PROCUREMENT AN AUDITOR S PERSPECTIVE...17 Required Management Letter (Rules of Auditor General 10.554 (Cont’d) (1)(i)5 – Determination of Financial Emergency 218.503. Due to lack

PROCUREMENT (ANAUDITOR’S PERSPECTIVE)

Presented ByJeff Goolsby, CPA, CGMA

2

AGENDA• Understand Auditor Requirements for Governments

• Understand Special Considerations for Single Audits

• Smoothing the Audit Process

• Special Requirements For Selecting Auditors

• Overview Piggy Back Contracting

• Fraud Considerations in Procurement

• Answer Questions and Make You Smile

6

Expressions That “D” Has Proven Wrong

“You Can’t Put a Price on Happiness”

“A Picture is Worth A Thousand Words”

7

Governmental Audits

9

The External Auditor

• Issue an opinion on whether the financial statements are reasonable in all material respects with generally accepted accounting principles

• Understand effectiveness of internal controls as they relate to financial matters

10

Auditor Tasks

• Auditors have certain required tasks (universal):• Understanding internal controls and control

environment • Testing internal controls under governmental

standards• Understanding actual to budget and variances • Grant compliance• Testing of material items

Internal Controls Impacting Financial Matters

• Financial Reporting

• Journal Entries

• Revenue / Receivable Cycle

• Payroll Cycle

• Purchasing / Payable Cycle

• Grant compliance

12

New COSO Internal Control Framework

Updated COSO Framework: Components of Internal Control

Control Environment

Risk Assessment

Control Activities

Information & Communication

Monitoring Activities

1. Demonstrates commitment to integrity and ethical values2. Exercises oversight responsibility3. Establishes structure, authority and responsibility4. Demonstrates commitment to competence5. Enforces accountability

6. Specifies suitable objectives7. Identifies and analyzes risk8. Assesses fraud risk9. Identifies and analyzes significant change

10. Selects and develops control activities11. Selects and develops general controls over technology12. Deploys through policies and procedures

13. Uses relevant information14. Communicates internally15. Communicates externally

16. Conducts ongoing and/or separate evaluations17. Evaluates and communicates deficiencies

14

Governmental Audits

Audit of Financial Statements• Independent Auditor’s Report

• Independent Auditor’s Report on Internal Controls Over Financial Reporting and on Compliance and Other Matters Based on Audit of Financial Statements Performed in Accordance with Governmental Auditing Standards

• Independent Auditor’s Management Letter

15

Auditor Selection Guidelines (2007)

16

Required Management Letter (Rules of Auditor General 10.554

• (1)(i)1 – Whether corrective actions have been taken on prior findings / recommendations

• (1)(i)2 – Current recommendations on financial matters

• (1)(i)3 – Noncompliance with provisions of contracts and grant agreements or abuses that have occurred, or likely to have occurred (not material but more than inconsequential)

17

Required Management Letter (Rules of Auditor General 10.554 (Cont’d)

(1)(i)5 – Determination of Financial Emergency 218.503. Due to lack of funds failure to pay:– Short-term loans or bonds when due– Uncontested claims from creditors within 90 days– Transmit taxes withheld on employee income /

social security (appropriate time frame)– Failure for one pay period to pay wages and salaries

/ retirement benefits owed

SingleAudits

19

Single Audits (Federal or State)

• Independent Auditor’s Report on Compliance for Each Major Federal Program and State Project and on Internal Control over Compliance in Accordance with OMB Circular A-133 and Chapter 10.550, Rules of the Auditor General

• Independent Auditor’s Report on Schedule of Expenditures of Federal Awards and State Financial Assistance

• Schedule of Findings and Questioned Costs• Summary Schedule of Prior Audit Findings

20

INTERNAL CONTROL TESTING

• Each major program• Each direct and material compliance requirement• Each of the 5 elements of COSO• Management responsible for maintaining an

adequate system of IC over compliance• Consider whether control procedures in place over

Federal expenditures are appropriate, working properly, and are designed to prevent noncompliance

21

Overview of Compliance Matrix Requirements

Activities Allowed or Unallowed

Allowable Costs/Cost Principles

Cash Management Davis-Bacon Act Eligibility Equipment and Real

Property Management Matching, Level of Effort,

Earmarking Period of Availability

Procurement, Suspension and Debarment

Program Income Real Property Acquisition

and Relocation Assistance Reporting Sub-recipient Monitoring Special Tests and

Provisions

22

Overview of 14 Compliance Requirements (Cont’d)

• Activities Allowed or Unallowed (A)– Specifies the activities that can or cannot be

funded under a specific program

• Allowable Costs / Cost Principles (B)– Specifies the costs that can and cannot be funded

under a specific program and how they are calculated and supported

23

DIRECT COSTS

• Are costs that can be specifically identified to the program– Compensation of employees– Cost of materials– Equipment– Travel– Other

24

INDIRECT COSTS

• Are costs that can not be specifically identified to the program

• These types of costs benefit more than one function of the organization. For example, building costs, administrative staff, etc

• The rule of allowability:“Indirect costs need to be equitable to relative benefits received”

• Required testing of “Total Indirect Costs" when Direct and Material to the program being audited

25


• Cash Management (C)– Reimbursements are properly supported– Advance payments are properly managed– Interest earned on advance payments is

inconsequential or remitted to grantor

• Davis-Bacon Act (D)– Contractors are paid the prevailing wages of the

local Department of Labor

26


• Eligibility (E)– Participants meet the program criteria to receive

grant funding

• Equipment and Real Property Management (F)– Management, use and disposal of equipment or

real property

27


• Matching, Level of Effort, Earmarking (G)– Matching, required cost share– Level of effort, required participation from period

to period– Earmarking, setting aside funding for a purpose

• Period of Availability of Federal Funds (H)– Expenditures are within the granting period– Claims have been made within a reasonable

period of time after the granting period

28

Overview of 14 Compliance Requirements (cont’d)

• Procurement and Suspension and Debarment (I)– Federal, state or local procurement laws are

followed– Vendors and sub-recipients are not suspended or

debarred

• Program Income (J)– Income generated by Federal funds are used for

program expenditures– Income generated by Federal program offset

Federal claims

29


• Real Property Acquisition and Relocation Assistance(K)– Equal treatment by persons displaced by the

Federal government

• Reporting (L)– Reporting results

• Performance• Financial • Special reporting

30


• Sub-recipient Monitoring (M)– Monitoring pass-through funding

• Special Tests (N)– Other

31


• Form and extent of documentation of auditee’scompliance with major program requirements will vary– Accounting data– Statistical data– Case files– Policy and procedure manuals– Narrative memoranda– Calculations

32

COMPLIANCE TESTING

Excerpt from Auditor’s OMB A-133 Report“…we plan and perform the audit to obtain reasonable assurance about whether noncompliance with the types of compliance requirements referred to above that could have a direct and material effect on a major federal program occurred.”

“In our opinion, entity complied, in all material respects, with the requirements referred to above that could have a direct and material effect on each of its major federal programs for the year ended …”

33

Compliance Testing

Among applicable compliance requirements, identify direct and material compliance requirementsDirect and material effect means that

noncompliance could result in being denied reimbursement of program expenditures or having to refund Federal monies or make other restitution in an amount that would be material to the major program Qualitative and quantitative considerations

34

COMPLIANCE TESTING (CONT’D)

DIRECT AND MATERIAL - QUALITATIVE• Needs and expectations of federal or pass-through

agencies

• Noncompliance could cause Federal agency to take action

–Seeking reimbursement of program costs–Suspending participation in the program

• Public or political sensitivity

35

COMPLIANCE TESTING (CONT’D)

DIRECT AND MATERIAL - QUANTITATIVE• Noncompliance could likely result in questioned costs

• Requirement affects large part of the program– Material amount of program dollars

• Materiality assessments– Example: X% of expenditures, etc.

Smooth Audits

37

Assisting The Auditor

• Assisting the Auditor can make for an efficient audit process and achieve your goals as well

38

Assisting The Auditor (Cont’d)

• Ways you can assist auditors:• Provide written policies and procedures• Let them know updates or changes to your systems• Be ready to discuss your checks and balances

(maintain evidence of performing them)• Provide data files electronically

39

Effective Use of IT

• When you provide data electronically, the process is often smoother and more effective.

• Auditors can employ computer assisted auditing techniques (i.e. CAAT) which allows them to process:• Test mathematical accuracy of detail• Use statistical sampling• Use logic parameters to verify accuracy of data

• Example. Comparison of addresses in vendor master file to payroll master file

40

Understanding Sampling

• Generally, auditors will sample (test less than 100%) and have a significant amount of judgment into how to do so

• Coverage versus Random / Statistical

• Understanding the sampling unit• Pro-Tip: Checks versus invoices

41

Possible Negative Outcomes

• Deficiency?

• Significant deficiency?

• Material weakness?

• Need to expand compliance testing?

42

Negative Audit Findings

• Determine what went wrong. Was it?• Inadequate Design. Controls / policies were

inadequate to prevent the problem found or to assure compliance with grant provisions

• Failure to Comply. Existing policies and controls were not followed or were otherwise circumvented

43

Negative Audit Findings

• Respond quickly and correct the matter prior to the issuance of the audit• If inadequate design – put new control in place that

would prevent a similar issue • If failure to comply – hold training and put in new

monitoring function that would detect noncompliance

• Provide written response noting that corrections have already been put into place

Auditor Selection

45

Auditor Selection FL Statutes Section 218.391

• Governing body of each local government shall establish an audit committee:• Charter County• Municipality• Special District• District School Board• Charter School / Charter Technical School

• Specific Composition Required for Non Charter County

46

Auditor Selection (Cont’d)FL Statutes Section 218.391

• Primary purpose of audit committee is to assist in selection of auditor to conduct annual financial audit

• Specific duties required:• Establish evaluation factors for audit services / firms• Public announcement of request for proposal (RFP)• Provide RFP to interested audit firms• Perform evaluation of proposals of qualified firms• Rank and recommendation in order of no fewer than

three* firms deemed be most qualified

47


• Sample factors to be used in evaluation criteria include:• Ability of audit firm personnel• Experience• Ability to provide requested services

• Public cannot be excluded from evaluation process

• Compensation (fee) cannot be the sole or predominant factor

48


• Requires that every procurement of audit services beevidenced by written contract embodying all provisionsand conditions of the procurement of such services• Specifying the services to be provided and fees or other

compensations for such services• Provision that requires that invoices for fees be

submitted in sufficient detail to demonstrate compliancewith the terms of the contract

• Specific provisions about contract period and renewals /terminations. Allows renewals without an RFP**

49

Auditor Selection Guidelines (2007)

50

Audit Committee Recommendations

• Audit Committee should have a basic understanding ofgovernmental financial statements and auditing

• Audit committee should have access as to at least onefinancial expert (committee member or 3rd party)

• Generally should be members of governing board• Minimum of three

• Audit Committee should be educated on responsibilitiesand encouraged to exercise professional skepticism

51

Suggested Evaluation Criteria of Audit Firms

• Continuing professional education by key personnel

• Peer review results (within past three years)

• Reputation / history of performing quality audits

• Past experience / performance on comparables

• Quality of individuals to be assigned

• Single audit (specific grant program) knowledge

• Information technology ability

PIGGY BACKCONTRACTS

53

“Piggy Back” Contracts

• Example of cooperative purchasing

• Permitted by FL Statute 287.57

• Permits an agency to utilize the bid price from a vendor for its contract that was negotiated as part of an open competitive bid process for another agency

• The original request for proposal of the initiating agency includes specific language to allow vendors to elect if they will permit the pricing / terms to be extended to other agencies (without penality)

54

Advantages of Piggy Back Contracts

• Encourages vendors to offer stronger discounts in pricing in anticipation of larger buying volume from other agencies not included in the original RFP

• Allows subsequent agencies the opportunity to avoid the time-consuming process of soliciting bids for the same commodity or services

• Efficient way to contract

55

Negatives of Piggy Back Contracts

• Need to be comfortable with original bid requirements(was it consistent with your normal requirements)

• Generally, term changes are not permitted (quantity, timelines, price)

• Gives a lot of power to those authorized

• Vendor for piggy back may not honor local vendor preferences

• Increased public scrutiny

56

Sarasota County

• "The County acted arbitrarily and capriciously when it violated the terms of the piggyback provision of its Code in entering into the three agreements. The agreements must therefore be deemed void and of no effect” - 2008 Appellant Court Ruling

• Headline: “Sarasota Piggyback Contracts Ripe For Abuse”- Herald Tribute, April 2, 2011

57

Audit Considerations of Piggy Back Contracts

• An Approved written policy should be in place:• Outlines conditions and procedures for authorizing a

piggy back contract• Documentation requirements of original RFP / bid• Dollar limits and thresholds

• Adherence to policy • Informal bids needed to price check Piggy Back• Original contract term / extension still in place?

• Documentation maintained to support compliance

If Oz Were a Horror Movie…

FRAUD DISCUSSION

62

Fraud Triangle…

Opportunity

The capability to commit the

fraud

63

The Fraud Environment

RATIONALIZATIONI deserve a raise...I work long hours..I should have been

promoted..I’ll pay it back…

INCENTIVEHow will I pay

my bills?Kids need….

I want ….Casino night ….

Drugs …

PROCUREMENT OPPORTUNITYAccess to credit card, kickbacks, false

vendors

64

The Fraud Diamond – Considers Two Types of Fraudsters

The capability to commit the fraud

65

Fraudsters – More Details

Accidental Fraudster

Focus of Fraud Triangle

First-Time Offender

Well-Educated, Male, Middle Class, Good Person

Pressure Occurs

Rationalization

Predator Fraudster

Deliberate, Arrogant

Seeks Opportunities

No Pressure or Rationalization

May Begin as Accidental

Criminal Mindset

66

Fraud, Waste and AbuseFraud – as defined by Generally Accepted Government Auditing Standards:

A type of illegal act involving the obtaining of something of value through willful misrepresentation. Whether an act is, in fact, fraud is a determination to be made through the judicial or other adjudicative system and is beyond the auditor’s professional responsibility.

67

Fraud, Waste and Abuse (Cont.)

Waste – involves the taxpayers/public not receiving reasonable value for money in connection with any government funded activities due to an inappropriate act or omission by individuals with control over or access to government resources Waste goes beyond fraud and abuse and most waste does not involve a violation of law. Rather, waste relates primarily to mismanagement, inappropriate actions and inadequate oversight.

68

Abuse – involves behavior that is deficient or improper when compared with behavior that a prudent person would consider reasonable and necessary business practice given the facts and circumstances. Abuse also includes misuse of authority or position for personal financial interests or those of an immediate or close family member or business associate. Abuse does not necessarily involve fraud, violation of laws, regulations, or provisions of a contract or grant agreement.

Fraud, Waste and Abuse (Cont.)

69

Behavioral Red Flags• Providing unreasonable responses to questions

• Bragging about significant new purchases

• Refusing promotions

• Easily annoyed at inquiries

• Refusing to take vacations

70

Behavioral Red Flags (Cont.)

• Borrowing money from co-workers

• Gambling, drug use

• Excessive drinking

• Creditors or collectors appearing at workplace

• Change in “normal” behavior

71

• Unjustified Sole Source: Unjustified sole source is defined as a fraudulent act involving procurement personnel who, in collusion with a supplier, improperly award a contract without competition or prior review

Procurement Fraud and Red Flags

72

Procurement Fraud and Red Flags (Cont.)

• Unjustified Sole Source red flags:• Sole source award above or just below competitive

bidding limit• Previously competitive procurements become non-

competitive• Vague justification or documentation requesting a

non-competitive award• Split purchases to avoid competitive bidding limits

73

• Unjustified Sole Source red flags (Cont.):• Contract requirements were not reviewed and

validated by management• Contract requirements appear to be tailored to a

specific contractor• Awards made below the competitive bid limits that

are followed by change orders that exceed such limits

Procurement Fraud and Red Flags(Cont.)

74

• Change Order Abuse: Contractor acting alone or in collusion with contract personnel, can submit unjustified or inflated change order requests to increase profits, or, as a result of corruption, use the change order process to extend a contract that should be re-bid


75

• Change Order Abuse red flags:• Weak internal controls and procedures regarding

review or need for change orders• Numerous, unusual or unexplained change orders

for a specific contractor approved by the same employee

• Pattern of low-bid award followed by change orders that increase the price or scope of the contract, or extend the contract period

• Vague contract specifications followed by change orders


76

• Change Order Abuse red flags (Cont.):• Poorly documented change orders, or change order

requests in round number amounts, if that is unusual for the job

• Pattern of change orders just below upper-level approval limit

• High-level personnel involved in change order decisions, especially for specific contractors

• Purchase orders of contracts extended by change order, rather then re-bidding of contract


77

• Split Purchases: A single procurement can be split into two or more purchase orders or contracts, each below upper-level review or competitive bidding thresholds, to avoid review or competitive selection. Repetition of this scheme, favoring the same parties, can be a strong indicator of corruption


78

• Split Purchase red flags:• Two or more similar procurements from the same

supplier in amounts just under competitive bidding or upper-level review limits

• Unjustified separation of purchases, e.g., separate contracts for labor and materials, each of which is below competitive bidding limits individually

• Sequential purchase orders or invoices under upper-level review or competitive bidding limits

• Contracts under the competitive bid limit followed by change orders that increase amount of the contract


79

• Fictitious Vendor: an employee with procurement responsibilities, or in accounts payable, or an outsider, submit bills from a non-existent vendor. Normally, fictitious vendors claim to provide services or consumables, rather than goods or works that can be verified. Dishonest bidders also can submit “bids” from fictitious bidders as part of bid-rigging schemes


80

• Fictitious Vendor red flags:• Paid vendors are not on the approved vendor list or

listed in business or telephone directories• Invoiced goods or services cannot be located or

verified• Inadequate vendor identification information• Incorrect or non-existent address or phone number• Vendor address or telephone number is the same

as an employee’s


81

• Fictitious Vendor red flags (Cont.):• Small initial purchase from vendor, followed by

much larger purchases.• Payment provided without an invoice.• Copied or unusual supporting documents, such as

purchase order or receiving document submitted with invoice.

• Multiple companies that have the same address/telephone numbers.


82

• Credit Card Fraud: Employees use an organization’s credit card to make unauthorized purchases. Credit cards are sometimes used to circumvent procurement policies

Credit Card Fraud and Red Flags

83

• Credit Card Fraud red flags:• Unreasonable or unexplained high volume of purchases

from a particular vendor• Split purchases without purchase order to avoid upper-

level review or to circumvent the purchasing policy• Receipts or invoices supporting purchases are missing

or photocopied, which may indicate they were altered• Receipts or invoices are not sufficiently detailed to

document actual purchases

Credit Card Fraud and Red Flags (Cont.)

84

• Credit Card Fraud red flags (Cont.):• Lack of proper approvals and/or separation of

functions, such as requiring manager approval prior to purchase, cardholder makes the purchase, and an independent person receives the purchase

• Vendor used excessively by only one cardholder• Purchases made during weekends or holidays which

are outside of cardholder’s or organization’s work schedule period

Credit Card Fraud and Red Flags (Cont.)

Questions or Comments

Documents

PROCUREMENT AN AUDITOR S PERSPECTIVE...17 Required Management Letter (Rules of Auditor General 10.554 (Cont’d) (1)(i)5 – Determination of Financial Emergency 218.503. Due to lack