beyond fraud and abuse and most waste does not involve a violation of law. Rather, waste relates primarily to mismanagement, inappropriate actions and inadequate oversight.
68
Abuse – involves behavior that is deficient or improper when compared with behavior that a prudent person would consider reasonable and necessary business practice given the facts and circumstances. Abuse also includes misuse of authority or position for personal financial interests or those of an immediate or close family member or business associate. Abuse does not necessarily involve fraud, violation of laws, regulations, or provisions of a contract or grant agreement.
Fraud, Waste and Abuse (Cont.)
69
Behavioral Red Flags• Providing unreasonable responses to questions
• Bragging about significant new purchases
• Refusing promotions
• Easily annoyed at inquiries
• Refusing to take vacations
70
Behavioral Red Flags (Cont.)
• Borrowing money from co-workers
• Gambling, drug use
• Excessive drinking
• Creditors or collectors appearing at workplace
• Change in “normal” behavior
71
• Unjustified Sole Source: Unjustified sole source is defined as a fraudulent act involving procurement personnel who, in collusion with a supplier, improperly award a contract without competition or prior review
Procurement Fraud and Red Flags
72
Procurement Fraud and Red Flags (Cont.)
• Unjustified Sole Source red flags:• Sole source award above or just below competitive
bidding limit• Previously competitive procurements become non-
competitive• Vague justification or documentation requesting a
non-competitive award• Split purchases to avoid competitive bidding limits
73
• Unjustified Sole Source red flags (Cont.):• Contract requirements were not reviewed and
validated by management• Contract requirements appear to be tailored to a
specific contractor• Awards made below the competitive bid limits that
are followed by change orders that exceed such limits
Procurement Fraud and Red Flags(Cont.)
74
• Change Order Abuse: Contractor acting alone or in collusion with contract personnel, can submit unjustified or inflated change order requests to increase profits, or, as a result of corruption, use the change order process to extend a contract that should be re-bid
Procurement Fraud and Red Flags(Cont.)
75
• Change Order Abuse red flags:• Weak internal controls and procedures regarding
review or need for change orders• Numerous, unusual or unexplained change orders
for a specific contractor approved by the same employee
• Pattern of low-bid award followed by change orders that increase the price or scope of the contract, or extend the contract period
• Vague contract specifications followed by change orders
Procurement Fraud and Red Flags(Cont.)
76
• Change Order Abuse red flags (Cont.):• Poorly documented change orders, or change order
requests in round number amounts, if that is unusual for the job
• Pattern of change orders just below upper-level approval limit
• High-level personnel involved in change order decisions, especially for specific contractors
• Purchase orders of contracts extended by change order, rather then re-bidding of contract
Procurement Fraud and Red Flags(Cont.)
77
• Split Purchases: A single procurement can be split into two or more purchase orders or contracts, each below upper-level review or competitive bidding thresholds, to avoid review or competitive selection. Repetition of this scheme, favoring the same parties, can be a strong indicator of corruption
Procurement Fraud and Red Flags(Cont.)
78
• Split Purchase red flags:• Two or more similar procurements from the same
supplier in amounts just under competitive bidding or upper-level review limits
• Unjustified separation of purchases, e.g., separate contracts for labor and materials, each of which is below competitive bidding limits individually
• Sequential purchase orders or invoices under upper-level review or competitive bidding limits
• Contracts under the competitive bid limit followed by change orders that increase amount of the contract
Procurement Fraud and Red Flags(Cont.)
79
• Fictitious Vendor: an employee with procurement responsibilities, or in accounts payable, or an outsider, submit bills from a non-existent vendor. Normally, fictitious vendors claim to provide services or consumables, rather than goods or works that can be verified. Dishonest bidders also can submit “bids” from fictitious bidders as part of bid-rigging schemes
Procurement Fraud and Red Flags(Cont.)
80
• Fictitious Vendor red flags:• Paid vendors are not on the approved vendor list or
listed in business or telephone directories• Invoiced goods or services cannot be located or
verified• Inadequate vendor identification information• Incorrect or non-existent address or phone number• Vendor address or telephone number is the same
as an employee’s
Procurement Fraud and Red Flags(Cont.)
81
• Fictitious Vendor red flags (Cont.):• Small initial purchase from vendor, followed by
much larger purchases.• Payment provided without an invoice.• Copied or unusual supporting documents, such as
purchase order or receiving document submitted with invoice.
• Multiple companies that have the same address/telephone numbers.
Procurement Fraud and Red Flags(Cont.)
82
• Credit Card Fraud: Employees use an organization’s credit card to make unauthorized purchases. Credit cards are sometimes used to circumvent procurement policies
Credit Card Fraud and Red Flags
83
• Credit Card Fraud red flags:• Unreasonable or unexplained high volume of purchases
from a particular vendor• Split purchases without purchase order to avoid upper-
level review or to circumvent the purchasing policy• Receipts or invoices supporting purchases are missing
or photocopied, which may indicate they were altered• Receipts or invoices are not sufficiently detailed to
document actual purchases
Credit Card Fraud and Red Flags (Cont.)
84
• Credit Card Fraud red flags (Cont.):• Lack of proper approvals and/or separation of
functions, such as requiring manager approval prior to purchase, cardholder makes the purchase, and an independent person receives the purchase
• Vendor used excessively by only one cardholder• Purchases made during weekends or holidays which
are outside of cardholder’s or organization’s work schedule period
Credit Card Fraud and Red Flags (Cont.)
Questions or Comments