Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intermediate Single Audit Issues: Planning, Performing and Reporting NASACT Audio Conference April 2, 2008 Presented by Frank Crawford, CPA Crawford &

Similar presentations


Presentation on theme: "Intermediate Single Audit Issues: Planning, Performing and Reporting NASACT Audio Conference April 2, 2008 Presented by Frank Crawford, CPA Crawford &"— Presentation transcript:

1 Intermediate Single Audit Issues: Planning, Performing and Reporting NASACT Audio Conference April 2, 2008 Presented by Frank Crawford, CPA Crawford & Associates, P.C.

2 Objectives High level overview of national single audit stat sample results Highlight and overview intermediate single audit issues identified Highlight and overview of advanced single audit issues identified Review SAS 112 impact Review initiatives to improve audit quality Take your questions

3 Single Audit Stat Sample Results Most prevalent deficiencies found –Not documenting the understanding of internal controls over compliance requirements (56.5%) –Not documenting the testing of internal controls of at least some compliance requirements (61%) –Not documenting compliance testing of at least some compliance requirements (59.6%)

4 Single Audit Stat Sample Results Not prevalent, but one of the most consequential deficiencies –Misreporting coverage of major federal programs, or in other words, one or more federal programs were identified as major programs when in reality they were not major programs Consequential because users may get a false sense of reliance by using opinions issued on major programs that were not actually audited as major –Sampling issues Insufficient sample sizes Lack of documentation of how the samples were selected and the population

5 Intermediate Single Audit Issues Identified Planning –Defining the reporting entity –Cognizant/Oversight Agency Identification and Considerations –Engagement Letter Considerations –Unique Considerations of Fraud and Abuse –Low-Risk Auditee Determinations –Identifying Federal Programs and Clusters

6 Intermediate Single Audit Issues Identified Planning Issues, cont. –Determination of Major Programs –Determination of Material Audit Requirements (part 2 of the Compliance Supplement) –Using Parts 3, 4, 5 and 7 of the Compliance Supplement to Create Audit Programs –Using Part 6 of the Compliance Supplement for Internal Control Documentation Designing, Performing, and Testing –Risk Assessment and Sample Size Determinations –Planning and Performing Dual Purpose Tests

7 Intermediate Single Audit Issues Identified Fieldwork –Auditing the Schedule of Expenditures of Federal Awards (SEFA) –Testing the Summary Schedule of Prior Audit Findings –Testing Information Technology (IT) Systems –Analysis of Audit Test Results and Exceptions –Determining Questioned Costs and Likely Questioned Costs –Testing Unique Requirements

8 Intermediate Single Audit Issues Identified Reporting –Qualitative Determination and Content of a Finding –Evaluating Findings and Determining Compliance Opinion(s) –Evaluating and Reporting on Internal Control –Modifications to Single Audit Reports –Preparation of the Schedule of Findings and Questioned Costs –Relationship of GAS Reports to Circular A-133 Reports and Schedules –Data Collection Form –Representation Letters for Federal Programs –Use of the GAS/A-133 Guide Illustrative Auditor Reports

9 Advanced Single Audit Issues Identified Planning, Fieldwork and Reporting –Accountability and Risk Management in a Single Audit –Key Considerations in Reviewing Single Audits –Preparing for and Responding to Quality Control Reviews (QCRs) –Firm-Specific Policies and Tools –Program-Specific Audit Considerations – Planning and Reporting –How to Recall and Reissue Single Audit Reporting Packages

10 Other intermediate and advanced single audit issues identified Stay current each year by reviewing –Changes to GAS/A133 Guide –AICPA Annual GAS/A133 ARA –Federal Agency Communications/Reports on Audit Deficiencies –Changes to Circular A-133 –Significant Changes to OMB Cost and Administrative Circulars –Updates to the OMB Compliance Supplement –Changes to the Data Collection Form

11 SAS 112 Impact Federal Register Notice, June 26 th, 2007, Volume 72, Issue 122 is the notice of the incorporation of SAS 112s requirements into the single audit process…

12 Pocket Guide to SAS 112 for Single Audit (A-133): What is the Likelihood of actual or potential noncompliance with a type of compliance requirement of a federal program, and what is the Magnitude of the actual or potential noncompliance? REMOTE S REMOTE M REMOTE L MORE THAN REMOTE S CONTROL DEFICIENCY SIGNIFICANT DEFICIENCY MATERIAL WEAKNESS MORE THAN REMOTE M MORE THAN REMOTE L Communicate in Writing

13 Footnotes to Pocket Guide Likelihood (two types) –Remote - the chance that the internal control deficiency would cause noncompliance with a type of compliance requirement of a federal program is slight –More than Remote – the chance that the internal control deficiency would cause noncompliance with a type of compliance requirement of a federal program is at least reasonable possible

14 Footnotes to Pocket Guide Magnitude defined as –S = Small (standards use term Inconsequential) –M = Medium (standards use the term More than Inconsequential) –L = Large (standards use the term Material) (can you tell that I worked in mens clothing store when I was a younger?)

15 Factors that may affect likelihood and magnitude Likelihood –The nature of the type of compliance requirement involved. For example, a specific special test or provision may involve greater risk because it is unique to the program and may require unique controls. –The susceptibility of the program and related types of compliance requirements to fraud. –The subjectivity and complexity involved in meeting the compliance requirement, and the extent of judgment allowed. –The cause and frequency of any known or detected exceptions related to the operating effectiveness of a control. –The interaction or relationship of the control with other controls. –The interaction of the control deficiency with other control deficiencies. –The possible future consequences of the deficiency

16 Factors that may affect likelihood and magnitude Magnitude –The program amounts or total of transactions exposed to the deficiency, in relation to the type of compliance requirement. –The volume of activity related to the compliance requirement exposed to the deficiency in the current period or expected in future periods. –Adverse publicity or other qualitative factors

17 Other factors to consider Combination of control deficiencies Evaluating the effect of compensating controls Deviations in the operating effectiveness of controls Prudent official test

18 Examples of typical significant deficiencies Policies and procedures that are incomplete, inadequate, or outdated for the activities subject to a type of compliance requirement Inadequate segregation of duties over a type of compliance requirement Controls over complex types of compliance requirements IT controls relating to the activity subject to the type of compliance requirement

19 Examples of typical material weaknesses Lack of operating policies and procedures for the activities subject to a type of compliance requirement Ineffective oversight of a major federal program by those charged with governance for compliance with those program requirements the activity subject to the type of compliance requirement, e.g., lack of adequate review of federal financial reports prior to submission to the grantor Identification by the auditor of material noncompliance for the period under audit that was not initially identified by the entitys internal control. (This is a strong indicator of a material weakness even if management subsequently corrects the noncompliance.)

20 Examples of typical material weaknesses, cont. An ineffective internal audit function or risk assessment function for a major program for which such functions are important to the monitoring or risk assessment component of internal control for a type of compliance requirement Identification of fraud in the program of any magnitude on the part of senior program management. For the purposes of evaluating and communicating deficiencies in internal control, the auditor should evaluate fraud of any magnitudeincluding fraud resulting in immaterial noncomplianceon the part of senior program management, of which he or she is aware Failure by management or those charged with governance to assess the effect of a significant deficiency previously communicated to them and either correct it or conclude that it will not be corrected An ineffective control environment. Control deficiencies in various other components of internal control could lead the auditor to conclude that a significant deficiency or material weakness exists in the control environment over compliance with major program requirements

21 Initiatives to improve audit quality Better and more effective training courses to be offered AICPA audit quality center task forces More clear and understandable language from the standard-setters Making a commitment

22 Questions???


Download ppt "Intermediate Single Audit Issues: Planning, Performing and Reporting NASACT Audio Conference April 2, 2008 Presented by Frank Crawford, CPA Crawford &"

Similar presentations


Ads by Google