Embed Size (px)
Citation preview
Single Audit Update
Joel M. Black, CPAPartner
Mauldin & Jenkins, LLC
Carole Burgess, CPAExecutive Editor
Tax and Accounting business ofThomson Reuters/
Practitioners Publishing Companywww.ppc.thomson.com
1
Session ObjectivesSession Objectives
• Discuss single audit related activity– SAS 115 and single audits– SAS 117– Status of AICPA audit guides– Recovery Act– 2010 Compliance Supplement– Other single audit activity
2
SAS No. 115SAS No. 115
• SAS 115 - Communicating Internal Control Related Matters Identified in an Audit Effective for audits of financial statements for periods ending on
or after December 15, 2009
• New definitions:– A material weakness is a deficiency, or combination of
deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented, or detected and corrected on a timely basis.
– A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.
3
SAS No. 115 and Single AuditsSAS No. 115 and Single Audits
• SAS 115 - Communicating Internal Control Related Matters Identified in an Audit– GAO has issued guidance allowing adoption of SAS 115 (actual
standards to be updated later) http://www.gao.gov/govaud/icguidance0811.pdf
– Yellow Book Illustrative Reports with SAS 115 definitions• See GAQC Alert #115 for details• Download example Yellow Book reports from:
http://gaqc.aicpa.org/Resources/Illustrative+Auditors+Reports/
• Revised reports will be incorporated into the 2010 GAS/A133 Guide
4
SAS No. 115 and Single AuditsSAS No. 115 and Single Audits
• SAS 115 - Communicating Internal Control Related Matters Identified in an Audit– OMB statement at beginning of OMB Circular A-133 stating the
terms “significant deficiencies” and “material weaknesses” are to be used as defined in GAAS and the Yellow Book
– AICPA has issued an auditing interpretation which defines the terms deficiency in internal control, significant deficiency, and material weakness from the perspective of reporting on internal control over compliance in a Circular A-133 audit
• March 2010• AU 9325.01-.03
5
SAS No. 115 and Single AuditsSAS No. 115 and Single Audits
• A deficiency in internal control over compliance exists when the design or operation of a control over compliance does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, noncompliance with a type of compliance requirement of a federal program on a timely basis.
6
SAS No. 115 and Single AuditsSAS No. 115 and Single Audits
• A material weakness in internal control over compliance is a deficiency, or combination of deficiencies, in internal control over compliance, such that there is a reasonable possibility that material noncompliance with a type of compliance requirement of a federal program will not be prevented, or detected and corrected, on a timely basis.
7
SAS No. 115 and Single AuditsSAS No. 115 and Single Audits
• A significant deficiency in internal control over compliance is a deficiency, or a combination of deficiencies, in internal control over compliance with a type of compliance requirement of a federal program that is less severe than a material weakness in internal control over compliance, yet important enough to merit attention by those charged with governance.
8
SAS No. 115 and Single AuditsSAS No. 115 and Single Audits
• SAS 115 - Communicating Internal Control Related Matters Identified in an Audit– A-133 Illustrative Reports with SAS 115 definitions
• Download example A-133 reports from: http://gaqc.aicpa.org/Resources/Illustrative+Auditors+Reports/
• Revised reports will be incorporated into the 2010 GAS/A133 Guide
9
SAS No. 117, SAS No. 117, Compliance AuditingCompliance Auditing
• Superseded SAS 74 and effective date for compliance audits for fiscal periods ending on or after June 15, 2010– Earlier application is permitted
• Provides additional auditing guidance when an audit of compliance is performed in connection with a GAAS and GAGAS audit of financial statements (i.e., OMB Circular A-133 audit)
• However, SAS 117 only applies to compliance audit portion of engagement and not the financial statement audit
• A compliance examination performed when an audit of financial statements is not required would continue to be performed under AT 601
10
11
SAS No. 117, Compliance Auditing
Specifically, the SAS revises AU sec 801 by• clarifying its applicability. • updating it for changes in the compliance audit environment. • establishing a requirement for the auditor to adapt and apply
GAAS, including the risk assessment and fraud standards (all of which primarily address audits of financial statements), to a compliance audit and providing guidance on how to do so.
• identifying the AU sections that are applicable to a compliance audit and those that are not applicable.
• defining terms related to a compliance audit. • identifying auditor requirements that are unique to a
compliance audit. • providing guidance on the factors an auditor may consider in
evaluating whether an entity has materially complied with the applicable compliance requirements.
• identifying the elements to be included in an auditor’s report on compliance.
12
SAS No. 117, Compliance Audits
AICPA working on new GAS and A-133 reports using SAS 117 language.
– Be on the lookout for these reports and AICPA advising not issuing any June 30, 2010 reports until these are available.
AICPAAICPA
• Status of A&A Guides– 2010 GAS/A133 Guide
• Updates being drafted – hope to issue in July/August• Incorporates SAS 115, 117, and OMB guidance
– Other standards applicable to compliance audit – guide will provide some guidance (e.g., fraud, internal auditors, etc.)
– Recovery Act guidance only appears at end of each chapter
– 2009 GAS/A133 Guide• SEFA Practice Aids, SAS 115 impact on Government
Auditing Standards reports, new Sampling Chapter
13
Recovery Act/Compliance Supplement: Recovery Act/Compliance Supplement: Information for 2010 Single AuditsInformation for 2010 Single Audits
• ARRA – American Recovery and Reinvestment Act• 2010 Compliance Supplement – Appendix VII (draft)
– Identification of ARRA expenditures– Separate ARRA presentation– ARRA Major Program Determination– Other Appendix VII Issues
• 2010 Compliance Supplement (CS) – Remaining Changes (draft)
These materials are based on the most recent drafts of the 2010 Compliance Supplement (dated March 2010). Updated information on the final Compliance Supplement will be provided during the ACPEN broadcast.
14
ARRA – American Recovery and Reinvestment Act of 2009
15
American Recovery and Reinvestment Act American Recovery and Reinvestment Act of 2009 (ARRA) (The Recovery Act)of 2009 (ARRA) (The Recovery Act)
• The American Recovery and Reinvestment Act of 2009 (Pub. L. No. 111-5) (ARRA) and the related OMB Guidance have significant implications for audits performed under OMB Circular A-133.
The ARRA imposes new transparency and accountability requirements on Federal awarding agencies and their recipients.
16
American Recovery and Reinvestment Act of 2009
• History to Date:– Recovery Act passed February 2009; significant impact
expected for 2010 and 2011 year-end audits– Accountability and Transparency are key features of the law
• QCRs built into the OMB guidance – results to be placed on Recovery.gov (unclear how this will be done)
• Auditees significantly affected by Section 1512 reporting • New body, Recovery Act Transparency Board (RATB),
monitoring activity and looking for fraud, waste, and abuse– Much more interest in single audits by federal agencies and
Congress
17
ARRA and CFDA Numbers
Federal agencies are required to specifically identify
ARRA awards, regardless of whether the funding is
provided under a new or existing CFDA number. The
CFDA number should be included in the grant award
documents.
18
ARRA Programs not subject to A-133
• Build America Bonds– Subsidy payment should not be included on the
Schedule of Expenditures of Federal Awards (SEFA) therefore not included in the scope of the single audit.
• COBRA– Tax credits to employers should not be presented
by auditees on the SEFA, and they should not be included in the scope of the single audit.
19
2010 Compliance Supplement – Appendix VII (draft)
20
These materials are based on the most recent drafts of the 2010 Compliance Supplement (dated March 2010). Updated information on the final Compliance Supplement will be provided during the ACPEN broadcast.
Identification of ARRA Funding
• Early identification is critical– Should be separate award– Revised terms and conditions– Subrecipients – more challenging
• Client should separately track ARRA expenditures
21
Identification of ARRA Funding
• Direct recipients – Look to:– CDFA #– Federal awards terms
• Stating ARRA funded• Requiring separate SEFA presentation• Requiring notification of ARRA funding to1st tier
subrecipients– At sub-award dates– At disbursement of funds
22
Identification of ARRA Funding
• 1st tier subrecipients - Look to:– CFDA #– Awards terms
• Stating ARRA funded• Requiring separate SEFA presentation
23
Identification of ARRA Funding
• Lower tier subrecipients– Look to
• CFDA #• Award terms stating ARRA funding
– Separate SEFA presentation required by Appendix VII
Separate ARRA Presentation
• Separate presentation on Schedule of Expenditures Federal Awards (SEFA)– Even if same CFDA #– New level of detail for Research and Development
(RD)• Separate presentation on Data Collection Form (DCF)
25
2010 Data Collection Form (DCF)
• Revised DCF for 2010 – 2008 to 2010 version not to be used for 2010– New version released for 2010 – 2012
• A new data element was added on Part III of the SF-SAC Form to identify ARRA expenditures
– Item 9d• The new 2010 Form will allow FAC to collect and store "Y"
or "N" to identify ARRA awards to allow for direct searching
• Other changes
26
Single Audits for Periods Ending BeforeJune 30, 2010
• 2009 Compliance Supplement, Appendix VII• Addendum #1 to 2009 Compliance Supplement –
Issued August 2009• GAQC Alert #123 – Clarifying Guidance on Effect of
Recovery Act Funds on Major Program Determination
27
Single Audits for Periods Ending on/after June 30, 2010
• Impact of Recovery Act on 2010 Compliance Supplement:– Guidance from 2009 CS Addendum #1
incorporated (e.g., in Part 3)– Updated Appendix VII
• Low-Risk Auditee Status• Extensions• Loans• Major program determination for ARRA funded
awards– Changes to other parts predominately due to ARRA
related requirements.
28
Low Risk Auditee and Extensions
• M-10-14, Updated Guidance on the American Recovery and Reinvestment Act (March 22, 2010) - See also GAQC Alert #141
“Due to the importance of the Single Audits and the reliance of Federal agencies on the audit results to monitor the accountability of Recovery Act programs, agencies should not grant any extension request to grantees for fiscal years 2009 through 2011. In order to meet the criteria for a low-risk auditee (OMB Circular A-133 §__.530) in the current year, the prior two years audits must have met the requirements of OMB Circular A-133, including report submission to the FAC by the due date (OMB Circular A-133 § __.320).”
29
Low Risk Auditee and Extensions
• 2010 Compliance Supplement includes new procedures for auditor’s consideration of loss of low-risk auditee status for late submissions to the Federal Audit Clearinghouse
• Beginning with audits covered by the 2010 Compliance Supplement, Appendix VII lists suggested audit procedures to determine whether previous submissions were made on a timely basis.– Lists steps to verify timely submission, including testing “FAC
Accepted Date”– New management representation if the entity did not meet the
single audit threshold in either of the prior two audit periods
30
• When applying the risk-based approach to determine which Federal programs are major programs: – The inclusion of large loan and loan guarantees
(loans) should not result in the exclusion of other programs as Type A programs.
– When a Federal program providing loans significantly affects the number or size of Type A programs, the auditor shall consider this Federal program as a Type A program and exclude its values in determining other Type A programs.
Impact of Loan Programs
31
Impact of Loan Programs
• Safe Harbor for Treatment of a Large Loan and Loan Guarantee Programs in Type A Program Determination– Each individual loan and loan guarantee program that does not exceed
four times the largest non-loan program is not considered to be large.
32
Impact of Loan ProgramsExample #1 University
Step 1 – Identify the largest non-loan program:
Program Name Amount
SFA Cluster (Loan Program)
Pell Grants 4,000,000
Perkins – Current Year Loans 500,000
Beginning Loans 5,800,000
FFEL – Current Year Loans 2,100,000
FWS 500,000
Total SFA Cluster 12,900,000
R&D Cluster (non-loan program) 2,000,000
TRIO Cluster(non-loan program) 300,000
Program Name Amount
SFA Cluster (Loan Program)
Pell Grants 4,000,000
Perkins – Current Year Loans 500,000
Beginning Loans 5,800,000
FFEL – Current Year Loans 2,100,000
FWS 500,000
Total SFA Cluster 12,900,000
R&D Cluster (non-loan program) 2,000,000
TRIO Cluster(non-loan program) 300,000
33
Step 2 – Calculate if loan program is greater than 4X largest non-loan program:
Impact of Loan Programs Example #1 University (Continued)
34
Impact of Loan ProgramsExample #1 University (Continued)
R&D Cluster 2,000,000
TRIO Cluster 300,000
Sum of Programs used to calculate Type A
2,300,000
Calculated Type A Threshold* $300,000
Step 3 – Calculate Type A Threshold
* Calculated to be $69,000, therefore defaulted to minimum of $300,000
35
Impact of Loan Programs Example #2 Governmental Entity
Step 1 – Identify the largest non-loan program:
Program Name Amount
CDBG (Loan Program)
Loans 12,000,000
Grant Expenditure 3,000,000
Sub-total CDBG 15,000,000
Home (Loan Program)
Loans 9,600,000
Grant Expenditures 400,000
Sub-total HOME 10,000,000
WIC 2,600,000
36
Impact of Loan Programs Example #2 Governmental Entity (Continued)
Step 2 – Calculate if loan program is greater than 4X
largest non-loan program:
37
Impact of Loan Programs Example #2 Governmental Entity (Continued)
Step 3 – Calculate Type A Threshold
$378,000Calculated Type A Threshold
.03Type A Factor (Expenditures $300K to $100M)
12,600,000Sum of Programs used to calculate Type A
2,600,000WIC
10,000,000HOME
Not includedCDBG
$378,000Calculated Type A Threshold
.03Type A Factor (Expenditures $300K to $100M)
12,600,000Sum of Programs used to calculate Type A
2,600,000WIC
10,000,000HOME
Not includedCDBG
38
• Clusters of programs specifically listed in the Supplement with a new ARRA CFDA number added during the current year that also has current year expenditures, should be considered a new program and would not qualify as a low-risk Type A program– Cluster will not meet the requirement of having been audited as a major
program in at least one of the two most recent audit periods as the Federal program funded under the ARRA did not previously exist.
– The Research and Development cluster (R&D) is not subject to this guidance due to its nature (e.g., CFDA numbers are not listed in Supplement for R&D and in some cases R&D is not assigned a CFDA number).
– The Student Financial Aid (SFA) Cluster is also not subject to this guidance
Effect of ARRA Awards on Major Program Determination - Clusters
39
Effect of ARRA Awards on Major Program Determination - Type A Programs
• Even though a Type A program otherwise meets the criteria as low-risk under Section 520(c) of OMB Circular A-133, due to the inherent risk associated with the transparency and accountability requirements governing expenditures of ARRA awards, any program or cluster with expenditures of ARRA awards would not qualify as a low-risk Type A.
– Even a de minimus amount of ARRA expenditures would not support identifying the program as low risk.
– See next slide for exception.– However SFA is excluded from this guidance
40
Effect of ARRA Awards on Major Program Determination -Type A Programs (Continued)
41
Effect of ARRA Awards on Major Program Determination – Type A Example
2009 State Fiscal Stabilization Fund (SFSF) •Audited as a Major Program•No Control Deficiencies•No Noncompliance
CFDAProgram
NameExpenses
84.394 ARRA-Education Stabilization
$1,000,000
CFDAProgram
NameExpenses
84.394 ARRA-Education Stabilization
$1,000,000
2010 State Fiscal Stabilization Fund (SFSF)
Can this be assessed as a low risk Type A in 2010?
CFDAProgram
NameExpenses
84.394 ARRA -Education Stabilization
$2,000,000
CFDAProgram
NameExpenses
84.394 ARRA -Education Stabilization
$2,000,000
Did not meet 1 of the 4 criteria to be assessed as low risk: (3) current year ARRA expenditures are more than 20% of program cluster [since 100% of expenditures are ARRA]
42
Effect of ARRA Awards on Major Program Determination - Type B Programs
• The auditor should consider all Type B programs and clusters with expenditures of ARRA awards to be programs of higher risk in accordance with Section 525(d) of OMB Circular A-133.
• The presumption is that Type B programs or clusters with ARRA expenditures would be audited as major when applying the provisions of Section 520(e)(2).
• However, the auditor is not precluded from selecting an especially risky Type B program that does not contain ARRA expenditures to audit as a major program in lieu of a Type B program or cluster with ARRA expenditures.
43
2010 Compliance Supplement (CS) – Remaining Changes – Draft
44
These materials are based on the most recent drafts of the 2010 Compliance Supplement (dated March 2010). Updated information on the final Compliance Supplement will be provided during the ACPEN broadcast.
• Matrix of Compliance Requirements– Changes made to programs based on ARRA
• For example Davis Bacon is now applicable for a few programs for which it didn’t used to be.
• Special Test and Provisions is applicable for all programs with ARRA funding, based on the Part 3 additions related to SEFA and separate identification
2010 Compliance Supplement - Part 2 Changes
45
• Allowable Activities– Include limitations on activities funded with ARRA
• Davis Bacon– Include coverage under ARRA
• Reporting– General changes to certain standard reports based
on agencies transitions to newer forms– Testing 1512 reports and applicable testing (ARRA
grant receipts & expenditure information – not currently for jobs information)
2010 Compliance Supplement - Part 3 Changes
46
• Procurement– Include ARRA Buy America Requirements
• Subrecipient monitoring– Added requirement for client review of subs CCRs
and related follow-up– Verification of subrecipients filing their A-133’s with
Clearinghouse– Strong push on identifying pass-through entity
information on SEFA and amounts passed-through in SEFA footnotes
2010 Compliance Supplement - Part 3 Changes
47
• Special Tests – Separate Accountability for ARRA Funding– ARRA Presentation on SEFA and Data Collection Form– Subrecipient Monitoring information required in SEFA (notes)
2010 Compliance Supplement - Part 3 Changes
48
Part 4• Incorporated information from 2009 Addendum #1• Several new programs added
Part 5• Many new clusters and additions to existing clusters
2010 Compliance Supplement - Parts 4 and 5 Changes
49
OMBOMBEarly Reporting of Control DeficienciesEarly Reporting of Control Deficiencies
• OMB Pilot Project– Volunteer states had auditors provide an interim
communication of deficiencies in internal control over compliance relating to Recovery Act funds
– CS also encourages other organizations to consider similar early reporting
50
OMBOMBEarly Reporting of Control DeficienciesEarly Reporting of Control Deficiencies
• Auditing interpretations on interim communication issued by Auditing Standards Board in November 2009– In response to OMB Pilot Project– Provide guidance and illustrative communication for both pilot
project and voluntary interim communications • Should not report at interim date that there are no material weaknesses or
significant deficiencies
– Interpretations can be found at: http://www.aicpa.org/Professional+Resources/Accounting+and+Auditing/Audit+and+Attest+Standards/Authoritative+Standards+and+Related+Guidance+for+Non-Issuers/Recently+Issued+Audit+and+Attestation+Interpretations.htm
51
Recovery Act Accountability and Transparency BoardRecovery Act Accountability and Transparency Board
• The Recovery Accountability and Transparency Board– Created by the Recovery Act with two goals:
• To provide transparency in relation to the use of Recovery-related funds
• To prevent and detect fraud, waste, and mismanagement
– Board consists of federal inspectors general from key federal agencies
– Becoming a larger player in single audit arena– To learn more visit:
http://www.recovery.gov/About/board/Pages/TheBoard.aspx
52
Questions?
53
