The URL can be used to link to this page

Playing by the Rules Ch. 7 Chapter 7 Audits Contents Page 7.1 General Audit Requirements .....................................................................................................................7-3 7.2 Internal Control and Compliance Review ..............................................................................................7-4 7.3 Audit Reporting ..............................................................................................................................................7-4 7.4 Auditor Selection/Procurement ................................................................................................................7-5 7.5 Audit Services ..................................................................................................................................................7-6 7.6 Audit Review and Resolution (2 CFR 200.511) .....................................................................................7-6 Exercise for Chapter 7—Audits Questions .....................................................................................................7-8 Exercise for Chapter 7—Audits Answers ........................................................................................................7-9 Playing by the Rules: CDBG Administrative Systems | Chapter 7-1 Playing by the Rules: CDBG Administrative Systems | Chapter 7-2 Notes Chapter 7: Audits Typically, you will have an independent auditor (2 CFR 200.1) review your fnancial and program results to determine whether you are meeting your goals and complying with fnancial manage- ment requirements. As a recipient of Community Development Block Grant (CDBG) funds, you share the responsibility with your grantee to ensure that you are expending Federal resources “efciently, economically, and efectively to achieve the purposes for which the funds were furnished.”1 The fnancial and performance audits discussed in this chapter and noted in 2 CFR Part 200, Subpart F—Audit Requirements are designed to ensure that grantees and subrecipi- ent agencies are accountable to the public and meet this mutual responsibility, in particular for: 1. Financial audit: an independent, objective review of your agency’s fnancial reporting processes and fnancial statements, indicating they are accurate and complete. A primary purpose is to give assurance that your agency adheres to specifc fnancial re- quirements related to your accounting systems and procedures and that your fnancial statements are prepared in accordance with accepted accounting standards. 2. Performance audit: an independent examination of a program, function, operation, or management systems and procedures of your agency. The audit assesses whether your agency has efciently and efectively carried out your operations and achieved the intended results from your programs. In general, a formal audit by an independent public accounting (IPA) frm is the third phase of what may be a four-part examination process. The frst phase involves your internal bookkeep- ing systems and procedures, including your operating results for a given period of time. Here, you are comparing your agency’s fnancial and program results for that period against your overall goals and objectives. A second phase may involve an outside accountant’s collection and review of your operating data for a given period. However, such a review may be informal and result in the accountant’s formal opinion as to the reliability and accuracy of the results. The third phase of the examination, discussed in this chapter, involves a “single audit” that must be performed by an IPA frm any time your agency expends $750,000 or more in Federal funds in a year (2 CFR 200.501(a)). The primary goal of the audit is to determine whether your agency has adequate systems in place to assure that: • Goals and objectives are met. • Resources are safeguarded. • Laws and regulations are followed. • Reliable data are obtained, maintained, and accurately disclosed. This level of review should always result in a formal opinion of the accuracy and reliability of the data presented as expressed in a management letter, included as part of the audit. The fourth phase of an audit may involve a detailed evaluation by the Government Account- ability Ofce (GAO) or HUD’s Ofce of Inspector General (OIG). Such a review is designed to improve the compliance of agencies using Federal funds by identifying and correcting poor management practices within the agency. These types of audits are not discussed in detail here, but your grantee or local HUD ofce can provide you with information on GAO and OIG procedures and standards. This chapter summarizes Federal requirements for IPA audits of subrecipients subject to the provisions of the Single Audit Act and discusses: • General audit requirements (2 CFR 200.501). • Internal control and compliance reviews (2 CFR 200.61). • Audit reports (2 CFR 200.515). • Auditor selection and procurement (2 CFR 200.509). • Audit costs (2 CFR 200.425). • Audit review and resolution procedures. U. S. General Accounting Ofce, Government Accounting Standards (U.S. Government Printing Ofce: Washington, D.C., 19 1 Playing by the Rules: CDBG Administrative Systems | Chapter 7-3 Notes Chapter 7: Audits This chapter summarizes the procedures needed to comply with Federal requirements and demonstrates how an IPA audit can measure the strengths and weaknesses of your program to improve your agency’s performance. AS YOU READ THIS CHAPTER, THINK ABOUT… 1. Which of your agency’s activities may involve or be afected by any of the requirements summarized in this chapter? 2. Based on prior fnancial reviews or audits, does your agency have sufcient control over your fnancial situation and your CDBG-related activities? 3. Are there any specifc fnancial or program concerns that you need to address as part of your next audit? 4. Before your next audit, what fles, records, or procedures need to be organized and updated so that the auditor can more efciently collect and organize your data to provide feedback on your fnancial and program results? 7.1 General Audit Requirements Agencies that expend $750,000 or more in total Federal fnancial assistance in a year are re- sponsible for obtaining an independent audit in accordance with the Single Audit Act of 1984 (with amendment in 1996) 2 CFR 200, Subpart F—Audit Requirements. A single audit covers the entire operations of your agency, or at the option of the agency, a series of audits that cover departments, agencies, and other organizational units that expended or otherwise administered Federal awards during such audit period. The audit must include both the entity’s fnancial statements and the Federal funds it has expended (see 2 CFR 200.514(a)). The total computation of assistance includes all Federal funds received by the entire entity and not just the department or division receiving the CDBG funding. To determine the amount of Fed- eral assistance expended, all Federal assistance must be considered, including funds received: • Directly from a Federal agency. • Through a state or local government. • Through nonproft organizations. • Through any combination thereof (2 CFR 200.502(a-j)). If you expend less than $750,000 per year in Feder- al fnancial assistance, you are exempt from Federal audit requirements. However, your records must still be available for review by HUD, the grantee, or GAO (2 CFR 200.337). Also, there may be separate state or local laws imposing additional audit requirements. Federal fnancial assistance includes: • Grants • Loans • Contracts • Cooperative agreements • Loan guarantees • Property • Interest subsidies If your agency has expended more than $750,000 in a year under only one Federal program and you received no other Federal funding, you may elect to have a program-specifc audit conducted in lieu of a single audit. If your agency elects this option, the auditor(s) will perform the compliance testing for the individual grant program in accordance with program-specifc audits noted in 2 CFR 200.501(c) and 2 CFR 200.507. Whether your agency has a single audit or a program audit, you will be responsible for provid- ing the auditor with: • Access to personnel, accounts, books, records, supporting documentation, and other infor- mation as needed (2 CFR 200.508(c)). • Financial statements that refect your fnancial position, results of operations or change in your net assets, and cash fows for the fscal year (2 CFR 200.510(a-b)). • A summary schedule of any prior audit fndings noting whether corrective action was taken and the status of corrective actions not yet completed. Playing by the Rules: CDBG Administrative Systems | Chapter 7-4 Notes Chapter 7: Audits 7.2 Internal Control and Compliance Review See 2 CFR 200.1 Defnitions. The Single Audit Act requires, among other things, that the independent auditor determine and report on whether your organization or governmental entity has internal control systems to provide reasonable assurance that you are managing your Federal assistance programs in compliance with applicable laws and regulations (see 2 CFR 200.514(c)(2-3)). The auditor will perform tests of these controls to evaluate the efectiveness of the design and operation of your policies and procedures in preventing or detecting material noncompliance. The auditor will also conduct compliance testing (2 CFR 200.514 (c-d)). For the CDBG program, the auditor will examine a sample of transactions to determine whether: • Your reported expenditures were for allowable services, and your records document the eligibility of the benefciaries that received program benefts. • Your established applicable limitations (such as ceilings on administrative costs, or funding for public services, as well as allocations for activities to principally beneft low- and moder- ate-income individuals) were met (24 CFR 570.206). • Your fnancial reports and claims for advances and reimbursements contain information that is supported by the systems and records from your basic fnancial statements. • Program income received was properly recorded and used before drawing additional grant funds (24 CFR 570.504). • Your claimed expenses comply with the applicable cost principles and uniform administra- tive requirements (24 CFR 570.502). 7.3 Audit Reporting See 2 CFR 200.515. An audit report must be prepared following the completion of the audit. The auditor’s reports may be in the form of either combined or separate reports and must state that the audit was conducted in accordance with 2 CFR 200.515. For a single audit, the report must contain: • An opinion (or disclaimer of opinion) on whether your financial statements are pre-sented fairly in all material respects in accordance with generally accepted accounting principles, and an opinion (or disclaimer of opinion) on whether your schedule of Federal award expenditures is fairly stated in all material respects in relation to your fnancial state- ments as a whole (2 CFR 200.515(a)). • A report on your internal control measures over your financial reporting and compli-ance (2 CFR 200.515(b)) with provisions of laws, regulations, contracts, and award agree- ments, noncompliance with which could have a material efect on your fnancial statements. This report must describe the auditor’s scope of testing of your internal controls and the results of these tests and, where applicable, refer to the separate schedule of fndings and questioned costs (see 2 CFR 200.515(d)). This report is expected to identify your internal accounting controls and those controls designed to ensure that your Federally-assisted programs are being managed in compliance with applicable laws and regulations. • A report on compliance for each major program (2 CFR 200.518) and a report on inter-nal control over compliance describing the auditor’s scope of testing and an opinion (or disclaimer of opinion) that your organization complied with Federal statutes, regulations, terms, and conditions of Federal awards for each major Federally-assisted program being administered (2 CFR 200.515(c)). • A statement of positive assurance for those items tested. • Negative assurance for those items not tested. • A summary of all instances of noncompliance. • Identifcation of total amounts questioned. Playing by the Rules: CDBG Administrative Systems | Chapter 7-5 Notes Chapter 7: Audits • A schedule of findings and questioned costs must include the following three compo- nents (2 CFR 200.515(d)): 1. A summary of the auditor’s results (2 CFR 200.515(d)(1)). 2. Findings related to the fnancial statements (2 CFR 200.515(d)(2)). 3. Findings and questioned costs (2 CFR 200.515(d)(3)). The audit must be completed and submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or 9 months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day (2 CFR 200.512(a)(1)). You must electronically submit the data collection form SF-SAC used in the audit to the Federal Audit Clearinghouse (FAC) along with a copy of the reporting package indicating that the audit was completed accordingly (2 CFR 200.512(b)(1)), and provides: • Information about your organization. • Your Federal programs. • The results of your audit. • Necessary information for Federal agencies to ensure the integrity of Federal programs. • The data elements and format used, include collections of information from the reporting package (2 CFR 200.512(c)). • A signed statement from a senior representative (director of fnance, chief executive ofcer, chief fnancial ofcer) of your organization indicating: • Compliance with the preparation and collection of data. • Exclusion of protected personally identifable information. • All of the information included is accurate and complete. • The reporting package and form can be publicly available on the FAC website. Your auditor must complete the data collection form and sign a statement indicating: • The source of the information. • The auditor’s responsibility for the information. • The form is not a substitute for the reporting package (2 CFR 200.512(b)(3)(c)(1-4)). • The content is limited to the collection of information prescribed by OMB (2 CFR 200.512(b) (3)). You must submit a copy of the reporting package to HUD and your grantee. Unless restricted by Federal statutes or regulations, you must make copies available for public inspection, en- suring the reporting package does not include protected personally identifable information (2 CFR 200.512(a)(2)). You should maintain copies of your audit reports on fle for a minimum of 4 years from the date of their issuance. Similarly, you should ensure that your auditor maintains copies of their audit work information for a minimum of 4 years from the date of the report issuance. If there remain unresolved audit issues at the end of this 4-year period, you should notify the auditor in writing to extend the retention period. 7.4 Auditor Selection/Procurement In arranging for audit services, you must follow the procurement requirements found in 2 CFR 200.509(a-c). You must ensure that small audit frms and audit frms owned and controlled by minorities or women have the maximum practicable opportunity to participate in audit contracts (2 CFR 200.321). Your request for proposals for audit services should clearly state the objectives and scope of the audit. In selecting an auditor you should consider such factors as: • The responsiveness to the request for proposal. • Relevant experience. Playing by the Rules: CDBG Administrative Systems | Chapter 7-6 Notes Chapter 7: Audits • Availability of staf with professional qualifcations and technical abilities. • The results of peer and external quality control reviews. • Price. An auditor who prepares an indirect cost proposal or allocation plan cannot also perform your audit when your organization receives indirect costs in excess of $1 million. This restriction applies to the year the auditor prepared your indirect cost proposal or allocation plan and any subsequent years where this indirect cost agreement or allocation plan is used to recover costs (2 CFR 200.509(b)). 7.5 Audit Services See 2 CFR 200.425. A reasonably proportionate share of the costs of audits made in accordance with the Single Audit Act Amendments of 1996 (2 CFR 200.425(a)) is an allowable charge to Federal assistance programs. This charge can be treated as either a direct cost or an allocated indirect cost. For allocated indirect costs, the percentage of costs generally charged to Federal assistance programs for a single organization-wide audit should not exceed the percentage that your organization’s Federal funds represent of total funds expended during the applicable year. The percentage may be exceeded, however, if appropriate documentation demonstrates higher actual costs. The following audit charges are not allowed: • When the audit(s) is not conducted in accordance with the Single Audit Act Amendments and Subpart F—Audit Requirements (2 CFR 200.425(a)(1)). • When auditing an organization whose Federal award expenditures are less than $750,000 during its fscal year (2 CFR 200.425(a)(2)). 7.6 Audit Review and Resolution See 2 CFR 200.511. As noted in section 7.3 above, you must provide a copy of the reporting package to HUD and your grantee. Unless restricted by Federal statutes or regulations, you must make copies avail- able for public inspection, ensuring the reporting package does not include protected per- sonally identifable information. In its role as the entity providing the funds, your grantee will review all such reports to determine whether they meet relevant standards and are acceptable. Your organization must establish a system to ensure a timely and appropriate resolution to audit fndings and recommendations. This system must address both independent audits per- formed relative to the Single Audit Act and audits completed on your organization’s operations by the HUD OIG, GAO, or other governmental bodies. Your frst step in the resolution of an audit is the preparation of your “Management Response” to the fndings and recommendations in the audit report for follow-up and corrective action on all audit fndings. Your response should provide a summary schedule of any prior audit fndings (2 CFR 200.511(b)) noting: • If the audit fndings were fully corrected (2 CFR 200.511(b)(1)). • If the audit fndings were not corrected or only partially corrected—the summary schedule must describe the reasons (2 CFR 200.511(b)(2)). • The audit fndings are no longer valid or warrant no further action (2 CFR 200.511(3)). • For fndings/recommendations with which your organization agrees: Information on the actions you have taken (or plan to take) to correct the specifed noncompliance or fnancial system defciencies. • For fndings/recommendations with which your organization does not agree: The basis for your belief that an audit fnding or recommendation is inaccurate or inappropriate, includ- Playing by the Rules: CDBG Administrative Systems | Chapter 7-7 Notes Chapter 7: Audits ing relevant documentation. Typically, the written management response is due within 30 days of your organization’s re- ceipt of an audit report. If, in its management response, your organization disagrees with any of the audit fndings or recommendations, your grantee will re-examine the points in question to determine whether any revisions to the report’s fndings and recommendations are war- ranted and issue a management decision concerning the fnding(s) or recommendation(s) (2 CFR 200.521) within six months of acceptance of the audit report. If your organization agrees with the fndings and recommendations, or if your challenge to the audit report is not upheld in the grantee’s management decision, the next step in the resolu- tion process is: • The development of a corrective action plan. • Implementation of procedures to prevent the defcient conditions from re-occurring. This corrective action plan must address each audit fnding and provide: • The name(s) of the contact person(s) responsible for the corrective action. • The action planned. • The anticipated completion date (2 CFR 200.511(c)). In general, action to correct fndings or to implement recommendations must be initiated as rapidly as possible and begin no later than upon receipt of the audit report (2 CFR 200.521(d)). Your grantee may perform a site visit or require documentation that the corrective action has been implemented or may require your organization’s independent auditor to report on wheth- er you have implemented the prior year’s corrective action plan and/or recommendations. A “repeat finding” (a defciency or area of noncompliance that appears in more than one suc- cessive audit for your organization) will be viewed very seriously by a grantee and can result in special conditions being attached to your organization’s CDBG funding or other sanctions (2 CFR 200.505 and 2 CFR 200.339). Occasionally, the fndings from an audit will result in “questioned costs.” Your organization’s costs associated with its CDBG funding may be questioned for any of the following reasons: • There is inadequate documentation to support the expenditure or the amount charged to the grant. • The expenditure does not appear to be related to the grant project. • You incurred the cost outside the efective period of the subrecipient agreement or before environmental review clearance was achieved. • The expense is unallowable under the program regulations and applicable cost principles (2 CFR 200.410). • The cost required the prior approval of the grantee, and no prior approval was obtained (2 CFR 200.407). To resolve a questioned cost (2 CFR 200.1), you must: • Provide the missing documentation to support the expenditure and amount. • Ofer a detailed explanation of how the cost relates to the grant program. • Seek retroactive approval for an expense that required prior approval (which your grantee may or may not give). If you are not able to resolve a questioned cost to the satisfaction of the auditor and/or your grantee, the expense will be disallowed. A disallowed expense for which Federal funds were originally used must be reimbursed from non-CDBG/non-Federal funds. On occasion, you may be able to negotiate a repayment schedule with your grantee or the other relevant ofcials (e.g., HUD/OIG representatives). Playing by the Rules: CDBG Administrative Systems | Chapter 7-8 Notes Chapter 7: Audits Exercise for Chapter 7—Audits Questions Circle the correct answer. 1. A nonproft subrecipient that has expended $35,000 in Federal fnancial assistance in a year from multiple Federal programs must have: a. An audit of its entire operations. b. A program-specifc fnancial audit for each Federal award. c. Either (a) or (b). d. No audit is required. 2. A nonproft subrecipient that has expended a total of $750,000 in Federal fnancial assis- tance in a single year, but only from one Federal program, must have: a. An audit of its entire operations. b. A program-specifc fnancial audit for the Federal award. c. Either (a) or (b). 3. Which of the following are necessary components of a fnancial audit report under the Single Audit Act? Select all that apply. a. An organizational chart or description of the entity’s organizational structure. b. Financial statements and schedule of Federal assistance. c. An inventory of non-disposable property. d. An itemization of personnel positions and salaries. e. An evaluation of internal control systems. f. A report on compliance. g. An assessment of the entity’s efciency and efectiveness in its operation of the Federal program(s). 4. A subrecipient may procure independent audit services from any source of its choosing. TRUE FALSE 5. Cost considerations must be the dominant factor in the selection of auditors. TRUE FALSE 6. Since the Single Audit Act mandates a single audit for nonproft subrecipients that expend a total of $750,000 or more in a single year from multiple Federal programs, the nonproft can charge the full cost of the audit to those Federal programs. TRUE FALSE The answers are on the next page. Playing by the Rules: CDBG Administrative Systems | Chapter 7-9 Notes Chapter 7: Audits Exercise for Chapter 7—Audits Answers 1. (d) No audit is required. No audit is required because the subrecipient expended less than the $750,000 in total Federal assistance that would have triggered the requirement for an audit. 2. (c), Either (a) or (b).The subrecipient may have either type of audit. 3. (b), (e), and (f). 4. FALSE. Subrecipients must follow procurement rules in either the Federal Acquisition Regulation or in 2 CFR 200, Subpart D, as applicable. 5. FALSE. Cost should only be a selection factor when the other selection criteria such as the qualifcations and independence of the frms being considered have been met. 6. TRUE. Since the audit is a mandated Federal requirement, the Federal programs can pay the full cost of the audit.