1 / 37

Sponsored Research Compliance: Best Practices for Working with Auditors

Sponsored Research Compliance: Best Practices for Working with Auditors. Introductions. Raina Rose Tagle Partner and National Practice Leader, Baker Tilly Higher Education. Adrienne Larmett Senior Consultant, Baker Tilly Higher Education. Presentation Overview. Session Objectives

Download Presentation

Sponsored Research Compliance: Best Practices for Working with Auditors

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Sponsored Research Compliance: Best Practices for Working with Auditors

  2. Introductions • Raina Rose Tagle • Partner and National Practice Leader, • Baker Tilly • Higher Education • Adrienne Larmett • Senior Consultant, • Baker Tilly • Higher Education

  3. Presentation Overview • Session Objectives • The Many Forms of Research Audits • Internal Audit Overview • Making the Most of Your Internal Audit Relationship • The Audit Process: Where You Fit In and Best Practices for Survival • Withstanding Audits

  4. Session Objectives • Compare and contrast internal audits with the conduct and focus of external financial statement audits and Office of Inspector General (OIG) audits • Gain a better understanding of internal audit’s role within an organization and its key activities • Understand how you can leverage internal audit’s activities to enhance your department’s operations • Discuss best practices in interfacing with auditors • Learn how you fit into the audit process • Become better prepared to withstand all types of audits, including OIG audits

  5. The Many Forms of Research Audits • Key Construction Activities

  6. Who May Audit Research? Receiving research funding (both public and private) adds an increased level of scrutiny to organizations and individuals. The receipt of a research award brings new challenges in terms of compliance and reporting, along with the standard financial and administrative processes involved in the organization’s standard operations. As such, research may be audited by many groups, including: • External Auditors (e.g., A-133 Auditors) • Research Sponsors • Federal Offices of Inspector General (IGs) • Internal Audit

  7. Why Perform More Than One Audit?A-133 Audits • Commonly known as a “Single Audit,” the Office of Management and Budget’s (OMB) Circular A-133 audit is required of institutions expending over $500,000 of federal support for research. • The A-133 audit is an institution-wide examination performed annually with the objective of providing assurance to the federal government as to the management and use of federal funds by recipients. • The audit is typically performed by an independent certified public accountant (CPA) and encompasses both financial and compliance components. • Single Audits must be submitted to the Federal Audit Clearinghouse.

  8. Why Perform More Than One Audit?Sponsor Audits • Recipients of grant funds must comply with all applicable federal statutes, regulations, and policies. Sponsors, such as the National Institutes of Health (NIH) or National Science Foundation (NSF), will conduct audits of particular systems or specific awards to provide assurance that grant recipients are being good stewards of funds. • Sponsors conduct financial audits to determine whether costs claimed by awardees are allowable, reasonable, and properly allocated.

  9. Why Perform More Than One Audit?OIG Audits • Each federal agency granting funding has an Office of Inspector General (OIG) responsible for providing independent oversight of the agency’s programs and operations. • An OIG assesses internal controls, financial management, information technology, and other systems that affect the operation of agency programs. • The OIG enforces integrity in agency operations by identifying individuals or entities who attempt to abuse the public trust or defraud government programs. • OIG’s are staffed with auditors, investigators, attorneys, scientists, and other specialists.

  10. How Does Internal Audit Fit within the Audit Landscape? In addition to handling external audits, institutions should work with their internal auditors to review processes and procedures and evaluate compliance. Internal audit works on behalf of an institution, helping to evaluate and review systems, processes, and procedures to help achieve desired goals and objectives. Internal auditors can help an institution to assess the design of policies and controls, compliance with federal regulations, and risks existing within current operations. Reviews may be focused on an organizational level (processes) or on specific departments or awards (administration).

  11. Internal Audit’s Relationship with Other Audit Organizations While A-133, sponsor, and OIG auditors are working to provide assurance to external sources, internal audit is helping to promote compliance and efficiency within an institution. Typical internal audit activities include: • Process Reviews • Program/Project-specific Audits • System Audits • Fraud Investigations Internal audit may also work in conjunction with the A-133 audit team or help the institution to coordinate other external reviews.

  12. Internal Audit Overview • Key Construction Activities

  13. Internal Audit: Are They (We!) the Bad Guys? • The “watchdogs” of the institution • Internal audit horror stories? Or… • A critical business function whose role is to support the institution in achieving its strategic goals • A forward-looking, consultative function that helps the institution to anticipate and manage its risks proactively • Internal audit success stories?

  14. Beyond “Gotcha”: The Role of Internal Audit in Today’s Research Institution

  15. How Can Internal Audit Have a Positive Impact? At the Institution Level • Provide a comprehensive view of risk throughout the institution • Help management and administrators make the most of limited resources • Provide proactive advice for strengthening processes and controls At the Department Level • Identify fraud, waste, or abuse in your department • Help improve efficiency and compliance in your department • Give you a voice to management • Assist you in making difficult changes, such as implementing a new system

  16. How Does Internal Audit Fit within the Organization? • Audit Committee • This Board committee oversees the performance of the internal audit function, approves the annual audit plan, and reviews the audit results • Executive Leadership and Management • On a day-to-day basis, internal auditors report administratively to one or more members of the institution’s executive leadership, such as a chief financial officer. Internal audit should work collaboratively with management on annual audit planning, and should share audit results with management before reporting to the audit committee • Department • Each internal audit addresses the activities of one or more departments, either an academic or functional area • Process Owner • Internal auditors work with “process owners” to understand policies, procedures, and internal controls at a detailed level

  17. So, What Do They Do? – Examples of Common Internal Audit Engagements • Financial Audits • Reviewing expenses incurred by a Principal Investigator to assess allowability per federal or sponsor regulations • Compliance Audits • Reviewing the institution’s cost sharing policy for compliance with federal regulations and sponsor requirements • Operational Audits • Reviewing the operations of the procurement department to validate that cost effective and timely choices are being made • Risk Assessments • Evaluating risks in a particular area of the organization (or institution-wide) to identify areas of focus for audit testing (or the focus of the overall internal audit plan) • Fraud Investigations • Examining an allegation of fraud made via the institution’s anonymous whistleblower hotline

  18. Making the Most of Your Internal Audit Relationship • Key Construction Activities

  19. It’s Okay to Ask for Help Audits don’t have to be an unwanted experience. Internal audit can also perform audits/reviews at the request of a department and even provide “consulting” services. • Some instances when you may want to reach out to internal audit include: • When you suspect fraud or misuse of resources • If you need to identify best practices and/or compare issues against the organization’s (or specific area’s) peer group • When you suspect your internal controls are weak • If your operations aren’t as efficient as they could be

  20. How to Best Leverage Internal Audit to Help Your Department • Give details and specifics of the issue, including hard evidence if available • Be unbiased and objective; discuss the issue in terms of what’s best for the organization • Explain potential outcomes from the current situation, and what could happen if it continued unabated • Consider calling the anonymous hotline, especially if you worry about retribution

  21. The Audit Process:Where You Fit In and Best Practices for Survival • Key Construction Activities

  22. But Really, What Do Auditors DO?The Audit Process

  23. Phase 1: Audit Planning During the first phase of an audit, the auditors are working to identify the most beneficial objectives and what related processes or controls to review. To determine this, auditors assess several factors, including: • Risks within the identified audit area • Regulatory or compliance requirements • Changes in organizational leadership or processes • Results of prior audits

  24. Phase 1: Audit Planning – Where You Fit In and How to Survive • Designate an audit liaison from your institution/department to work directly with the auditors • Proactively share conflicts and timing constraints • Educate the auditors about your institution/department in your own terms to ensure you are speaking the same language • Educate yourself! Understand and use “audit lingo” to bridge any communication gaps • Disclose known issues within the audit area • Ask questions to understand why you were chosen for audit • Ensure that institution leadership and general counsel are made aware of any sponsor or OIG audits

  25. Phase 2: Preliminary Steps Before controls can be tested, auditors first need to understand how various processes work and what controls are involved. This phase will include: • Identifying and reviewing relevant organizational policies and procedures, laws and regulations, or research terms and conditions • Discussing how processes are performed within the specific audit area (process “walkthroughs”) • Creating flowcharts or other documents describing the process and identifying potential gaps or compliance concerns (and strengths!)

  26. Phase 2: Preliminary Steps – Where You Fit In and How to Survive • Illustrate your processes in a meaningful way • Use real life documents • Invite the auditors to sit with you and observe while you perform your responsibilities • Describe the department’s activities in such a way that the auditors will understand. Remember that auditors are not scientists! • Ask to review a draft of any documentation that the auditors create of your processes and controls to make sure they get it right, before decisions are made

  27. Phase 3: Fieldwork Once auditors have a grasp on how processes and controls should be functioning within an area, steps are taken to “test” if controls are actually working as intended. Fieldwork steps may include: • Transaction testing • Employee interviews • Data analytics

  28. Phase 3: Fieldwork – Where You Fit In and How to Survive • Confirm the need before providing documentation to avoid excessive document requests • Organize the documentation you provide to the auditors. Ask a colleague to double-check the completeness, accuracy, and organization • Schedule regular check-ins with the auditors to address their follow-up questions in a structured way • Explore alternatives if the documentation requested is not readily available. Auditors are often willing to perform alternate procedures or accept another type of documentation. Be creative! • Collaborate with the auditors to understand their preliminary findings before they start to write their report

  29. Phase 4: Reporting Most audits conclude with a written report of audit results, which detail any strengths, concerns (or “findings”), and recommendations resulting from the work performed. An audit finding should detail the: • Condition (What is?) • Criteria (What should be?) • Cause (Why is there a difference?) • Effect (What is the impact?) • Recommendation (How can this be corrected?)

  30. Phase 4: Reporting – Where You Fit In and How to Survive • Encourage the auditors to allow you to review the draft report before it is shared beyond your level or department. Provide feedback on the draft in a timely manner • Engage other institution leaders and/or general counsel if serious findings emerge. • Urge the auditors to be practical when making recommendations. Speak up when you know a recommendation will be difficult to implement in your department • Provide feedback to internal audit after the audit – remember that you are the client and they want to serve you better!

  31. Withstanding Audits • Key Construction Activities

  32. Withstanding Audits:Be Prepared • Review the agenda and ensure all records and personnel will be available • Provide a quiet location for the auditor(s) to work • Designate an audit liaison to interact regularly with auditor(s) and agree upon the frequency of checking in • Have all documentation readily available • Have personnel re-familiarize themselves with protocols and records

  33. Withstanding Audits:Be Prepared • Know and understand relevant regulations and guidance • Seek training • Review protocols and associated documents • Learn from past visits and audits

  34. Withstanding Audits:During the Audit • Take notes • Questions asked and answers given • Documents requested and provided • Discussions of complex issues • Keep copies of documents provided • Suggest a wrap-up at the end of each day to review outstanding items, questions, and any additional requests

  35. Withstanding Audits:During the Audit • Respond to questions asked with straightforward, honest, and complete answers • Provide only requested information – don’t answer unasked questions as it may lead to unnecessary prodding • Don’t debate – clarify misunderstanding with positive rather than negative statements • Be professional at all times – auditors are always listening and observing

  36. Withstanding Audits:Audit Completion • Auditors should conduct an exit interview – key process owners and stakeholders should participate and observations and finding should be reviewed • A report with observations and findings will be issued generally three to six weeks after the audit is completed • Reponses to audits will usually be requested in writing along with a corrective action plan if necessary • Written responses should be SMART • Specific, Measurable, Attainable, Relevant, Time-bound • Responses should also be clear and precise

  37. Questions & Comments www.bakertilly.com/higher-education Adrienne Larmett, MBA adrienne.larmett@bakertilly.com (703) 923-8134 Raina Rose Tagle, CPA, CIA, CISA raina.rosetagle@bakertilly.com (703) 923-8251

More Related