Sponsored Research Compliance:
1 / 37

Sponsored Research Compliance: Best Practices for Working with Auditors - PowerPoint PPT Presentation

  • Uploaded on

Sponsored Research Compliance: Best Practices for Working with Auditors. Introductions. Raina Rose Tagle Partner and National Practice Leader, Baker Tilly Higher Education. Adrienne Larmett Senior Consultant, Baker Tilly Higher Education. Presentation Overview. Session Objectives

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Sponsored Research Compliance: Best Practices for Working with Auditors' - sigourney-wyatt

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Sponsored Research Compliance:

Best Practices for Working with Auditors


  • Raina Rose Tagle

  • Partner and National Practice Leader,

  • Baker Tilly

  • Higher Education

  • Adrienne Larmett

  • Senior Consultant,

  • Baker Tilly

  • Higher Education

Presentation overview
Presentation Overview

  • Session Objectives

  • The Many Forms of Research Audits

  • Internal Audit Overview

  • Making the Most of Your Internal Audit Relationship

  • The Audit Process: Where You Fit In and Best Practices for Survival

  • Withstanding Audits

Session objectives
Session Objectives

  • Compare and contrast internal audits with the conduct and focus of external financial statement audits and Office of Inspector General (OIG) audits

  • Gain a better understanding of internal audit’s role within an organization and its key activities

  • Understand how you can leverage internal audit’s activities to enhance your department’s operations

  • Discuss best practices in interfacing with auditors

  • Learn how you fit into the audit process

  • Become better prepared to withstand all types of audits, including OIG audits

The Many Forms of Research Audits

  • Key Construction Activities

Who may audit research
Who May Audit Research?

Receiving research funding (both public and private) adds an increased level of scrutiny to organizations and individuals. The receipt of a research award brings new challenges in terms of compliance and reporting, along with the standard financial and administrative processes involved in the organization’s standard operations. As such, research may be audited by many groups, including:

  • External Auditors (e.g., A-133 Auditors)

  • Research Sponsors

  • Federal Offices of Inspector General (IGs)

  • Internal Audit

Why perform more than one audit a 133 audits
Why Perform More Than One Audit?A-133 Audits

  • Commonly known as a “Single Audit,” the Office of Management and Budget’s (OMB) Circular A-133 audit is required of institutions expending over $500,000 of federal support for research.

  • The A-133 audit is an institution-wide examination performed annually with the objective of providing assurance to the federal government as to the management and use of federal funds by recipients.

  • The audit is typically performed by an independent certified public accountant (CPA) and encompasses both financial and compliance components.

  • Single Audits must be submitted to the Federal Audit Clearinghouse.

Why perform more than one audit sponsor audits
Why Perform More Than One Audit?Sponsor Audits

  • Recipients of grant funds must comply with all applicable federal statutes, regulations, and policies. Sponsors, such as the National Institutes of Health (NIH) or National Science Foundation (NSF), will conduct audits of particular systems or specific awards to provide assurance that grant recipients are being good stewards of funds.

  • Sponsors conduct financial audits to determine whether costs claimed by awardees are allowable, reasonable, and properly allocated.

Why perform more than one audit oig audits
Why Perform More Than One Audit?OIG Audits

  • Each federal agency granting funding has an Office of Inspector General (OIG) responsible for providing independent oversight of the agency’s programs and operations.

  • An OIG assesses internal controls, financial management, information technology, and other systems that affect the operation of agency programs.

  • The OIG enforces integrity in agency operations by identifying individuals or entities who attempt to abuse the public trust or defraud government programs.

  • OIG’s are staffed with auditors, investigators, attorneys, scientists, and other specialists.

How does internal audit fit within the audit landscape
How Does Internal Audit Fit within the Audit Landscape?

In addition to handling external audits, institutions should work with their internal auditors to review processes and procedures and evaluate compliance. Internal audit works on behalf of an institution, helping to evaluate and review systems, processes, and procedures to help achieve desired goals and objectives. Internal auditors can help an institution to assess the design of policies and controls, compliance with federal regulations, and risks existing within current operations.

Reviews may be focused on an organizational level (processes) or on specific departments or awards (administration).

Internal audit s relationship with other audit organizations
Internal Audit’s Relationship with Other Audit Organizations

While A-133, sponsor, and OIG auditors are working to provide assurance to external sources, internal audit is helping to promote compliance and efficiency within an institution. Typical internal audit activities include:

  • Process Reviews

  • Program/Project-specific Audits

  • System Audits

  • Fraud Investigations

    Internal audit may also work in conjunction with the A-133 audit team or help the institution to coordinate other external reviews.

Internal Audit Overview Organizations

  • Key Construction Activities

Internal audit are they we the bad guys
Internal Audit: Are They (We!) the Bad Guys? Organizations

  • The “watchdogs” of the institution

    • Internal audit horror stories?


  • A critical business function whose role is to support the institution in achieving its strategic goals

  • A forward-looking, consultative function that helps the institution to anticipate and manage its risks proactively

    • Internal audit success stories?

  • How can internal audit have a positive impact
    How Can Internal Audit Have a Positive Impact? Today’s Research Institution

    At the Institution Level

    • Provide a comprehensive view of risk throughout the institution

    • Help management and administrators make the most of limited resources

    • Provide proactive advice for strengthening processes and controls

      At the Department Level

    • Identify fraud, waste, or abuse in your department

    • Help improve efficiency and compliance in your department

    • Give you a voice to management

    • Assist you in making difficult changes, such as implementing a new system

    How does internal audit fit within the organization
    How Does Internal Audit Fit within the Organization? Today’s Research Institution

    • Audit Committee

      • This Board committee oversees the performance of the internal audit function, approves the annual audit plan, and reviews the audit results

  • Executive Leadership and Management

    • On a day-to-day basis, internal auditors report administratively to one or more members of the institution’s executive leadership, such as a chief financial officer. Internal audit should work collaboratively with management on annual audit planning, and should share audit results with management before reporting to the audit committee

  • Department

    • Each internal audit addresses the activities of one or more departments, either an academic or functional area

  • Process Owner

    • Internal auditors work with “process owners” to understand policies, procedures, and internal controls at a detailed level

  • So what do they do examples of common internal audit engagements
    So, What Do They Do? – Today’s Research InstitutionExamples of Common Internal Audit Engagements

    • Financial Audits

      • Reviewing expenses incurred by a Principal Investigator to assess allowability per federal or sponsor regulations

  • Compliance Audits

    • Reviewing the institution’s cost sharing policy for compliance with federal regulations and sponsor requirements

  • Operational Audits

    • Reviewing the operations of the procurement department to validate that cost effective and timely choices are being made

  • Risk Assessments

    • Evaluating risks in a particular area of the organization (or institution-wide) to identify areas of focus for audit testing (or the focus of the overall internal audit plan)

  • Fraud Investigations

    • Examining an allegation of fraud made via the institution’s anonymous whistleblower hotline

  • Making the Most of Your Today’s Research Institution

    Internal Audit Relationship

    • Key Construction Activities

    It s okay to ask for help
    It’s Okay to Ask for Help Today’s Research Institution

    Audits don’t have to be an unwanted experience. Internal audit can also perform audits/reviews at the request of a department and even provide “consulting” services.

    • Some instances when you may want to reach out to internal audit include:

      • When you suspect fraud or misuse of resources

      • If you need to identify best practices and/or compare issues against the organization’s (or specific area’s) peer group

      • When you suspect your internal controls are weak

      • If your operations aren’t as efficient as they could be

    How to best leverage internal audit to help your department
    How to Best Leverage Internal Audit to Help Your Department Today’s Research Institution

    • Give details and specifics of the issue, including hard evidence if available

    • Be unbiased and objective; discuss the issue in terms of what’s best for the organization

    • Explain potential outcomes from the current situation, and what could happen if it continued unabated

    • Consider calling the anonymous hotline, especially if you worry about retribution

    The Audit Process: Today’s Research InstitutionWhere You Fit In and Best Practices for Survival

    • Key Construction Activities

    But really what do auditors do the audit process
    But Really, What Do Auditors DO? Today’s Research InstitutionThe Audit Process

    Phase 1 audit planning
    Phase 1: Audit Planning Today’s Research Institution

    During the first phase of an audit, the auditors are working to identify the most beneficial objectives and what related processes or controls to review. To determine this, auditors assess several factors, including:

    • Risks within the identified audit area

    • Regulatory or compliance requirements

    • Changes in organizational leadership or processes

    • Results of prior audits

    Phase 1 audit planning where you fit in and how to survive
    Phase 1: Audit Planning – Today’s Research InstitutionWhere You Fit In and How to Survive

    • Designate an audit liaison from your institution/department to work directly with the auditors

      • Proactively share conflicts and timing constraints

  • Educate the auditors about your institution/department in your own terms to ensure you are speaking the same language

  • Educate yourself! Understand and use “audit lingo” to bridge any communication gaps

  • Disclose known issues within the audit area

  • Ask questions to understand why you were chosen for audit

  • Ensure that institution leadership and general counsel are made aware of any sponsor or OIG audits

  • Phase 2 preliminary steps
    Phase 2: Preliminary Steps Today’s Research Institution

    Before controls can be tested, auditors first need to understand how various processes work and what controls are involved. This phase will include:

    • Identifying and reviewing relevant organizational policies and procedures, laws and regulations, or research terms and conditions

    • Discussing how processes are performed within the specific audit area (process “walkthroughs”)

    • Creating flowcharts or other documents describing the process and identifying potential gaps or compliance concerns (and strengths!)

    Phase 2 preliminary steps where you fit in and how to survive
    Phase 2: Preliminary Steps – Today’s Research InstitutionWhere You Fit In and How to Survive

    • Illustrate your processes in a meaningful way

      • Use real life documents

      • Invite the auditors to sit with you and observe while you perform your responsibilities

  • Describe the department’s activities in such a way that the auditors will understand. Remember that auditors are not scientists!

  • Ask to review a draft of any documentation that the auditors create of your processes and controls to make sure they get it right, before decisions are made

  • Phase 3 fieldwork
    Phase 3: Fieldwork Today’s Research Institution

    Once auditors have a grasp on how processes and controls should be functioning within an area, steps are taken to “test” if controls are actually working as intended. Fieldwork steps may include:

    • Transaction testing

    • Employee interviews

    • Data analytics

    Phase 3 fieldwork where you fit in and how to survive
    Phase 3: Fieldwork – Today’s Research InstitutionWhere You Fit In and How to Survive

    • Confirm the need before providing documentation to avoid excessive document requests

    • Organize the documentation you provide to the auditors. Ask a colleague to double-check the completeness, accuracy, and organization

    • Schedule regular check-ins with the auditors to address their follow-up questions in a structured way

    • Explore alternatives if the documentation requested is not readily available. Auditors are often willing to perform alternate procedures or accept another type of documentation. Be creative!

    • Collaborate with the auditors to understand their preliminary findings before they start to write their report

    Phase 4 reporting
    Phase 4: Reporting Today’s Research Institution

    Most audits conclude with a written report of audit results, which detail any strengths, concerns (or “findings”), and recommendations resulting from the work performed. An audit finding should detail the:

    • Condition (What is?)

    • Criteria (What should be?)

    • Cause (Why is there a difference?)

    • Effect (What is the impact?)

    • Recommendation (How can this be corrected?)

    Phase 4 reporting where you fit in and how to survive
    Phase 4: Reporting – Today’s Research InstitutionWhere You Fit In and How to Survive

    • Encourage the auditors to allow you to review the draft report before it is shared beyond your level or department. Provide feedback on the draft in a timely manner

    • Engage other institution leaders and/or general counsel if serious findings emerge.

    • Urge the auditors to be practical when making recommendations. Speak up when you know a recommendation will be difficult to implement in your department

    • Provide feedback to internal audit after the audit – remember that you are the client and they want to serve you better!

    Withstanding Audits Today’s Research Institution

    • Key Construction Activities

    Withstanding audits be prepared
    Withstanding Audits: Today’s Research InstitutionBe Prepared

    • Review the agenda and ensure all records and personnel will be available

    • Provide a quiet location for the auditor(s) to work

    • Designate an audit liaison to interact regularly with auditor(s) and agree upon the frequency of checking in

    • Have all documentation readily available

    • Have personnel re-familiarize themselves with protocols and records

    Withstanding audits be prepared1
    Withstanding Audits: Today’s Research InstitutionBe Prepared

    • Know and understand relevant regulations and guidance

    • Seek training

    • Review protocols and associated documents

    • Learn from past visits and audits

    Withstanding audits during the audit
    Withstanding Audits: Today’s Research InstitutionDuring the Audit

    • Take notes

      • Questions asked and answers given

      • Documents requested and provided

      • Discussions of complex issues

    • Keep copies of documents provided

    • Suggest a wrap-up at the end of each day to review outstanding items, questions, and any additional requests

    Withstanding audits during the audit1
    Withstanding Audits: Today’s Research InstitutionDuring the Audit

    • Respond to questions asked with straightforward, honest, and complete answers

    • Provide only requested information – don’t answer unasked questions as it may lead to unnecessary prodding

    • Don’t debate – clarify misunderstanding with positive rather than negative statements

    • Be professional at all times – auditors are always listening and observing

    Withstanding audits audit completion
    Withstanding Audits: Today’s Research InstitutionAudit Completion

    • Auditors should conduct an exit interview – key process owners and stakeholders should participate and observations and finding should be reviewed

    • A report with observations and findings will be issued generally three to six weeks after the audit is completed

    • Reponses to audits will usually be requested in writing along with a corrective action plan if necessary

      • Written responses should be SMART

        • Specific, Measurable, Attainable, Relevant, Time-bound

      • Responses should also be clear and precise

    Questions comments

    Questions & Comments Today’s Research Institution


    Adrienne Larmett, MBA

    [email protected]

    (703) 923-8134

    Raina Rose Tagle, CPA, CIA, CISA

    [email protected]

    (703) 923-8251