OMB Uniform Guidance (also known as UGG...)

 Federal agencies must implement policies and procedures by promulgating regulations to be effective December 26, 2014 ◦ Accomplished with issuance of recent Joint Interim Final Rule  Non-federal entities will need to implement the new administrative requirements and cost principles for all new Federal awards made after December 26, 2014, and to additional funding to existing awards (referred to as funding increments) made after that date ◦ Non-federal entities wishing to implement entity-wide system changes to comply with the guidance after December 26, 2014, will not be penalized for doing so  Audit requirements effective for fiscal years beginning on or after December 26, 2014 ◦ Not permitted to early implement any of the audit provisions 2

 COFAR FAQ ◦ Subrecipients & Subawards  Effective date for subawards is the same as the effective date of the Federal award from which the subaward is made.  The requirements for a subaward, no matter when made, flow from the requirements of the original Federal award from the Federal awarding agency. 3

Audits of Federal Awards (OMB Circular A-133) 4

 2 CFR ◦ Conduct audit in accordance with GAGAS ◦ Determine financial statements fairly presented ◦ Report on Schedule of Expenditures of Federal Awards ◦ Understand internal control and plan audit to support low level of control risk (test) ◦ Determine auditee complied with requirements of Federal Award. ◦ Follow-up on prior audit findings ◦ Report Findings ◦ Complete & sign Data Collection Form 5

 Summary of changes from the current requirements ◦ Increases audit threshold from $500,000 to $750,000 ◦ Type A/B threshold – minimum increases from $300,000 to $750,000 ◦ Loan/loan guarantee treatment in major program determination ◦ High-risk Type A program criteria ◦ High-risk Type B program criteria ◦ Percentage of coverage from 50/25% to 40/20% ◦ Low-risk auditee criteria ◦ Schedule of expenditures of federal awards changes ◦ Audit findings (threshold from $10,000 to $25,000) 6

 Four Step Process: 1.Identify Type A Programs 2.Identify low-risk Type A programs 3.Identify high-risk Type B programs 4.Determine major programs to audit 7 Total Federal awards expendedType A/B threshold Equal to $750,000 but less than or equal to $25 million$750, Exceed $25 million but less than or equal to $100 millionTotal Federal awards expended times.03. Exceed $100 million but less than or equal to $1 billion$3 million. Exceed $1 billion but less than or equal to $10 billionTotal Federal awards expended times.003. Exceed $10 billion but less than or equal to $20 billion$30 million. Exceed $20 billionTotal Federal awards expended times.0015.

Current A-133 criteria:  Not audited as major program in 1 of 2 most recent audit periods  In most recent period had Any Audit Finding ◦ Provided for auditor judgment in limited cases, e.g., very small questioned costs  Auditor considered risk related to: ◦ Federal or PTE oversight ◦ Inherent risk ◦ Results of audit follow-up ◦ Changes in personnel or systems Uniform Guidance: SAME “two year look-back” In most recent period had a High Risk Audit Finding identified as:  Modified opinion  Material weakness in internal control  Known or likely questioned costs exceeding 5% of total program expenditures Auditor only considers risk related to:  Federal or PTE oversight  Results of audit follow-up  Changes in personnel or systems. Key – An entity with strong internal controls and few audit findings will have fewer high-risk Type A programs 8

Current A-133 criteria:  Currently there are two Type B risk assessment options: ◦ Option 1 – Perform risk assessments on all Type B programs and select at least 50% of Type B programs identified as high risk up to number of low-risk Type A programs ◦ Option 2 – Perform risk assessments on all Type B programs until as many high- risk Type B programs have been identified as there are low-risk Type A programs. Uniform Guidance: Perform risk assessments on Type B programs until high-risk Type B programs have been identified up to at least 1/4th of number of low- risk Type A programs Type B program de minimis consideration (new criteria is 25% of Type A threshold) 9

 Since 2013, Program X has been a type B program at Entity X and it has not been audited as a major program. Recently, Program X experienced an increase in funding level and program expenditures. For the year ended 12/31/16, Program X is considered to be a type A program. Program X should considered to be a not low-risk type A program for the audited as a major program for the year ended 12/31/16.  True or False 10

Current A-133 criteria (2 prior years)  Annual single audits  Unmodified opinion on financial statements  Unmodified SEFA in-relation-to opinion  No GAGAS material weaknesses  In either of preceding two years, none of Type A programs had: ◦ Material Weakness ◦ Material noncompliance ◦ QC that exceed 5%  Timely filing with FAC  Auditor reporting of going concern would not preclude low-risk  Waivers 11 Uniform Guidance (2 prior years)  Annual single audits  Unmodified opinion on financial statements in accordance with GAAP or basis of accounting required by state law **  Unmodified SEFA in-relation-to opinion  No GAGAS material weaknesses  In either of preceding two years, none of Type A programs had: ◦ Material Weakness ◦ Material noncompliance ◦ QC that exceed 5%  Timely filing with FAC **  No auditor reporting of going concern  No waivers

 If state law permits but does not require an auditee to prepare financial statements in accordance with a basis that is not GAAP (e.g., cash, regulatory), auditee cannot be considered low-risk auditee  If the non-GAAP basis of accounting is required by state law, auditee can be considered low-risk auditee  If auditee voluntarily prepares financial statements on a non-GAAP basis of accounting (e.g., cash or modified cash), auditee cannot be considered low-risk auditee 12

 A local government has a June 30 th year end. For the year ended June 30, 2014, the data collection form and reporting package were submitted after the due date to the Federal Audit Clearinghouse. However, for the year ended June 30, 2015, the data collection form and reporting package were submitted on time. For the year ended June 30, 2016, the local government will not be a low-risk auditee.  True or false? 13

 At a minimum, the auditor must audit all of the following as major programs: ◦ All Type A programs not identified as low risk ◦ All Type B programs identified as high-risk  High-risk Type B programs up to at least 1/4th low risk Type A ◦ Such additional programs as may be necessary to comply with the percentage of coverage rule. This may require the auditor to audit more programs as major programs than the number of Type A programs. 14

 Coverage Rule - Old  High Risk = 50% of Total Federal Awards Expended  Low Risk = 25% of Total Federal Awards Expended  Coverage Rule - New  High Risk = 40% of Total Federal Awards Expended  Low Risk = 20% of Total Federal Awards Expended ◦ Scenario  A high risk entity which has $1,000,000 in federal expenditures would require a minimum coverage amount of what 15

 A Utility Authority is a low-risk auditee. In applying the four-step major program determination process, the auditor identified major programs which equated to 75 percent of the Utility Authority’s total federal expenditures.  The auditor may set aside programs that were selected as major to reduce audit coverage to 20 percent. True or False 16

 Loans ◦ Current – “…inclusion of large loan and loan guarantees (loans)should not result in the exclusion of other programs as Type A programs…” ◦ New – “…Federal program providing loans exceeds four times the largest non-loan program it is considered large, and the auditor shall consider this Federal program as a Type A program and exclude its values in determining other Type A programs…”  Was a safe harbor inclusion in the compliance supplement 17

 A small municipality has $750,000 in total federal award expenditures during the year. The $750,00 in federal award expenditures is made up of amounts from ten different federal programs from three federal agencies. Based on this information, the municipality would have no type A programs and the auditor would not select programs base one type a or b but would select based on meeting coverage requirements.  True or False 18

 A local school district had the following programs. You are the auditor of the district and must determine the type A & B thresholds.  Which programs would be type A?  Which programs would be type B? 19

Program Expenditures Program #1 5,000,000 Program #2 2,000,000 Program #3 200,000 Program #4 1,200,000 Program #5 100,000 Program #6 500,000 Total 9,000,000 20

 A local school district had the following programs including loan programs. You are the auditor of the district and must determine the type A & B thresholds.  Which programs would be type A?  Which programs would be type B? 21

Program Expenditures Program #1 (Loan Program) 24,000,000 Program #2 (Loan Program 3,000,000 Program #3 (Non-loan program) 800,000 Program #4 (Non-loan program) 200,000 Total 28,000,000 22

 Arrange for audit required by  Prepare appropriate financial statements ◦ Including SEFA  Follow-up & take correction action on findings  Provide the auditor with appropriate access to documentation 23

 Must prepare financial statements for the fiscal year audited that reflect current: ◦ Financial position ◦ Results of operation or changes in net assets ◦ Where appropriate, cash flows  Must be for same organizational unit and fiscal year that is chosen to meet the requirements of the Uniform Guidance  May include departments, agencies, and other organizational units that have separate audits under the Uniform Guidance 24

 Auditee must also prepare a schedule of expenditures of Federal awards for the period covered by the auditee's financial statements ◦ Must include the total Federal awards expended as determined in accordance with § Basis for determining Federal awards expended.  Sefa reconciles to supporting accounting and other records used in preparation of the financial statements or directly to the financial statements themselves.  Important to have accurate and complete as is basis for major program determination. 25

 List individual federal programs by federal agency  For clusters, provide the cluster name, list individual federal programs within the cluster of programs, and provide the applicable federal agency name  For R&D, total federal awards expended must be shown either by Federal award or by Federal agency and major subdivision within the federal agency  For federal awards received as a subrecipient, the name of the PTE and identifying number assigned by the PTE  Total federal awards expended for each individual federal program and the CFDA number or other identifying number when CFDA not available  For a cluster of programs also provide the total for the cluster  Include the total amount provided to subrecipients from each federal program 26

 For loan or loan guarantee programs, identify in the notes to the SEFA the balances outstanding at the end of the audit period  Notes that describe the significant accounting policies used in the preparing the SEFA  Note whether the auditee elected to use the 10% de minimis cost rate 27

 Total amount provided to subrecipients from each federal program: ◦ Previous guidance only required “to the extent practical” 28 Federal Grantor/Subdivision/Pass Through Grantor/Program Title Federal CFDA Number Pass Through Entity Identifying Number Federal Expenditures Expenditures to Subrecipients Department of Education Direct Program – Title I Grants to Local Educational Agencies N/A$1,000,000$800,000

 Clusters are groupings of CFDA numbers that are treated as if they are a single program for purposes of the single audit ◦ Research and Development (R&D) ◦ Student Financial Assistance (SFA) ◦ Other clusters (approx. 35)  Clusters identified in compliance supplement Part 5. 29

 Treatment of NSF and NIH awards ◦ NSF – Proposals due on or after 1/14/14 – R&D Cluster ◦ NIH – Agreements or budgets beginning on or after 12/26/14 – R&D Cluster 30

 Part 7 – Compliance Supplement ◦ Subgrant awards numbers assigned by pass-through entities not included ◦ Names of pass-through entities missing ◦ Grantor Federal agency names missing ◦ Grantor Federal agency subdivision names missing ◦ Multiple lines for CFDA number shown – total expenditures for CFDA number not shown ◦ Programs that are part of a cluster not shown as such ◦ Notes to SEFA missing ◦ Correct CFDA number ◦ R&D programs not identified as such 31

 2015 Compliance Supplement  Part 3 had two parts 3.1 & 3.2  D. Davis Bacon – Removed “Reserved”  H. Period of Availability = Period of Performance  K. Real Property Acquisition & Relocation - Removed “Reserved” 32

 Current Questioned Costs:  Auditor shall report known/likely questioned costs greater then $10,000  Proposed Questioned Costs: ◦ Auditor shall report known/likely questioned costs greater than $25,000  Why the change in reporting threshold? 33

 New language related to the specific information to include in audit findings: ◦ Federal Award Identification  CFDA Title & Name  Award Identification number & Year  Federal Agency & Pass-through entity ◦ Criteria ◦ Condition ◦ Statement of cause ◦ Statement of the effect or potential effect ◦ Known QC must include the CFDA #(s) and the award number(s) ◦ Perspective section (isolated, prevalent, type of sampling used) ◦ Identify if the finding is a repeat finding (and the prior year audit finding #) ◦ Recommendation ◦ Views of Responsible Officials 34

 Follow-up to audit findings ◦ Issue Mgmt Decision & submit to the Audit Clearinghouse ◦ Monitor corrective action (timely/appropriate) ◦ Develop a mechanism to evaluate effectiveness of the audit follow-up process ◦ Provide Compliance Supplement Updates  Remember fraud, waste, & abuse 35

 Part 6 - Internal Control ◦ Updates needed for new COSO internal control guidance ◦ Auditees (and auditors) consider looking to updated COSO or Government Accountability Office Green Book ◦ Will be updated in future supplements 36

Topic Strong Emphasis on Internal Controls Mentioned 103 times in the 12/26/2013 Federal Register notice Uniform Guidance Synopsis References “Standards for Internal Controls in the Federal Government”, issued by the Comptroller General (also known as the “Green Book”) and “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) What Does This Mean? While OMB has clarified in an FAQ that there is no expectation that we have to explicitly follow these referenced guidelines (as long as we have effective internal controls in place), it is unclear what the audit community will expect. 37

 Written policies and procedures are required! ◦ Written Cash Management Procedures – § (b)(6) & § ◦ Written Allowability Procedures - § (b)(7) ◦ Written Conflicts of Interest Policy - § (c) ◦ Written Procurement Procedures - § (c) ◦ Written Method for Conducting Technical Evaluations of Proposals and Selecting Recipients - § (d)(3) ◦ Written Travel Policy - § (b)

 Defined in Section  Internal controls ◦ a process, implemented by a non-Federal entity, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:  Effectiveness and efficiency of operations;  Reliability of reporting for internal and external use; and  Compliance with applicable laws and regulations. 39

 The non-Federal entity must: ◦ (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).  COFAR FAQ 303-1, 2, and 3 clarifies that should indicates a “best practice” and is not a presumptively mandatory requirement. 40

Control Environment Risk Assessment Control Activities Information & Communication Monitoring Activities 1.Demonstrates commitment to integrity and ethical values 2.Exercises oversight responsibility 3.Establishes structure, authority and responsibility 4.Demonstrates commitment to competence 5.Enforces accountability 6.Specifies suitable objectives 7.Identifies and analyzes risk 8.Assesses fraud risk 9.Identifies and analyzes significant change 10.Selects and develops control activities 11. Selects and develops general controls over technology 12.Deploys through policies and procedures 13.Uses relevant information 14.Communicates internally 15.Communicates externally 16.Conducts ongoing and/or separate evaluations 17.Evaluates and communicates deficiencies 41

 Required to address when implementing: ◦ 5 elements of control ◦ 17 principles  Points of focus (not required) ◦ COSO – 87 ◦ Green Book – 47 (attributes) 42

 Auditee’s should consider reviewing COSO/Green book.  Section requires the auditor to gain an understanding of internal control and plan the audit to support low level of control risk  Test Controls or  Report a significant deficiency or material weakness if controls are likely ineffective 43

 Guidance on subrecipient versus contractor determination expanded and relocated to administrative requirements ◦ Criteria for determination basically unchanged  New requirements for PTEs with regard to monitoring activities ◦ UG contains much more detailed than guidance previously contained in Compliance Supplement ◦ PTEs required to perform a risk assessment of subrecipient 44

 Under the new guidance – Agreements are required to include 15 specific data elements, including (§ ) : ◦ Subrecipient name (which must match registered name in DUNS) ◦ Federal award identification number (FAIN) ◦ Federal award date (see § , “Federal award date”) ◦ CFDA number/name ◦ Amount of Federal funds obligated  (Continued) 45

◦ Project description ◦ General & Specific Terms/Conditions ◦ Identification of whether the award is for R&D ◦ Access to records ◦ Indirect cost rate for the Federal award (including if the de minimis rate is charged per § , “Indirect (F&A) costs”) 46

 Pass-through entities are required to do the following: ◦ Perform risk assessments to determine appropriate subrecipient monitoring. ◦ Perform appropriate and ongoing monitoring of each subrecipient. On-site reviews, training, technical assistance, and contracting for an agreed-upon procedure engagement for monitoring are all examples of various monitoring efforts organizations may employ. ◦ Review reports that the pass-through entities require of the subrecipient ◦ Verify subrecipients have audits, as needed ◦ Consider how to address subrecipient noncompliance ◦ Issue a management decision for audit findings of the subrecipient within six months 47

 Publication of Single Audit Reports online with safeguards for protected personally identifiable information (Audit Clearinghouse) ◦ Auditees & Auditors must ensure PPI is not included ◦ Exception for Indian Tribes 48

 Changes/Initiatives: ◦ Indirect Cost Rates  Option of requesting extension of negotiated rate for a four (4) year period.  Can you request a rate review once the extension has been granted?  Can the Federal agency opt out or force renegotiation of the rate? 49

 Entities that never received or do not have a negotiated IDCR? ◦ Opt to use a minimum flat rate of 10% of modified total direct cost (MTDC) ◦ MTDC = Salaries/wages, benefits, supplies, travel, sub-grants, subcontracts. 50

 Pass-Through Entities must honor as the IDCR: ◦ IDCR negotiated between the subrecipient and the Federal government ◦ A negotiated rate between the pass-through & subrecepient (using federal guidelines) ◦ Or the de minimis IDCR (10%)  Allowing costs for efforts to collect improper payment recoveries (remember fraud, waste and abuse) 51

 2 CFR  Changes/Initiatives: ◦ Indirect Cost Rates  Option of requesting extension of negotiated rate for a four (4) year period.  Can you request a rate review once the extension has been granted?  Can the Federal agency opt out or force renegotiation of the rate?

 Entities that never received or do not have a negotiated IDCR? ◦ Opt to use a minimum flat rate of 10% of modified total direct cost (MTDC) ◦ MTDC = Salaries/wages, benefits, supplies, travel, sub-grants, subcontracts.

 Pass-Through Entities must honor as the IDCR: ◦ IDCR negotiated between the subrecipient and the Federal government ◦ A negotiated rate between the pass-through & subrecepient (using federal guidelines) ◦ Or the de minimis IDCR (10%)  Allowing costs for efforts to collect improper payment recoveries (remember fraud, waste and abuse)

 Can non-federal entities extend for 4 years?  What about 3 years or 2 years?

 Consolidate language between circulars  Focus on strong internal controls to justify costs of salaries and wages  When charges are based on budgeted amounts, IC must exist to ensure adjustments are made to amounts charged to Fed Awards  There is a requirement that charges must be based on records that accurately reflect the work performed and there are requirements for such records  Auditors need to focus on understanding how this change will impact their clients and consider how this area will be audited in the future  Removal of specific examples of compliance ◦ Informally have become a rule vs example 56

 Use documented procurement procedures  Maintain oversight  Written standards of conduct - No conflicts of interest  Most economical purchase option  Maintain records on history of procurement  Must conduct in a manner providing full and open competition  Methods (Next slide) 57

 Five methods prescribed in great detail ◦ Procurement by micro-purchase (<$3,000) ◦ Procurement by small purchase ($3,000 to $150,000)  Evaluation your policy and ensure it is not in conflict with threshold – requires price or rate quotations from an adequate number of constitute ◦ Procurement by sealed bids (formal advertising) ◦ Procurement by competitive proposal ◦ Procurement by noncompetitive proposal  Micro-purchases only new method under guidance; no requirement to obtain competitive quotes. 58

59

60

 For compliance with the new procurement standards only, the federal government is providing a grace period of one full fiscal year after the effective date of the Uniform Guidance  The COFAR FAQ goes on to provide information on certain documentation that the non-federal entity will have to provide in this regard and how it will affect the single audit in its first year. 61

 UG requires federal study of quality once every six years beginning in 2018 ◦ Statistically reliable estimate of the extent that single audits conform to applicable requirements, standards, and procedures ◦ Will result in recommendations to address noted audit quality issues  Results of reviews must be made public  2018 timing may result in audits implementing the UG for the first time being selected as part of the review 62

 Computer Equipment under $5,000 or the non- federal entity capitalization level are considered supplies and not equipment. (200.94)  Program Income – not previously defined in Circular A-133 is now included (200.80)  More specific language related to Subreceipient Monitoring & Management ( )  Required Certifications – Signed by Official who can legally bind the organization/penalties under false claims act. ( ) 63

 Internal Controls – Federal “Green Book” ◦ GAO Website  A Framework for Managing Fraud Risks in Federal Programs ◦ GAO Website SPhttp:// 593SP  Managing the Business Risk of Fraud ◦ paper/Fraud%20Exec%20Summary.pdf paper/Fraud%20Exec%20Summary.pdf ◦ Update Coming 64

65