Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
ISSUES IMPACTING GOVERNMENTS: FRAUD, DATA MINING AND SINGLE
AUDITPresented By:
William Blend, CPA, CFE
ETHICS AND FRAUD BASICS
3
How is Ethics Related to Fraud?Because Ethics is a discipline dealing with what is good and bad with moral duty and obligation.
5
Some Fraud Basics
Fraud Triangle – Pressure, Opportunity and Rationalization
Fraud Motivation – There is not just one! (Money, Ego, Entitlement, Ideology, Coercion)
Accidental and Predator Fraudsters – More than one type
6
Fraudsters – More Details
Accidental FraudsterAccidental Fraudster
Focus of Fraud TriangleFocus of Fraud Triangle
First‐Time OffenderFirst‐Time Offender
Well‐Educated, Male, Middle Class, Good Person
Well‐Educated, Male, Middle Class, Good Person
Pressure OccursPressure Occurs
RationalizationRationalization
Predator FraudsterPredator Fraudster
Deliberate, ArrogantDeliberate, Arrogant
Seeks OpportunitiesSeeks Opportunities
No Pressure or RationalizationNo Pressure or Rationalization
May Begin as AccidentalMay Begin as Accidental
Criminal MindsetCriminal Mindset
7
Fraud, Waste and Abuse
Fraud – an illegal act involving the obtaining of something of value through willful misrepresentation. Fraud is a determination to be made through the judicial process.Waste – involves not receiving reasonable value for money in connection with any government-funded activities.
Abuse – involves behavior that is deficient or improper when compared with behavior that a prudent person would consider reasonable and necessary business practice given the facts and circumstances.
DATA – FROM 2016 ACFE REPORT TO THE NATIONS
Victim Organizations - Government
How Occupational Fraud is Committed
Duration of Fraud Based on Scheme Type
Detection of Fraud SchemesInitial Detection of Occupational Frauds
Detection of Fraud Schemes (Cont.)
Source of Tips
PerpetratorsPosition of Perpetrator — Frequency and Median Loss
Perpetrators (Cont.)
Gender of Perpetrator — Frequency
Perpetrators (Cont.)
Age of Perpetrator — Frequency & Median Loss
Perpetrators (Cont.)Tenure of Perpetrator — Frequency and Median Loss
Perpetrators (Cont.)
Behavioral Red Flags of Perpetrators
REAL LIFE CASES - DISCUSSION
ORGANIZATION'S ANTI-FRAUDSCORE? – FOOD FOR THOUGHT
20
Organizational Fraud Checkup
Purpose potential clients think about possible issues that could impact their organization.
Consider offering this as a service to clients but remember, they should have legal representation involved.
21
Fraud risk oversight – to what extent has the organization established a process for oversight of fraud risk by its governance?
Fraud risk ownership – how has the organization created ownership of fraud risk by identification of parties having responsibilities for fraud risk and communication to others in the organization of responsible parties?
Fraud risk assessment – to what extent has the organization implemented an ongoing process to evaluate the risk of fraud in the organization?
Organizational Fraud Checkup (Cont.)
22
Fraud risk tolerance and risk management policy – does the organization have an approved fraud risk tolerance and risk management policy which includes a fraud risk component?
Process-level anti-fraud controls / re-engineering – how has the organization implemented measures to reduce each of the significant fraud risks identified through the fraud risk assessment?
Organizational Fraud Checkup (Cont.)
23
Environment-level anti-fraud controls – to what extent has the organization implemented a process to promote ethical behavior, deter wrongdoing and promote two-way communication on difficult issues?
Proactive fraud detection – to what extent has the organization established a process to detect, investigate and resolve potentially significant fraud?
Organizational Fraud Checkup (Cont.)
GOVERNMENT AUDIT EXPECTATIONGAP
25
Types of Audits
Financial statement audits – Focuses on looking for misstatements in the financial statements
OMB Circular A-133 Compliance Audits (or Single Audits) –Focuses on compliance with federal programs requirements and internal control over federal expenditures
Forensic (Fraud) Audits – Focuses on identification of fraud. Usually, narrowly focuses on specific allegation or suspected fraudulent activity
26
Role of Financial Statement Audit
Primarily for an opinion about the fair presentation of the financial statements
Provide only reasonable assurance that the financial statements are free from material misstatement, regardless of cause, but “reasonable” is defined as a “high” level of assurance
However, the role shouldn’t be taken for granted, as many analytical relationships among the financial statements, when performed by the auditor, can expose the potential issue
27
Financial Statement Audits
Only a small percentage of fraud detected by financial statement audit
Financial statement audits are not fraud or forensic audits
Objective is issuing an opinion of financial statements
The auditor’s report only gives “reasonable assurance” that there are no material misstatements in the financial statements
Auditors are not required to detect fraud
28
Financial Statement Audits (Cont.)
Auditor’s consideration of fraud risk is limited to material misstatements in the financial statements
Auditors obtain an understanding of internal control over financial reporting when planning the audit
A financial statement audit can provide valuable insight into adequacy of internal controls
Control weaknesses could be key indicator of a fraud opportunity
Auditors must exercise professional skepticism during the audit
DATA MINING
30
Data Mining
• Basics
• Reasons for Using
• Challenges
• Process
• Basic Data Analysis Techniques
31
Data Mining - Basics
• Data analysis can be used to search for patterns, anomalies and trends which may indicate potential error or fraud
• Data analysis tools can be used as part of a governments monitoring component of internal controls
• Data analysis allows for the evaluation of large amounts of data (big data)
• Big data is defined by Merriam-Webster as “an accumulation of data that is too large and complex for processing by traditional database management tools”
32
Data Mining - Basics
• Big data associated terms; • Volume – amount of data• Velocity – speed of information generated and flowing into an entity• Variety – types and sources of data available• Veracity/Value – is the data useful for the purpose intended and
what are the potential pitfalls of the data that might impact its usefulness
• Volatility – how long is the data valid for, where and in what form should it be stored. When does it become obsolete for its intended use
33
Data Mining - Basics
• Forms of data; • Structured – data generally found in a data base, consists of a
form that is usable and its form is predictable. Common example would be data in your financial accounting program such as utility billing, accounts payable, check registers, general ledger
• Unstructured – data not found in traditional data bases. Examples include vendor invoices, emails, social media, internet
34
Data Mining - Basics
• Data analysis software; • IDEA• ACL• ActiveData for Excel• AutoAudit• SNAP Reporter
35
Data Mining – Reasons for Using
• Due to the volume of data. Manually reviewing all documents is inefficient and time consuming
• Data mining allows for the examination of millions of records quickly, easily, and efficiently
• Data extraction and analysis software assists by highlighting individual transactions that have characteristics identified by the user as an anomaly
• Data analytics software allows the user the ability to analyze data from previous years, compare data from different locations, and perform continuous monitoring
36
Data Mining – Challanges
• Poorly defined scope
• Problems in obtaining data
• Manually maintained data
• False positives
• Failing to ensure data integrity
• Misinterpretation of results
• Improper data extraction
• Software costs
• Internal resources
• Buy in
37
Data Mining – Process
Data analysis involves running targeted tests on data to identify anomalies, the process includes four phases:
1. Planning2. Preparation3. Testing and interpretation4. Post-analysis
38
Data Mining – Process
Planning Phase:1. Understand/Identify the data to be
mined/analyzed2. Develop procedures and objectives3. Evaluate the related process and identify risk4. Develop the criteria for exceptions
39
Data Mining – Process
Preparation Phase:1. Identify the relevant data. Data bases have
many fields determine which ones will be required to properly perform the analysis
2. Obtain the data3. Verify the data – completeness and
competence4. Cleanse and normalize – obtain uniformity for
ease of analysis
40
Data Mining – Process
Testing and Interpretation:1. Perform various data analysis techniques and
identify anomalies2. Investigate anomalies and determine; false
positives, exceptions, errors, etc.3. Report – summarize results as necessary
41
Data Mining – Process
Post-analysis:1. Respond to findings2. Identification of improvements3. Implementation of improvements4. Review process for improvements
42
Data Mining – Basic Techniques
• There are a number of basic tests that can be used on data to detect anomalies in a data base.
• The use of a particular technique can vary depending on the identified potential anomaly identified in the planning phase.
• Often to perform a proper analysis a combination of techniques are utilized.
43
Data Mining – Basic Techniques
• Applying filters
• Gap detection
• Duplicate identification
• Data sorting
• Joining and matching
• Round dollar amounts
• Identification of amounts below a threshold
• Identification of unusual times and dates
44
Data Mining – Basic TechniquesApplying Filters
• A filter identifies only those records meeting user-defined criteria.
• After obtaining an overview of the data, the user can drill down into the details by specifying criteria to isolate certain records for review.
• The use of display criteria can focus attention on transactions outside of the ordinary and reduce review (and processing) time. The criteria can be used singly or in combination.
45
Data Mining – Basic Techniques
GAP Detection• Search for missing items in a series or sequence of
consecutive numbers.• Completeness of the data is important in data analysis, it
can also be an indicator of anomalies in data base.• When searching a data base, identifying what is not there
can often be as important as identifying what is there.• Users should look for expected items to ensure they exist
and investigate further if there is missing data. Some examples of data sets where this tool is useful include check numbers, purchase order numbers, and inventory tags.
46
Data Mining – Basic Techniques
Duplicate Identification• Looking for unexpected duplicates in a data set is another way
to uncover red flags.
• This technique can quickly review the file, or several files joined together, to highlight duplicate values of key fields.
• In many systems, the key fields should contain only unique values (no duplicate records).
• Although not necessarily proof of an issue, the presence of duplicate check numbers, direct deposit numbers, invoices, vendor names, and other data often merits further analysis.
47
Data Mining – Basic TechniquesDuplicate Identification (cont.)• Duplicate transactions are not necessarily indications of
problems with data completeness.• There may be a valid reason for the duplicate records.• Determining if a duplicate is an issue requires a sound
understanding of the data is necessary before drawing conclusions.
• Ex. - two different payments coded to the same invoice number is a red flag that perhaps one invoice was paid twice. However, a reasonable explanation for this finding would be that the invoice was paid in two partial payments.
48
Data Mining – Basic Techniques
Data Sorting• Sorting arranges the data in a file in ascending or
descending order based on one or more specified key fields.
• Commands can arrange information on any number of key fields quickly and easily. However, unusual transactions can be found simply by sorting on a field, such as the date or account number.
49
Data Mining – Basic Techniques
Data Sorting• Often, irregularities in the records are identified at the
beginning or end of a sorted file. For example an inventory listing by acquisition date, might reveal obsolete inventory. Other irregularities to look for include:• Values outside of the normal range for the field• Character data in numeric fields (or vice versa)• Records with blank field values• Payee or vendor names starting with blanks or unusual
characters
50
Data Mining – Basic Techniques
Joining and Matching• Combining two to different data bases into one file can
potentially identify anomalies which would require further analysis.
• Once the two files are combined the user must define a relationship, and compare and contrast the data.
51
Data Mining – Basic Techniques
Round‐Dollar Amounts• Intentional errors often occur in round-dollar amounts.
• Often these amounts occur for the same amount and on a regular basis.
• Searching for these types of transactions can potentially uncover fraud
52
Data Mining – Basic Techniques
Amounts Below Thresholds• Most governments have policies that disbursement
amounts above a certain threshold require special consideration. For example, checks greater than $1,000 might require two signatures, or invoices greater than $15,000 might require three phone quotes
• Employees are aware of these thresholds and may try to circumvent them by keeping activities below these thresholds.
53
Data Mining – Basic Techniques
Unusual Dates and Times• Most governments have normal working hours. Often fraud
or errors can occur or corrections made during off hours.
• In considering off hours/days also consider breaks, early and late work day times.
• If an organization allows remote access consider evaluating what type of activity is occurring through that process as well.
RED FLAGS AND DATA MINING
55
Data Mining – Billing Red Flags
• Incomplete vendor information
• Vendor address not a business address
• Duplicate Payments• Invoice payment
unusually quick• Excessive purchases of
a particular item
• Data Sorting
• Joining and matching
• Duplicate identification
• Applying filters
Red Flag Technique
56
Data Mining – Check Tampering Red Flags
• Out-of-range checks
• Non-payroll checks to employees
• Round dollar amount
• Excessive void checks
• Excessive manual checks
• Data Sorting
• Joining and matching
• Gap detection
• Applying filters
• Round dollar amounts
Red Flag Technique
57
Data Mining – Payroll Red Flags
• Multiple employees using same bank accounts
• Payroll checks paid to employees not in employee master file
• Pay rate variance between payroll register and employee file
• Unsupported adjustments to gross or net pay
• Multiple payments to employee in one pay period
• Data Sorting
• Joining and matching
• Applying filters
• Round dollar amounts
Red Flag Technique
58
Data Mining – Procurement Red Flags
• Sequential purchase orders or invoices under competitive bidding limits
• Excessive change orders by vendor
• Vendor payments just under approval limits
• Payments to vendors not on approved vendor list
• Vendor payments posted to incorrect expenditure/expense account
• Data Sorting
• Joining and matching
• Applying filters
• Identification of amounts below threshold
• Identification of unusual times and dates
Red Flag Technique
SINGLE AUDIT UPDATE –UNIFORM GUIDANCE OVERVIEW
60
Single Audit Update
• Overview of Uniform Guidance (UG)
• UG - Single Audit Changes
• UG - Impact on Auditee and Auditor
• UG - Focus on Internal Controls
• FL Single Audit and AG Findings
• FEMA
61
UG Components
• Subpart A - 200.0 Acronyms and Definitions
• Subpart B - 200.100 General Provisions
• Subpart C - 200.200 Pre-Award Federal Requirements and Contents of Federal Awards
• Subpart D - 200.300 Post Federal Award Requirements
• Subpart E - 200.400 Cost Principles
• Subpart F - 200.500 Audit Requirements
62
UG Appendices
• Appendix I - Full Text of Notice of Funding Opportunity
• Appendix II - Contract Provisions for Non-Federal Entity Contracts under Federal Awards
• Appendix III - Indirect Cost Procedures Educational Institutions (IHEs)
• Appendix IV - Cost Identification and Assignment, and Rate Determination for NFPs
• Appendix V - S&LG, Indian Tribes - Wide Central Service Cost Allocation Plans
63
UG Appendices (Cont.)
• Appendix VI - Public Assistance Cost Allocation Plans
• Appendix VII - S&LG and Indian Tribe Indirect Cost Proposals
• Appendix VIII - NFPs Exempted from Subpart E - Cost Principles
• Appendix IX - Hospital Cost Principles
• Appendix X - Data Collection Form
• Appendix XI - Compliance Supplement
64
Regulatory Changes - Part D Post Award
• Awarded entity responsible for implementing and maintaining effective internal control (utilizing Green Book model) (200.303 (a))
• Awarded entity to comply, evaluate, monitor and take prompt corrective action related to compliance with federal statutes, regulations, and grant agreements (200.303 (b), (c), (d))
• Awarded entity to take reasonable measures to safeguard PPI (200.303 (e))
UG – IMPACT ON SINGLE AUDITS
66
Basic Structure of Single AuditProcess Unchanged• Audit threshold (200.501)• Subrecipient vs. Contractor (200.501(f) & 200.330)• Biennial (200.504) & Program-specific (200.507) audits• Non-federal entity selects auditor (200.509)• Auditee prepares financial statements & SEFA (200.510)• Audit follow-up & corrective action (200.511 & 200.521)• 9 month due date (set in law) (200.512(a))• Reporting to Federal Audit Clearinghouse (200.512)• Major programs determined based on risk (200.518)• Compliance Supplement overall format
67
Single Audit Changes
• Increase audit threshold from $500,000 to $750,000
• Expected to reduce burden on 5,000 non-federal entities
• Maintains coverage of more than 99% of federal grantfunds currently covered
68
Single Audit Changes (Cont.)
Increase minimum threshold for Type A programs from $300,000 to $750,000
Utilize table format for ease of comprehension
Federal Awards Expended Type A/B Threshold$750,000 less than equal to $25 million $750,000
Exceed $25 million less than equal to $100 million Amt. of Federal Awards times .03
Exceed $100 million less than equal to $1 billion $3 million
Exceed $1 billion less than equal to $10 billion Amt. of Federal Awards times .003
Exceed $10 billion less than equal to $20 billion $30 million
Exceed $20 billion Amt. of Federal Awards times .0015
69
Single Audit Changes (Cont.)
• Audit Coverage Rule If auditee meets criteria in 200.520 (low risk), all
major programs in aggregate must cover at least20% of federal awards. Reduced from 25%. If auditee does not meet criteria in 200.520 (low
risk), all major programs in aggregate must coverat least 40% of federal awards. Reduced from50%.
• Focus continues to be on highest risk programs
70
Single Audit Changes (Cont.)
• As in UG, auditee will qualify as low risk only for each of the preceding two audit periods: Single audits were performed on an annual basis and DCF
and reporting package were submitted timely (200.512) Opinions on F/S and SEFA were unmodified No material weaknesses in internal control under GAGAS No audit findings for Type A programs that either were
material weaknesses in internal control, resulted inmodified opinion on a major program, or had known orlikely questioned costs that exceeded 5% of programexpenditures
71
Single Audit Changes (Cont.)
• Auditor Type B Program Analysis Identify Type B programs which are high risk using
professional judgment and criteria in 200.519 Expected to perform risk assessment of Type B
programs that exceed 25% of the Type A threshold(previously stepped approach) (ex., $750k * .25 =$187,500)
Continues to encourage utilization of an assessment ofrisk that would result in different Type B programs to beaudited over a period of time
72
Single Audit Changes (Cont.)
• Findings and Questioned Costs Must report known or questioned costs that are greater
than $25,000 (increase from $10,000) Continued emphasis on findings, including detail with
specifics to allow auditee to prepare the appropriatecorrective action plan
Continued emphasis on identification of prior findings,including updates and details as to why finding is notcorrected, if applicable
73
Changes to Major Program Determination• As in UG, Type A programs will be designated as low
risk only if: In the most recent period, the program received an
unmodified opinion; No material weakness in internal controls were reported;
and There were no questioned costs exceeding 5% of
program expenditures
• The program must have been audited as major in atleast one of the two most recent audit periods
74
Changes to Major Program Determination (Cont.)
• Reduce the number of Type B programs that mustbe tested as major from at least one-half (1/2) toat least one-fourth (1/4) of the number of low-riskType A programs identified
• Continues to allow the auditor to stop the riskassessment process at this point
75
Designation of Agency Officials
• Single Audit Accountable Official - Official responsiblefor ensuring the agency is in compliance with all auditrequirements and improving effectiveness of agency’suse of single audits
• Single Audit Liaison - Official serving as agency’s pointof contact for the single audit process. Appointed by theSingle Audit Accountable Official
UG – AUDITEE ANDAUDITOR IMPACT
77
Auditee and Auditor Impact
Important aspects of UG that impact auditees and the Single Audit process related to federal awards:• UG - not just an auditor responsibility
• Financial Management System
• Procurement
• Cost Principles - Personal and Indirect Costs
• Subrecipients and related monitoring
• Internal Controls
78
Grant Process Narrative
• Internal Controls over Grants - General In addition to controls over compliance for major
programs, auditees should maintain a narrative ofinternal controls for overall grant management
Grant process narrative should include the following:
o Key Personnel o IT Systemso Major Classes of Transactions o Information/Work Flowo Risks Inherent in the Process o Key Grant Controls
79
Scope of Audit under Uniform Guidance• Pursuant to Section 200.514
• General Must be conducted in accordance with GAGAS Must cover entire operations of the auditee Must encompass financial statements and SEFA F/S and SEFA must be for the same period
80
Scope of Audit under Uniform Guidance (Cont.)
• Financial Statements Must determine if F/S are presented fairly in
accordance with GAAP Must determine if SEFA is stated fairly in relation to
the F/S as a whole
81
• Internal Controls (in addition to GAGAS) Auditor must obtain understanding of internal
control over federal programs to support a lowassessed level of control risk of noncompliance formajor programs
If controls are effective, auditor must plan thetesting of internal control over compliance formajor programs to support a low assessed level ofcontrol risk for the assertions relevant to thecompliance requirements for each major program
Scope of Audit under Uniform Guidance (Cont.)
82
• Internal Controls (in addition to GAGAS) Auditor must perform testing of internal control as
planned
If internal control likely to be ineffective, the Auditormust report a significant deficiency or materialweakness, assess the control risk at maximum, andconsider whether additional compliance tests arerequired
Scope of Audit under Uniform Guidance (Cont.)
83
• Compliance (in addition to GAGAS) Auditor must determine whether the auditee has
complied with federal statutes, regulations, and theterms and conditions of federal awards that mayhave a direct and material effect on each of itsmajor programs
Auditor must determine the current compliancerequirements and modify audit proceduresaccordingly
Scope of Audit under Uniform Guidance (Cont.)
84
• Compliance (in addition to GAGAS) For federal programs not included in the Compliance
Supplement, the Auditor must follow the ComplianceSupplement’s guidance for programs not included inthe supplement
Compliance testing must include tests of transactionsand such other auditing procedures necessary toprovide the Auditor sufficient audit evidence tosupport an opinion on compliance
Scope of Audit under Uniform Guidance (Cont.)
85
• Audit follow-up Auditor must follow-up on prior audit findings,
perform procedures to assess the reasonablenessof the summary schedule of prior audit findings,and report, as a current year audit finding, if theauditee materially mispresented the status of theprior audit finding
Auditor must perform follow-up proceduresregardless of whether a prior audit finding relates toa major program in the current year
Scope of Audit under Uniform Guidance (Cont.)
86
• Data Collection Form Auditor must complete and sign specified sections
of the Data Collection Form
Scope of Audit under Uniform Guidance (Cont.)
87
• Audit Documentation - General SEFA (reconciled to G/L, accounting records) Determination of major programs
o Including low-risk Type A assessments and high-risk Type B assessments
2017 Compliance Supplement, including matrix Audit programs and SEFA disclosure checklist Grant Process Narrative Sampling documentation
Scope of Audit under Uniform Guidance (Cont.)
88
• Audit Documentation - Each Major Program All grant agreements with expenditures Compliance Supplement specific to the program Auditee worksheet to identify applicable grant
requirements and responsible personnel Populations for sample selection that reconcile to
SEFA
Scope of Audit under Uniform Guidance (Cont.)
89
• Audit Documentation - Each Major Program Risk assessment for compliance requirements Understanding of internal control over compliance,
including identification of key internal controls foreach direct and material compliance requirement
Testing procedures that incorporate previouslyidentified key internal controls for each direct andmaterial compliance requirement
Scope of Audit under Uniform Guidance (Cont.)
UG - INTERNAL CONTROLS
91
UG Definitions - Internal Controls
• Section 200.61 - Internal controls (IC) means a process,implemented by a non-federal entity, designed toprovide reasonable assurance regarding the achieve-ment of objectives in the following categories:(a) Effectiveness and efficiency of operations(b) Reliability of reporting for internal and external use(c) Compliance with applicable laws and regulations
92
UG Definitions - Internal Controls (Cont.)
• Section 200.62 - IC over compliance requirements forfederal awards means a process implemented by a non-federal entity designed to provide reasonable assurance thattransactions are properly reported and accounted for in order to: Properly prepare financial statements and federal reports Maintain accountability over assets Demonstrate compliance with applicable statutes, regulations,
and award terms and conditions Ensure funds, property, and other assets are safeguarded
against loss from unauthorized use or disposition
93
Part D Post Award - Internal Controls
• Section 200.303 - The non-federal entity must: establishand maintain effective internal control over the federalaward that provides reasonable assurance that the non-federal entity is managing the federal award in compliancewith federal statutes, regulations, and the terms andconditions of the federal award.
• These internal controls should (best practice) be incompliance with guidance in ‘‘Standards for Internal Controlin the Federal Government’’ issued by the ComptrollerGeneral of the United States or the ‘‘Internal ControlIntegrated Framework’’ issued by COSO.
94
Impact - Internal Controls
General notes about Internal Controls:Provide reasonable assurance that objectives are metProcedures must be documented
• Manuals• Written Procedures
Management is responsible for • Developing• Documenting• Implementing• Monitoring
95
Standards: COSO vs. Green Book
Note: GAO combined COSO’s points of focus into attributes
Component COSO Green BookControl Environment 5 Principles
20 Points of Focus 5 Principles13 Attributes
Risk Assessment 4 Principles27 Points of Focus
4 Principles10 Attributes
Control Activities 3 Principles16 Points of Focus
3 Principles11 Attributes
Information & Communication
3 Principles14 Points of Focus
3 Principles 7 Attributes
Monitoring 2 Principles10 Points of Focus
2 Principles 6 Attributes
96
Example - Activities Allowed or Unallowed; Allowable Costs/Cost Principles
Component Control ActivitiesControl Environment • Management sets reasonable budgets, enforces
appropriate penalties for misuse of funds, andprovides personnel approving expenditures withcost principles for allowable and unallowableexpenditures.
97
Component Control ActivitiesRisk Assessment • Key manager has a sufficient understanding of staff,
processes, and controls to identify where unallowableactivities or costs could be charged to a federalprogram and not be detected. Key manager reviewsstaffing and processes on a regular basis.
Example - Activities Allowed or Unallowed; Allowable Costs/Cost Principles (Cont.)
98
Component Control ActivitiesControl Activities • Accountability provided for charges and costs between
federal and non-federal activities.• Process in place for timely updating of procedures for
changes in activities allowed and cost principles.• Computations checked for accuracy.• Supporting documentation compared to OMB A-87 of
allowable and unallowable expenditures.• Adjustments to unallowable costs made, where appropriate,
and follow-up action taken to determine the cause.• Adequate segregation of duties in review and authorization
of costs.• Accountability for authorization-by program or department-is
fixed in an individual who is knowledgeable of the require-ments for determining activities allowed and allowable costs.
Example - Activities Allowed or Unallowed; Allowable Costs/Cost Principles (Cont.)
99
Component Control ActivitiesInformation and Communication
• Reports, such as a comparison of budget to actual, providedto appropriate management for review on a timely basis.
• Establishment of internal and external communicationchannels on activities and costs allowed, and follow grantbudget.
• Training programs, both formal and informal, provideknowledge and skills necessary to determine activities andcosts allowed.
• Interaction between management and staff regardingquestionable costs.
• Grant agreements (including referenced program laws,regulations, handbooks, etc.) and cost principles circularsavailable to staff responsible for determining activitiesallowed and allowable costs under federal awards.
Example - Activities Allowed or Unallowed; Allowable Costs/Cost Principles (Cont.)
100
Component Control ActivitiesMonitoring • Management reviews supporting documentation of
allowable cost information.• Flow of information from federal agency to appro-
priate management personnel.• Comparisons made with budget and expectations of
allowable costs.• Analytic reviews (e.g., comparison of budget to actual
or prior year to current year) and audits performed.
Example - Activities Allowed or Unallowed; Allowable Costs/Cost Principles (Cont.)
FLORIDA SINGLE AUDIT UPDATEAND AG FINDINGS
102
Florida Single Audit Update
• Chapter 10.550 - Local Government
• Chapter 10.650 - For Profit and NFP
• Chapter 10.800 - District School Boards
• Chapter 10.850 - Charter Schools
• Link to website -http://www.myflorida.com/audgen/
103
Florida Single Audit Update (Cont.)
• Increase threshold from $500,000 to $750,000 inline with UG
• Increased reporting of questioned costs from$10,000 to $25,000 in line with UG
• For NFP and For Profit applicable for FY endedJuly 1, 2016 and thereafter
• Local Governments for FY ended September 30,2016 and thereafter
104
Florida AG Findings
• Obtained from Report No. 2017-180 Issued March 2017
• State of Florida - Single Audit Report (SFQC)
• Selected findings that could be found in local entity reports
• Provided for information and consideration purposes
105
Florida AG Findings
• Procedures were not adequate to ensure thatsubrecipient audit reports were obtained andreviewed for all subrecipients and subrecipientdeficiencies were timely followed up on.
• Data reported on quarterly Federal FinancialReports (FFRs) was not always accurate,complete, or adequately supported.
• Federal matching requirements not met andamounts were incorrectly reported.
106
Florida AG Findings
• Prior to awarding contracts, grantee did notalways obtain conflict-of-interest forms fromemployees taking part in contract procurementactivities.
• Grantee did not maintain appropriate records tosupport the salary and benefit costs foremployees paid solely from program.
• Grantee did not always limit federal funds drawsto amounts needed for immediate cash needs.
HHS/FEMA GRANT – 97.036
108
FEMA GRANT - 97.036 General Information• Funds received following a Presidential declaration
of a major disaster
• Assistance provided for debris removal, emergencyprotective measures, and the restoration of disaster-damaged, publically owned facilities
• The state generally acts as grantee for the programand is responsible for providing technical advice andassistance to the local governments
109
• Program awards are based upon a Project Worksheet(PW)
• PWs are prepared by a project formulation team, whichgenerally consists of representatives from FEMA, thestate and local government
• The PW documents the project formulation team’sdetermination of the eligible scope of work and costestimate
• Each PW has a control number and supplemental PWswill reference the original PW
FEMA GRANT - 97.036 General Information (Cont.)
110
• Accelerated debris removal - to incentivize, FEMAoffers a sliding scale for cost-sharing of debrisremoval
• The scale is 85% cost share for 1-30 days, 80%for 31-90 days and 75% for 91-180 days
• Unless FEMA authorizes an extension, no federaldollars will be provided for debris removal after180 days
FEMA GRANT - 97.036 General Information (Cont.)
111
• Record expenditures on the SEFA when:1. FEMA has approved the non-federal entity’s PW,
and2. The non-federal entity has incurred the eligible
expenditures.
• Federal awards expended in years subsequentto the fiscal year in which the PW is approved areto be recorded on the non-federal entity’s SEFAin those subsequent years.
FEMA GRANT - 97.036 General Information (Cont.)
112
• Example:1. FEMA approves the PW in fiscal year 2017 and
eligible expenditures are incurred in the non-federalentity’s fiscal year 2018; record the eligible expendi-tures in its fiscal year 2018 SEFA.
2. Eligible expenditures incurred in fiscal year 2017and FEMA approves the PW in fiscal year 2018;record the eligible expenditures in fiscal year 2018SEFA with a footnote that discloses the amountincluded on the SEFA that was incurred in a prioryear.
FEMA GRANT - 97.036 General Information (Cont.)
Questions or Comments