slide1 l.
Skip this Video
Loading SlideShow in 5 Seconds..
Association of College and University Auditors – Compliance Track --------- Research Compliance and Audit Issues – P PowerPoint Presentation
Download Presentation
Association of College and University Auditors – Compliance Track --------- Research Compliance and Audit Issues – P

Loading in 2 Seconds...

play fullscreen
1 / 55

Association of College and University Auditors – Compliance Track --------- Research Compliance and Audit Issues – P - PowerPoint PPT Presentation

  • Uploaded on

Association of College and University Auditors – Compliance Track --------- Research Compliance and Audit Issues – Part 3 -------- April 11, 2006. Auditing Research Under OMB Circular A-133. Amy Barrett, CPA Assistant Director, System Audit Office

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Association of College and University Auditors – Compliance Track --------- Research Compliance and Audit Issues – P' - bart

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Association of College and University Auditors – Compliance Track


Research Compliance and Audit Issues – Part 3


April 11, 2006


Auditing Research Under

OMB Circular A-133

Amy Barrett, CPA

Assistant Director, System Audit Office

The University of Texas System Administration




  • Introduction: What is an a-133 audit?
  • Approach: How is one performed?
  • Planning: What is involved in planning?
  • Assessing controls: How are controls assessed?
  • Assessing compliance: How is compliance assessed?
  • Reporting: What is reported and how?
  • Conclusion: What are the takeaways?


  • History and purpose of the single audit
  • Requirements of a-133

Introduction, continued - Scope of Audit

  • In general
  • Financial statements
  • Schedule of Federal Awards
  • Internal control
  • Compliance
  • Reporting
  • Corrective action plan and follow-up

Introduction, continued - Agencies and Resources

  • Government Accountability Office (GAO)
  • Office of Management and Budget (OMB)
  • Inspectors General (IG)
  • President’s Council on Integrity and Efficiency (PCIE)
  • Cognizant agencies
  • Oversight agencies
  • Federal awarding agencies
  • Pass-through entities
  • Code of Federal Regulations (CFR)

Introduction, continued - Applicable Standards

  • A-21 Cost Principles for Educational Institutions
  • A-110 Administrative Requirements for Educational Institutions
  • Cost Accounting Standards
  • A-133 Audits of State, Local Governments, and Non-Profit Organizations
  • Compliance Supplement
  • AICPA Audit Guide, Government Auditing Standards and Circular A-133 Audits
  • Yellow Book

Approach - Planning the Engagement

  • Planning steps that should be documented
  • Yellow Book requirements

Approach, continued - Testing Controls and Compliance

  • Document and test entity-level controls using the COSO
  • Select programs for testing
  • Document and test controls and compliance requirements for specific programs selected

Approach, continued - Report Findings

  • Submit information to management and to clearinghouse:
    • Opinions
    • SEFA
    • Data collection form
    • Findings
    • Corrective action plan


  • Update knowledge about changes in the past year
    • Audit risk alert (
    • Changes in policies and procedures
    • Correspondence from federal agencies
    • Other auditor workpapers
    • Financial statements
    • Management letters
    • Schedule of Federal Awards (See Handout A)
    • Disclosure statement
  • Conduct understanding meeting

Planning, continued

  • Document scope of work
  • Determine engagement team
  • Determine engagement budget
  • Document compliance with YB requirements

Planning, continued – Compliance with YB

  • Training:
    • CPE requirements (80 hour requirement every two years; 24 directly-related to audit environment)
    • Quality control requirements (peer reviews)
    • Working paper requirements:
    • Objective, scope, and methodology, including sampling criteria used
    • Reperformance standard
    • Evidence of supervisory review
    • Independence
    • Fieldwork (abuse)

Planning, continued

  • Consider risk of fraud
    • SAS 99
    • Fraud risk planning meeting
  • Consider inherent risk
  • Document materiality
  • Document and obtain signoff of audit program
  • Select programs for testing (see next slide)
  • Send engagement letter
  • Hold entrance conference

Planning, continued – Selecting Major Programs

  • Definition
  • Risk-based approach
  • Type A vs. Type B
  • Low risk vs. high risk
  • Percentage of coverage rule
  • Documentation requirements


  • Our responsibility
    • Obtain understanding of internal control over federal programs sufficient to plan the audit to support a low assessed level of control risk
    • Plan testing of internal control to support a low assessed level of control risk
    • Perform tests of internal control, unless control likely to be ineffective

Controls, continued - Compliance Supplement, Part 6 (See Handout B)

  • A-110 requirements: “Maintain internal control designed to reasonably ensure compliance with laws regulations and program compliance requirements.”
  • A-133 requirements
  • SAS 78, Consideration of Internal Control in a Financial Statement Audit
  • COSO Framework

Controls, continued - Compliance Supplement, Part 6

  • COSO Framework
    • Control environment
    • Risk assessment
    • Control activities
    • Information and communication
    • Monitoring

Controls, continued - Compliance Supplement, Part 6

  • COSO Framework
    • Control environment
      • A sense of conducting operations ethically, as evidenced by a code of conduct or other verbal or written directive
        • Conflict of interest
        • Misconduct
        • Intellectual property
      • Management’s positive responsiveness to prior questioned costs and control recommendations
      • Management’s respect for, and adherence to, program compliance requirements

Controls, continued - Compliance Supplement, Part 6

  • COSO Framework
    • Risk assessment
      • Program managers and staff understand and have identified key compliance objectives
      • Organizational structure identifies the risk
      • Monitoring plans are in place
      • Specific risks have been addressed
        • Human subject and animal testing
        • Lab safety

Controls, continued - Compliance Supplement, Part 6

  • COSO Framework
    • Control activities
      • Operating policies and procedures are clearly written
      • Procedures are in place to implement changes in laws, regulations, guidance, and funding agreements affecting federal awards
      • Management prohibition against intervention or overriding established controls

Controls, continued - Compliance Supplement, Part 6

  • COSO Framework
    • Control activities, continued
      • Adequate segregation of duties
      • Computer controls that include edit checks, exception reporting, access controls, reviews of input and output data, and security controls
        • Data management
        • Privacy
      • Adequate supervision of employees
      • Personnel with adequate knowledge and experience
      • Assets physically safeguarded

Controls, continued - Compliance Supplement, Part 6

  • COSO Framework: Information and communication
      • Reconciliation and reviews ensure accuracy of reports
      • Internal and external communication channels are established (meetings, memos, surveys)
      • Employee duties and responsibilities effectively communicated
      • Channels of communication for people to report improprieties are in place and actions taken when communication occurs
      • Channels of communication established between the pass-through entities and subrecipients

Controls, continued - Compliance Supplement, Part 6

  • COSO Framework
    • Monitoring
      • Ongoing monitoring through independent reconciliations, staff meeting feedback, rotating staff, etc.
      • Periodic site visits performed at decentralized locations, including subrecipients
      • Follow-up on fraud and deficiencies
      • Internal quality review
      • Management meets with program monitors, auditors, and reviewers
      • Internal audit tests

Compliance - Compliance Supplement Areas

  • Activities allowed or unallowed
  • Allowable costs/cost principles
  • Cash management
  • Davis-Bacon Act
  • Eligibility
  • Equipment and real property
  • Matching, level of effort, earmarking
  • Period of availability of federal funds

Compliance, continued

  • Procurement, suspension, and debarment
  • Program income
  • Real property acquisition and relocation assistance
  • Reporting
  • Subrecipient monitoring
  • Special tests and provisions

A. Activities Allowed or Unallowed

  • Types of activities either specifically allowed or prohibited by laws, regulations, and the provisions of contract or grant agreements pertaining to the program.
  • The objectives of individual research projects are explained in the applicable award documents. Testing of compliance with this requirement should ensure that funds were used only for activities for the furtherance of such objectives.

B. Allowable Costs and Cost Principles

  • Describes the government’s overall requirement that recipients must follow specified cost principles in order for costs to be allowable (A-21)
  • Particular focus should be paid to time and effort reporting (see next slide)
  • Indirect costs will be tested through recalculation
  • Need to determine which administrative costs are charged directly and which are charged through overhead. Should not have duplication.
  • Supplies and equipment also represent significant costs

B. Time and Effort Procedures

  • External auditors typically look for signed time and effort reports
  • Auditors should go further
    • Inquire of staff
    • Question 100% time
    • Test salary caps
    • Look at total awards for researcher
    • Test cost-sharing
    • Be aware of cost transfers

C. Cash Management

  • Requirements recipients to minimize the time lapse between receipt and disbursement.
  • Need to determine how cash received. If cost recovery, then test to ensure expenditure made prior to receipt of cash

D. Davis-Bacon Act

  • Requires that laborers working on federally financed construction projects be paid a wage not less than the prevailing regional wage established by the Secretary of Labor.

E. Eligibility

  • Laws, regulations, and provisions of contract or grant agreements pertaining to the program should specify criteria for determining the individual, groups of individuals, or subrecipients that can participate in the program and the amount for which they qualify.
  • Consider export controls regulations

F. Equipment and Real Property Management

  • Requires that the organization maintain proper records for equipment and adequately safeguard and maintain equipment; and in disposing of any equipment or real property acquired under federal awards, adhere to federal requirements.

G. Matching, Level of Effort, Earmarking

  • Specifies amounts entities are required to contribute from their own resources toward projects for which financial assistance is provided.
  • While matching requirements are less common, institutional “cost sharing” is very common, and that cost sharing and matching are considered to be the same concept under A-110.

I. Period of Availability of Funds

  • When a funding period is specified, a non-federal entity may charge to the award only costs resulting from obligations incurred during the funding period and any pre-award costs authorized by the awarding agency.
  • Test cost transfers.

J. Procurement, Suspension, and Debarment

  • Requires the entity to ensure that procurements are not made to parties that are suspended or debarred.
  • Testing purchasing procedures.

K. Program Income

  • Income directly generated by the federal project during the grant period.

L. Real Property Acquisition and Relocation Assistance

  • Requires that property acquired must be appraised; moving expenses and re-establishment expenses incurred by displaced businesses and farm operations must be recovered.

L. Reporting

  • Specifies the reports that entities must file in addition to those required by the common requirements.
  • Consider technical reporting issues.

M. Subrecipient Monitoring

  • Requires the identification of award information and the monitoring of subrecipient activities to provide reasonable assurance of compliance with federal requirements.
  • Merely asking for a-133 report from subrecipients is a start, but probably not enough.

N. Special Tests and Provisions

  • Other provisions for which federal agencies determined noncompliance could materially affect the program.
  • We should obtain the awards to ascertain the special terms and conditions. Typical special tests surround:
    • Human participants
    • Animal welfare
    • Biosafety
    • Chemical safety
    • Radiation safety

Compliance, continued - Develop Audit Approach – Handout C

  • Meet with Principal Investigator
  • Determine how compliance met in each of 14 areas in order to develop tests
  • Questionnaire should be developed using Compliance Supplement (Part 3):
    • F. Equipment and Real Property Management
      • Compliance requirements
      • Audit objectives
      • Internal control tests
      • Compliance test

Compliance, continued - Determine Sample Size

  • Risk assessment
  • Controls
  • Compliance

Compliance, continued - Remember Working Paper Requirements

  • In addition to GAAS, GAGAS requires:
    • Objective, scope, and methodology, including sampling criteria used
    • Reperformance standard
    • Evidence of supervisory review

Reporting - Reporting Package to Federal Clearinghouse

  • Two audit reports
  • SEFA – Handout A
  • Schedule of Findings and Questioned Costs
  • Audit findings (see next slide – SAS 60 may be amended to change the nature of the findings)
  • Prior year findings and questioned costs
  • Financial statements with opinion
  • Corrective Action Plan
  • Data Collection Form – Handout D

Reporting – Determining Reportable Conditions

  • Reportable conditions are matters coming to the auditor's attention that, in his judgment, should be communicated to the audit committee because they represent significant deficiencies in the design or operation of internal control, which could adversely affect the organization's ability to initiate, record, process, and report financial data consistent with the assertions of management in the financial statements.

Reporting – Determining Material Weaknesses

  • A material weakness is a reportable condition in which the design or operation of one or more of the internal control components does not reduce to a relatively low level the risk that misstatements caused by error or fraud in amounts that would be material in relation to the financial statements being audited may occur and not be detected within a timely period by employees in the normal course of performing their assigned functions.


  • Plan the audit to correspond to YB Standards
  • Select the Program to test and learn everything.
  • Prepare the audit program using the Compliance Supplement.
  • Test controls and compliance for each of the 14 compliance supplement areas.
  • Dig deeper on “hot topics.”
  • Report findings and questioned costs.