ISSUES IMPACTING OVERNMENTS FRAUD, DATA MINING AND SINGLE A€¦ · Data Mining - Basics • Forms of data; • Structured – data generally found in a data base, consists of a form

ISSUES IMPACTING GOVERNMENTS: FRAUD, DATA MINING AND SINGLE

AUDITPresented By:

William Blend, CPA, CFE

ETHICS AND FRAUD BASICS

3

How is Ethics Related to Fraud?Because Ethics is a discipline dealing with what is good and bad with moral duty and obligation.

5

Some Fraud Basics

Fraud Triangle – Pressure, Opportunity and Rationalization

Fraud Motivation – There is not just one! (Money, Ego, Entitlement, Ideology, Coercion)

Accidental and Predator Fraudsters – More than one type

6

Fraudsters – More Details

Accidental FraudsterAccidental Fraudster

Focus of Fraud TriangleFocus of Fraud Triangle

First‐Time OffenderFirst‐Time Offender

Well‐Educated, Male, Middle Class, Good Person

Well‐Educated, Male, Middle Class, Good Person

Pressure OccursPressure Occurs

RationalizationRationalization

Predator FraudsterPredator Fraudster

Deliberate, ArrogantDeliberate, Arrogant

Seeks OpportunitiesSeeks Opportunities

No Pressure or RationalizationNo Pressure or Rationalization

May Begin as AccidentalMay Begin as Accidental

Criminal MindsetCriminal Mindset

7

Fraud, Waste and Abuse

Fraud – an illegal act involving the obtaining of something of value through willful misrepresentation. Fraud is a determination to be made through the judicial process.Waste – involves not receiving reasonable value for money in connection with any government-funded activities.

Abuse – involves behavior that is deficient or improper when compared with behavior that a prudent person would consider reasonable and necessary business practice given the facts and circumstances.

DATA – FROM 2016 ACFE REPORT TO THE NATIONS

Victim Organizations - Government

How Occupational Fraud is Committed

Duration of Fraud Based on Scheme Type

Detection of Fraud SchemesInitial Detection of Occupational Frauds

Detection of Fraud Schemes (Cont.)

Source of Tips

PerpetratorsPosition of Perpetrator — Frequency and Median Loss

Perpetrators (Cont.)

Gender of Perpetrator — Frequency


Age of Perpetrator — Frequency & Median Loss

Perpetrators (Cont.)Tenure of Perpetrator — Frequency and Median Loss


Behavioral Red Flags of Perpetrators

REAL LIFE CASES - DISCUSSION

ORGANIZATION'S ANTI-FRAUDSCORE? – FOOD FOR THOUGHT

20

Organizational Fraud Checkup

Purpose potential clients think about possible issues that could impact their organization.

Consider offering this as a service to clients but remember, they should have legal representation involved.

21

Fraud risk oversight – to what extent has the organization established a process for oversight of fraud risk by its governance?

Fraud risk ownership – how has the organization created ownership of fraud risk by identification of parties having responsibilities for fraud risk and communication to others in the organization of responsible parties?

Fraud risk assessment – to what extent has the organization implemented an ongoing process to evaluate the risk of fraud in the organization?

Organizational Fraud Checkup (Cont.)

22

Fraud risk tolerance and risk management policy – does the organization have an approved fraud risk tolerance and risk management policy which includes a fraud risk component?

Process-level anti-fraud controls / re-engineering – how has the organization implemented measures to reduce each of the significant fraud risks identified through the fraud risk assessment?


23

Environment-level anti-fraud controls – to what extent has the organization implemented a process to promote ethical behavior, deter wrongdoing and promote two-way communication on difficult issues?

Proactive fraud detection – to what extent has the organization established a process to detect, investigate and resolve potentially significant fraud?


GOVERNMENT AUDIT EXPECTATIONGAP

25

Types of Audits

Financial statement audits – Focuses on looking for misstatements in the financial statements

OMB Circular A-133 Compliance Audits (or Single Audits) –Focuses on compliance with federal programs requirements and internal control over federal expenditures

Forensic (Fraud) Audits – Focuses on identification of fraud. Usually, narrowly focuses on specific allegation or suspected fraudulent activity

26

Role of Financial Statement Audit

Primarily for an opinion about the fair presentation of the financial statements

Provide only reasonable assurance that the financial statements are free from material misstatement, regardless of cause, but “reasonable” is defined as a “high” level of assurance

However, the role shouldn’t be taken for granted, as many analytical relationships among the financial statements, when performed by the auditor, can expose the potential issue

27

Financial Statement Audits

Only a small percentage of fraud detected by financial statement audit

Financial statement audits are not fraud or forensic audits

Objective is issuing an opinion of financial statements

The auditor’s report only gives “reasonable assurance” that there are no material misstatements in the financial statements

Auditors are not required to detect fraud

28

Financial Statement Audits (Cont.)

Auditor’s consideration of fraud risk is limited to material misstatements in the financial statements

Auditors obtain an understanding of internal control over financial reporting when planning the audit

A financial statement audit can provide valuable insight into adequacy of internal controls

Control weaknesses could be key indicator of a fraud opportunity

Auditors must exercise professional skepticism during the audit

DATA MINING

30

Data Mining

• Basics

• Reasons for Using

• Challenges

• Process

• Basic Data Analysis Techniques

31

Data Mining - Basics

• Data analysis can be used to search for patterns, anomalies and trends which may indicate potential error or fraud

• Data analysis tools can be used as part of a governments monitoring component of internal controls

• Data analysis allows for the evaluation of large amounts of data (big data)

• Big data is defined by Merriam-Webster as “an accumulation of data that is too large and complex for processing by traditional database management tools”

32


• Big data associated terms; • Volume – amount of data• Velocity – speed of information generated and flowing into an entity• Variety – types and sources of data available• Veracity/Value – is the data useful for the purpose intended and

what are the potential pitfalls of the data that might impact its usefulness

• Volatility – how long is the data valid for, where and in what form should it be stored. When does it become obsolete for its intended use

33


• Forms of data; • Structured – data generally found in a data base, consists of a

form that is usable and its form is predictable. Common example would be data in your financial accounting program such as utility billing, accounts payable, check registers, general ledger

• Unstructured – data not found in traditional data bases. Examples include vendor invoices, emails, social media, internet

34


• Data analysis software; • IDEA• ACL• ActiveData for Excel• AutoAudit• SNAP Reporter

35

Data Mining – Reasons for Using

• Due to the volume of data. Manually reviewing all documents is inefficient and time consuming

• Data mining allows for the examination of millions of records quickly, easily, and efficiently

• Data extraction and analysis software assists by highlighting individual transactions that have characteristics identified by the user as an anomaly

• Data analytics software allows the user the ability to analyze data from previous years, compare data from different locations, and perform continuous monitoring

36

Data Mining – Challanges

• Poorly defined scope

• Problems in obtaining data

• Manually maintained data

• False positives

• Failing to ensure data integrity

• Misinterpretation of results

• Improper data extraction

• Software costs

• Internal resources

• Buy in

37

Data Mining – Process

Data analysis involves running targeted tests on data to identify anomalies, the process includes four phases:

1. Planning2. Preparation3. Testing and interpretation4. Post-analysis

38


Planning Phase:1. Understand/Identify the data to be

mined/analyzed2. Develop procedures and objectives3. Evaluate the related process and identify risk4. Develop the criteria for exceptions

39


Preparation Phase:1. Identify the relevant data. Data bases have

many fields determine which ones will be required to properly perform the analysis

2. Obtain the data3. Verify the data – completeness and

competence4. Cleanse and normalize – obtain uniformity for

ease of analysis

40


Testing and Interpretation:1. Perform various data analysis techniques and

identify anomalies2. Investigate anomalies and determine; false

positives, exceptions, errors, etc.3. Report – summarize results as necessary

41


Post-analysis:1. Respond to findings2. Identification of improvements3. Implementation of improvements4. Review process for improvements

42

Data Mining – Basic Techniques

• There are a number of basic tests that can be used on data to detect anomalies in a data base.

• The use of a particular technique can vary depending on the identified potential anomaly identified in the planning phase.

• Often to perform a proper analysis a combination of techniques are utilized.

43


• Applying filters

• Gap detection

• Duplicate identification

• Data sorting

• Joining and matching

• Round dollar amounts

• Identification of amounts below a threshold

• Identification of unusual times and dates

44

Data Mining – Basic TechniquesApplying Filters

• A filter identifies only those records meeting user-defined criteria.

• After obtaining an overview of the data, the user can drill down into the details by specifying criteria to isolate certain records for review.

• The use of display criteria can focus attention on transactions outside of the ordinary and reduce review (and processing) time. The criteria can be used singly or in combination.

45


GAP Detection• Search for missing items in a series or sequence of

consecutive numbers.• Completeness of the data is important in data analysis, it

can also be an indicator of anomalies in data base.• When searching a data base, identifying what is not there

can often be as important as identifying what is there.• Users should look for expected items to ensure they exist

and investigate further if there is missing data. Some examples of data sets where this tool is useful include check numbers, purchase order numbers, and inventory tags.

46


Duplicate Identification• Looking for unexpected duplicates in a data set is another way

to uncover red flags.

• This technique can quickly review the file, or several files joined together, to highlight duplicate values of key fields.

• In many systems, the key fields should contain only unique values (no duplicate records).

• Although not necessarily proof of an issue, the presence of duplicate check numbers, direct deposit numbers, invoices, vendor names, and other data often merits further analysis.

47

Data Mining – Basic TechniquesDuplicate Identification (cont.)• Duplicate transactions are not necessarily indications of

problems with data completeness.• There may be a valid reason for the duplicate records.• Determining if a duplicate is an issue requires a sound

understanding of the data is necessary before drawing conclusions.

• Ex. - two different payments coded to the same invoice number is a red flag that perhaps one invoice was paid twice. However, a reasonable explanation for this finding would be that the invoice was paid in two partial payments.

48


Data Sorting• Sorting arranges the data in a file in ascending or

descending order based on one or more specified key fields.

• Commands can arrange information on any number of key fields quickly and easily. However, unusual transactions can be found simply by sorting on a field, such as the date or account number.

49


Data Sorting• Often, irregularities in the records are identified at the

beginning or end of a sorted file. For example an inventory listing by acquisition date, might reveal obsolete inventory. Other irregularities to look for include:• Values outside of the normal range for the field• Character data in numeric fields (or vice versa)• Records with blank field values• Payee or vendor names starting with blanks or unusual

characters

50


Joining and Matching• Combining two to different data bases into one file can

potentially identify anomalies which would require further analysis.

• Once the two files are combined the user must define a relationship, and compare and contrast the data.

51


Round‐Dollar Amounts• Intentional errors often occur in round-dollar amounts.

• Often these amounts occur for the same amount and on a regular basis.

• Searching for these types of transactions can potentially uncover fraud

52


Amounts Below Thresholds• Most governments have policies that disbursement

amounts above a certain threshold require special consideration. For example, checks greater than $1,000 might require two signatures, or invoices greater than $15,000 might require three phone quotes

• Employees are aware of these thresholds and may try to circumvent them by keeping activities below these thresholds.

53


Unusual Dates and Times• Most governments have normal working hours. Often fraud

or errors can occur or corrections made during off hours.

• In considering off hours/days also consider breaks, early and late work day times.

• If an organization allows remote access consider evaluating what type of activity is occurring through that process as well.

RED FLAGS AND DATA MINING

55

Data Mining – Billing Red Flags

• Incomplete vendor information

• Vendor address not a business address

• Duplicate Payments• Invoice payment

unusually quick• Excessive purchases of

a particular item

• Data Sorting


• Duplicate identification


Red Flag Technique

56

Data Mining – Check Tampering Red Flags

• Out-of-range checks

• Non-payroll checks to employees

• Round dollar amount

• Excessive void checks

• Excessive manual checks

• Data Sorting


• Gap detection



Red Flag Technique

57

Data Mining – Payroll Red Flags

• Multiple employees using same bank accounts

• Payroll checks paid to employees not in employee master file

• Pay rate variance between payroll register and employee file

• Unsupported adjustments to gross or net pay

• Multiple payments to employee in one pay period

• Data Sorting




Red Flag Technique

58

Data Mining – Procurement Red Flags

• Sequential purchase orders or invoices under competitive bidding limits

• Excessive change orders by vendor

• Vendor payments just under approval limits

• Payments to vendors not on approved vendor list

• Vendor payments posted to incorrect expenditure/expense account

• Data Sorting



• Identification of amounts below threshold

• Identification of unusual times and dates

Red Flag Technique

SINGLE AUDIT UPDATE –UNIFORM GUIDANCE OVERVIEW

60

Single Audit Update

• Overview of Uniform Guidance (UG)

• UG - Single Audit Changes

• UG - Impact on Auditee and Auditor

• UG - Focus on Internal Controls

• FL Single Audit and AG Findings

• FEMA

61

UG Components

• Subpart A - 200.0 Acronyms and Definitions

• Subpart B - 200.100 General Provisions

• Subpart C - 200.200 Pre-Award Federal Requirements and Contents of Federal Awards

• Subpart D - 200.300 Post Federal Award Requirements

• Subpart E - 200.400 Cost Principles

• Subpart F - 200.500 Audit Requirements

62

UG Appendices

• Appendix I - Full Text of Notice of Funding Opportunity

• Appendix II - Contract Provisions for Non-Federal Entity Contracts under Federal Awards

• Appendix III - Indirect Cost Procedures Educational Institutions (IHEs)

• Appendix IV - Cost Identification and Assignment, and Rate Determination for NFPs

• Appendix V - S&LG, Indian Tribes - Wide Central Service Cost Allocation Plans

63

UG Appendices (Cont.)

• Appendix VI - Public Assistance Cost Allocation Plans

• Appendix VII - S&LG and Indian Tribe Indirect Cost Proposals

• Appendix VIII - NFPs Exempted from Subpart E - Cost Principles

• Appendix IX - Hospital Cost Principles

• Appendix X - Data Collection Form

• Appendix XI - Compliance Supplement

64

Regulatory Changes - Part D Post Award

• Awarded entity responsible for implementing and maintaining effective internal control (utilizing Green Book model) (200.303 (a))

• Awarded entity to comply, evaluate, monitor and take prompt corrective action related to compliance with federal statutes, regulations, and grant agreements (200.303 (b), (c), (d))

• Awarded entity to take reasonable measures to safeguard PPI (200.303 (e))

UG – IMPACT ON SINGLE AUDITS

66

Basic Structure of Single AuditProcess Unchanged• Audit threshold (200.501)• Subrecipient vs. Contractor (200.501(f) & 200.330)• Biennial (200.504) & Program-specific (200.507) audits• Non-federal entity selects auditor (200.509)• Auditee prepares financial statements & SEFA (200.510)• Audit follow-up & corrective action (200.511 & 200.521)• 9 month due date (set in law) (200.512(a))• Reporting to Federal Audit Clearinghouse (200.512)• Major programs determined based on risk (200.518)• Compliance Supplement overall format

67

Single Audit Changes

• Increase audit threshold from $500,000 to $750,000

• Expected to reduce burden on 5,000 non-federal entities

• Maintains coverage of more than 99% of federal grantfunds currently covered

68

Single Audit Changes (Cont.)

Increase minimum threshold for Type A programs from $300,000 to $750,000

Utilize table format for ease of comprehension

Federal Awards Expended Type A/B Threshold$750,000 less than equal to $25 million $750,000

Exceed $25 million less than equal to $100 million Amt. of Federal Awards times .03

Exceed $100 million less than equal to $1 billion $3 million

Exceed $1 billion less than equal to $10 billion Amt. of Federal Awards times .003

Exceed $10 billion less than equal to $20 billion $30 million

Exceed $20 billion Amt. of Federal Awards times .0015

69


• Audit Coverage Rule If auditee meets criteria in 200.520 (low risk), all

major programs in aggregate must cover at least20% of federal awards. Reduced from 25%. If auditee does not meet criteria in 200.520 (low

risk), all major programs in aggregate must coverat least 40% of federal awards. Reduced from50%.

• Focus continues to be on highest risk programs

70


• As in UG, auditee will qualify as low risk only for each of the preceding two audit periods: Single audits were performed on an annual basis and DCF

and reporting package were submitted timely (200.512) Opinions on F/S and SEFA were unmodified No material weaknesses in internal control under GAGAS No audit findings for Type A programs that either were

material weaknesses in internal control, resulted inmodified opinion on a major program, or had known orlikely questioned costs that exceeded 5% of programexpenditures

71


• Auditor Type B Program Analysis Identify Type B programs which are high risk using

professional judgment and criteria in 200.519 Expected to perform risk assessment of Type B

programs that exceed 25% of the Type A threshold(previously stepped approach) (ex., $750k * .25 =$187,500)

Continues to encourage utilization of an assessment ofrisk that would result in different Type B programs to beaudited over a period of time

72


• Findings and Questioned Costs Must report known or questioned costs that are greater

than $25,000 (increase from $10,000) Continued emphasis on findings, including detail with

specifics to allow auditee to prepare the appropriatecorrective action plan

Continued emphasis on identification of prior findings,including updates and details as to why finding is notcorrected, if applicable

73

Changes to Major Program Determination• As in UG, Type A programs will be designated as low

risk only if: In the most recent period, the program received an

unmodified opinion; No material weakness in internal controls were reported;

and There were no questioned costs exceeding 5% of

program expenditures

• The program must have been audited as major in atleast one of the two most recent audit periods

74

Changes to Major Program Determination (Cont.)

• Reduce the number of Type B programs that mustbe tested as major from at least one-half (1/2) toat least one-fourth (1/4) of the number of low-riskType A programs identified

• Continues to allow the auditor to stop the riskassessment process at this point

75

Designation of Agency Officials

• Single Audit Accountable Official - Official responsiblefor ensuring the agency is in compliance with all auditrequirements and improving effectiveness of agency’suse of single audits

• Single Audit Liaison - Official serving as agency’s pointof contact for the single audit process. Appointed by theSingle Audit Accountable Official

UG – AUDITEE ANDAUDITOR IMPACT

77

Auditee and Auditor Impact

Important aspects of UG that impact auditees and the Single Audit process related to federal awards:• UG - not just an auditor responsibility

• Financial Management System

• Procurement

• Cost Principles - Personal and Indirect Costs

• Subrecipients and related monitoring

• Internal Controls

78

Grant Process Narrative

• Internal Controls over Grants - General In addition to controls over compliance for major

programs, auditees should maintain a narrative ofinternal controls for overall grant management

Grant process narrative should include the following:

o Key Personnel o IT Systemso Major Classes of Transactions o Information/Work Flowo Risks Inherent in the Process o Key Grant Controls

79

Scope of Audit under Uniform Guidance• Pursuant to Section 200.514

• General Must be conducted in accordance with GAGAS Must cover entire operations of the auditee Must encompass financial statements and SEFA F/S and SEFA must be for the same period

80

Scope of Audit under Uniform Guidance (Cont.)

• Financial Statements Must determine if F/S are presented fairly in

accordance with GAAP Must determine if SEFA is stated fairly in relation to

the F/S as a whole

81

• Internal Controls (in addition to GAGAS) Auditor must obtain understanding of internal

control over federal programs to support a lowassessed level of control risk of noncompliance formajor programs

If controls are effective, auditor must plan thetesting of internal control over compliance formajor programs to support a low assessed level ofcontrol risk for the assertions relevant to thecompliance requirements for each major program


82

• Internal Controls (in addition to GAGAS) Auditor must perform testing of internal control as

planned

If internal control likely to be ineffective, the Auditormust report a significant deficiency or materialweakness, assess the control risk at maximum, andconsider whether additional compliance tests arerequired


83

• Compliance (in addition to GAGAS) Auditor must determine whether the auditee has

complied with federal statutes, regulations, and theterms and conditions of federal awards that mayhave a direct and material effect on each of itsmajor programs

Auditor must determine the current compliancerequirements and modify audit proceduresaccordingly


84

• Compliance (in addition to GAGAS) For federal programs not included in the Compliance

Supplement, the Auditor must follow the ComplianceSupplement’s guidance for programs not included inthe supplement

Compliance testing must include tests of transactionsand such other auditing procedures necessary toprovide the Auditor sufficient audit evidence tosupport an opinion on compliance


85

• Audit follow-up Auditor must follow-up on prior audit findings,

perform procedures to assess the reasonablenessof the summary schedule of prior audit findings,and report, as a current year audit finding, if theauditee materially mispresented the status of theprior audit finding

Auditor must perform follow-up proceduresregardless of whether a prior audit finding relates toa major program in the current year


86

• Data Collection Form Auditor must complete and sign specified sections

of the Data Collection Form


87

• Audit Documentation - General SEFA (reconciled to G/L, accounting records) Determination of major programs

o Including low-risk Type A assessments and high-risk Type B assessments

2017 Compliance Supplement, including matrix Audit programs and SEFA disclosure checklist Grant Process Narrative Sampling documentation


88

• Audit Documentation - Each Major Program All grant agreements with expenditures Compliance Supplement specific to the program Auditee worksheet to identify applicable grant

requirements and responsible personnel Populations for sample selection that reconcile to

SEFA


89

• Audit Documentation - Each Major Program Risk assessment for compliance requirements Understanding of internal control over compliance,

including identification of key internal controls foreach direct and material compliance requirement

Testing procedures that incorporate previouslyidentified key internal controls for each direct andmaterial compliance requirement


UG - INTERNAL CONTROLS

91

UG Definitions - Internal Controls

• Section 200.61 - Internal controls (IC) means a process,implemented by a non-federal entity, designed toprovide reasonable assurance regarding the achieve-ment of objectives in the following categories:(a) Effectiveness and efficiency of operations(b) Reliability of reporting for internal and external use(c) Compliance with applicable laws and regulations

92

UG Definitions - Internal Controls (Cont.)

• Section 200.62 - IC over compliance requirements forfederal awards means a process implemented by a non-federal entity designed to provide reasonable assurance thattransactions are properly reported and accounted for in order to: Properly prepare financial statements and federal reports Maintain accountability over assets Demonstrate compliance with applicable statutes, regulations,

and award terms and conditions Ensure funds, property, and other assets are safeguarded

against loss from unauthorized use or disposition

93

Part D Post Award - Internal Controls

• Section 200.303 - The non-federal entity must: establishand maintain effective internal control over the federalaward that provides reasonable assurance that the non-federal entity is managing the federal award in compliancewith federal statutes, regulations, and the terms andconditions of the federal award.

• These internal controls should (best practice) be incompliance with guidance in ‘‘Standards for Internal Controlin the Federal Government’’ issued by the ComptrollerGeneral of the United States or the ‘‘Internal ControlIntegrated Framework’’ issued by COSO.

94

Impact - Internal Controls

General notes about Internal Controls:Provide reasonable assurance that objectives are metProcedures must be documented

• Manuals• Written Procedures

Management is responsible for • Developing• Documenting• Implementing• Monitoring

95

Standards: COSO vs. Green Book

Note: GAO combined COSO’s points of focus into attributes

Component COSO Green BookControl Environment 5 Principles

20 Points of Focus 5 Principles13 Attributes

Risk Assessment 4 Principles27 Points of Focus

4 Principles10 Attributes

Control Activities 3 Principles16 Points of Focus

3 Principles11 Attributes

Information & Communication

3 Principles14 Points of Focus

3 Principles 7 Attributes

Monitoring 2 Principles10 Points of Focus

2 Principles 6 Attributes

96

Example - Activities Allowed or Unallowed; Allowable Costs/Cost Principles

Component Control ActivitiesControl Environment • Management sets reasonable budgets, enforces

appropriate penalties for misuse of funds, andprovides personnel approving expenditures withcost principles for allowable and unallowableexpenditures.

97

Component Control ActivitiesRisk Assessment • Key manager has a sufficient understanding of staff,

processes, and controls to identify where unallowableactivities or costs could be charged to a federalprogram and not be detected. Key manager reviewsstaffing and processes on a regular basis.

Example - Activities Allowed or Unallowed; Allowable Costs/Cost Principles (Cont.)

98

Component Control ActivitiesControl Activities • Accountability provided for charges and costs between

federal and non-federal activities.• Process in place for timely updating of procedures for

changes in activities allowed and cost principles.• Computations checked for accuracy.• Supporting documentation compared to OMB A-87 of

allowable and unallowable expenditures.• Adjustments to unallowable costs made, where appropriate,

and follow-up action taken to determine the cause.• Adequate segregation of duties in review and authorization

of costs.• Accountability for authorization-by program or department-is

fixed in an individual who is knowledgeable of the require-ments for determining activities allowed and allowable costs.


99

Component Control ActivitiesInformation and Communication

• Reports, such as a comparison of budget to actual, providedto appropriate management for review on a timely basis.

• Establishment of internal and external communicationchannels on activities and costs allowed, and follow grantbudget.

• Training programs, both formal and informal, provideknowledge and skills necessary to determine activities andcosts allowed.

• Interaction between management and staff regardingquestionable costs.

• Grant agreements (including referenced program laws,regulations, handbooks, etc.) and cost principles circularsavailable to staff responsible for determining activitiesallowed and allowable costs under federal awards.


100

Component Control ActivitiesMonitoring • Management reviews supporting documentation of

allowable cost information.• Flow of information from federal agency to appro-

priate management personnel.• Comparisons made with budget and expectations of

allowable costs.• Analytic reviews (e.g., comparison of budget to actual

or prior year to current year) and audits performed.


FLORIDA SINGLE AUDIT UPDATEAND AG FINDINGS

102

Florida Single Audit Update

• Chapter 10.550 - Local Government

• Chapter 10.650 - For Profit and NFP

• Chapter 10.800 - District School Boards

• Chapter 10.850 - Charter Schools

• Link to website -http://www.myflorida.com/audgen/

103

Florida Single Audit Update (Cont.)

• Increase threshold from $500,000 to $750,000 inline with UG

• Increased reporting of questioned costs from$10,000 to $25,000 in line with UG

• For NFP and For Profit applicable for FY endedJuly 1, 2016 and thereafter

• Local Governments for FY ended September 30,2016 and thereafter

104

Florida AG Findings

• Obtained from Report No. 2017-180 Issued March 2017

• State of Florida - Single Audit Report (SFQC)

• Selected findings that could be found in local entity reports

• Provided for information and consideration purposes

105

Florida AG Findings

• Procedures were not adequate to ensure thatsubrecipient audit reports were obtained andreviewed for all subrecipients and subrecipientdeficiencies were timely followed up on.

• Data reported on quarterly Federal FinancialReports (FFRs) was not always accurate,complete, or adequately supported.

• Federal matching requirements not met andamounts were incorrectly reported.

106

Florida AG Findings

• Prior to awarding contracts, grantee did notalways obtain conflict-of-interest forms fromemployees taking part in contract procurementactivities.

• Grantee did not maintain appropriate records tosupport the salary and benefit costs foremployees paid solely from program.

• Grantee did not always limit federal funds drawsto amounts needed for immediate cash needs.

HHS/FEMA GRANT – 97.036

108

FEMA GRANT - 97.036 General Information• Funds received following a Presidential declaration

of a major disaster

• Assistance provided for debris removal, emergencyprotective measures, and the restoration of disaster-damaged, publically owned facilities

• The state generally acts as grantee for the programand is responsible for providing technical advice andassistance to the local governments

109

• Program awards are based upon a Project Worksheet(PW)

• PWs are prepared by a project formulation team, whichgenerally consists of representatives from FEMA, thestate and local government

• The PW documents the project formulation team’sdetermination of the eligible scope of work and costestimate

• Each PW has a control number and supplemental PWswill reference the original PW

FEMA GRANT - 97.036 General Information (Cont.)

110

• Accelerated debris removal - to incentivize, FEMAoffers a sliding scale for cost-sharing of debrisremoval

• The scale is 85% cost share for 1-30 days, 80%for 31-90 days and 75% for 91-180 days

• Unless FEMA authorizes an extension, no federaldollars will be provided for debris removal after180 days


111

• Record expenditures on the SEFA when:1. FEMA has approved the non-federal entity’s PW,

and2. The non-federal entity has incurred the eligible

expenditures.

• Federal awards expended in years subsequentto the fiscal year in which the PW is approved areto be recorded on the non-federal entity’s SEFAin those subsequent years.


112

• Example:1. FEMA approves the PW in fiscal year 2017 and

eligible expenditures are incurred in the non-federalentity’s fiscal year 2018; record the eligible expendi-tures in its fiscal year 2018 SEFA.

2. Eligible expenditures incurred in fiscal year 2017and FEMA approves the PW in fiscal year 2018;record the eligible expenditures in fiscal year 2018SEFA with a footnote that discloses the amountincluded on the SEFA that was incurred in a prioryear.


Questions or Comments

Documents

ISSUES IMPACTING OVERNMENTS FRAUD, DATA MINING AND SINGLE A€¦ · Data Mining - Basics • Forms of data; • Structured – data generally found in a data base, consists of a form