Transcription
Gov. Doc. No. 9a: GSA AP 5: Audit Program for Federal Award ProgramsRequirementsEntity: ComplianceFinancial Statement Date: Federal Program(s): IntroductionThis program is appropriate for single audits and program specific audits under OMB Circular A 133, Auditsof States, Local Governments, and Non Profit Organizations (as amended) (Gov. Doc. No. 8), and the 2012OMB Circular A 133 Compliance Supplement (Gov. Doc. No. 9 contains a link to the ComplianceSupplement). (The OMB is expected to publish an updated Compliance Supplement in the spring of 2013 foraudits of periods beginning after June 30, 2012. This program may, therefore, not be appropriate for auditsbeginning after that date.) This program is also available at Gov. Doc. No. 9a in PPC's GovernmentDocuments Library.Important Information About the American Recovery and Reinvestment Act of 2009. The American Recoveryand Reinvestment Act of 2009 (Recovery Act) has significant implications for Single Audits, including the following: New CFDA numbers are assigned for many Recovery Act awards, including existing programs that havesignificant new compliance requirements. Some existing programs without significant changes to compliancerequirements also have new CFDA numbers. Recovery Act awards must be separately reported on the schedule of expenditures of federal awards and thedata collection form. This requirement relates not only to Recovery Act funds expended for new programs butalso those expended for existing programs. Expenditures of Recovery Act awards have to be separatelyreported even if there is not a new CFDA number. Clusters of programs have been revised to include Recovery Act awards that share common compliancerequirements with existing programs. A cluster listed as an other cluster" in Part 5 of the 2012 ComplianceSupplement to which a new Recovery Act CFDA number(s) was added in 2010 that has current yearexpenditures should be considered a new program and would not qualify as a low risk Type A program underSec. 520(c) of OMB Circular A 133. In addition, other clusters listed in Part 5 of the 2012 ComplianceSupplement to which a federal program with a new Recovery Act CFDA number has been added during thecurrent year that also has current year expenditures should be considered a new program and would not qualifyas a low risk Type A program under Sec. 520(c) of OMB Circular A 133. [These provisions do not apply to theSFA cluster or to the Research and Development cluster.] Appendix VII of the 2012 OMB Circular A 133 Compliance Supplement (Gov. Doc. No. 9 in PPC's GovernmentDocuments Library) indicates that Recovery Act awards generally cannot be considered low risk. Due to theinherent risk associated with the transparency and accountability requirements governing expenditures ofRecovery awards, any Type A program or cluster with expenditures of Recovery Act awards would not qualifyas low risk even if it otherwise meets the low risk criteria under Sec. 520(c) of OMB Circular A 133. Even a deminimus amount of Recovery Act expenditures would not support considering the program to be low risk.Appendix VII also indicates that all Type B programs or clusters with expenditures of Recovery Act awardsshould be considered programs of higher risk in accordance with Sec. 525(d) of OMB Circular A 133. However,the auditor is not precluded from selecting an especially risky Type B program that does not contain RecoveryAct expenditures to audit as a major program in lieu of a Type B program or cluster with Recovery Actexpenditures. Appendix VII provides certain exceptions to these provisions. Part 2 of the 2012 Compliance Supplement identifies programs included in the Compliance Supplement thatare Recovery Act funded, in whole or in part, or have compliance requirements affected by the Recovery Act.However, numerous Recovery Act programs that are subject to an audit under OMB Circular A 133 are notincluded in the Compliance Supplement. Appendix VII of the 2012 Compliance Supplement lists the CFDAnumber, program name, and federal grantor for those excluded programs. Appendix VII also identifies five
Recovery Act funded programs that are not subject to an OMB Circular A 133 audit and are not to be includedin the Schedule of Expenditures of Federal Awards or in the determination of major programs.Part 3 of the 2012 Compliance Supplement indicates that auditors should specifically ask auditees about, and bealert to, recipient and subrecipient expenditure of funds provided by the Recovery Act.Important Information About the Federal Funding Accountability and Transparency Act. Certain aspects of theFederal Funding Accountability and Transparency Act (Transparency Act) (Public Law 109 282) relate to subawardreporting. In general, Transparency Act reporting requirements do not apply to Recovery Act funded awards.However, if a subaward is made using both Recovery Act and non Recovery Act funding sources, the Section 1512Recovery Act reporting requirement applies to the Recovery Act funded part of the subaward, while theTransparency Act reporting requirement applies to the non Recovery Act funds. Part 3 of the 2012 ComplianceSupplement provides suggested audit procedures relating to reporting under the Transparency Act.Using This Audit ProgramThe procedures in Part 3 of the Compliance Supplement and this audit program are labeled as suggested auditprocedures and should be tailored to the needs of the auditor and the circumstances. However, the authorssuggest that, for procedures not performed, an explanation be provided. This will be helpful in the event of a federalor pass through entity quality control review. The program is divided into parts representing the 14 types ofcompliance requirements listed in the Compliance Supplement. A summary of each of the compliancerequirements follows. For additional information see the reference included at each compliance type.One program may be used for all or selected major programs or a separate program may be used for each majorprogram. The auditor should be familiar with Chapters 6 and 7 of PPC's Guide to Single Audits, Chapter 13 of PPC'sGuide to Audits of Local Governments, or Chapter 14 of PPC's Guide to Audits of Nonprofit Organizations beforeusing this program.Documenting Applicable Compliance RequirementsThe auditor should document in the workpapers the types of compliance requirements that the matrix in Part 2 ofthe Compliance Supplement indicates are applicable to the major program. This may be accomplished byincluding a copy of the relevant page of the matrix in the workpapers, developing a matrix that reflects only theauditee's major programs, or preparing a memorandum. In addition, the auditor should document his or herconsideration supporting the decision as to which compliance requirements could have a material effect on theprogram and therefore should be tested. Part 3 Reporting of the 2012 Compliance Supplement providesguidance that explains how the designations Not Applicable and Applicable specifically relate to the reporting typecompliance requirement. Auditors should consider that guidance when determining and documenting applicablecompliance requirements for reporting.Internal ControlConsistent with Part 3 of the Compliance Supplement and the requirements of OMB Circular A 133 theaccompanying audit programs include generic audit objectives and suggested audit procedures to test internalcontrol. However, the auditor must determine the specific procedures to test internal control on a case by casebasis considering factors such as the non federal entity's internal control, the compliance requirements, the auditobjectives for compliance, the auditor's assessment of control risk, and the audit requirement to test internal controlas prescribed in OMB Circular A 133.PPC's SMART Single AuditPPC's SMART Single Audit turns hundreds of tedious pages of the Compliance Supplement into a conciseeasy to use audit program tailored to your specific federal award programs. It automates the processes ofdetermining major programs; low risk auditee status and appropriate compliance requirements, objectives, andaudit procedures; and preparing the compliance audit program and schedule of expenditures of federal awards.PPC's SMART Single Audit can be obtained by calling PPC at (800) 431 9025.
Safe Harbor" Status of the Compliance SupplementPart 1 of the Compliance Supplement notes that use of the Supplement is mandatory," and that auditors mustadhere to the Supplement to satisfy OMB Circular A 133 requirements. Part 1 also addresses the safe harbor"status of the Compliance Supplement. Specifically, it states that due to the diversity of programs and administeringentities, the suggested audit procedures are general in nature. Because the Compliance Supplement only provides suggested" audit procedures, it cannot be used as a safe harbor for determining the specific audit procedures toapply in a particular situation. Thus, auditors must use judgment in determining whether such procedures aresufficient to achieve the stated audit objectives, or whether alternative audit procedures are necessary. While OMBstates that the Compliance Supplement is not a safe harbor" for identifying the audit procedures that must beapplied in a single audit, it clarifies that the Compliance Supplement can be considered a safe harbor" foridentification of compliance requirements to be tested for programs included in the Compliance Supplement if theauditor both: Performs reasonable procedures to ensure that the requirements in the Compliance Supplement are currentand to determine whether there are any additional provisions of contract and grant agreements that should becovered by the audit. Updates or augments the requirements contained in the Compliance Supplement as appropriate.Sample SizeOMB Circular A 133 requires, for certain of its suggested audit procedures, that the auditor select a sample."However, minimum sample" sizes and acceptable selection methods are not specified. OMB Circular A 133currently permits these matters to be determined based on the auditor's professional judgment. The authorsbelieve that a sample" as used here does not necessarily mean use of sampling. In many instances because ofother procedures performed, low inherent and control risk of noncompliance, and/or small population sizes,sampling may not be necessary. The authors have developed the worksheet, Planning Worksheet to DetermineExtent of Substantive Procedures," (GSA CX 8.1, ALG CX 8.1 in PPC's Guide to Audits of Local Governments, andNPO CX 8.1 in PPC's Guide to Audits of Nonprofit Organizations) to aid the auditor in determining whether samplingis necessary. Planning the extent of substantive tests of compliance is discussed at Chapter 5 (section 503) inPPC's Guide to Single Audits, Chapter 13 in PPC's Guide to Audits of Local Governments, and Chapter 14 of PPC'sGuide to Audits of Nonprofit Organizations.In 2009, the AICPA developed extensive new guidance on sampling in an OMB Circular A 133 audit of compliancethat provides suggested minimum sample sizes as well as new methods for determining sample size, includingdifferent tables and methods for tests of controls than for tests of compliance. This guidance is provided in Chapter11, Audit Sampling Considerations of Circular A 133 Compliance Audits," of the GAS/A 133 AICPA Audit Guide.This sampling guidance has been incorporated in Chapter 5 and the sampling related practice aids in this Guide.A. ACTIVITIES ALLOWED OR UNALLOWED (See Gov. Doc. No. 9, Part 3, Section A.) This Section is N/A Compliance RequirementsThis compliance requirement specifies the activities that can or cannot be funded under a specific program andalmost always applies to federal programs. The specific requirements for activities allowed or unallowed are uniqueto each federal program and are found in the laws, regulations, and the provisions of contracts or grant agreementspertaining to each program. For programs listed in the Compliance Supplement, these specific requirements areincluded in Part 4 Agency Program Requirements or Part 5 Clusters of Programs, as applicable. (See Gov. Doc.No. 9, Part 4.)In addition, a cross cutting unallowable activity has been established for all Recovery Act funded awards. Pursuantto Section 1604 of the Recovery Act, none of the funds appropriated or otherwise made available by the RecoveryAct may be used by any State or local government, or any private entity, for any casino or other gamblingestablishment, aquarium, zoo, golf course, or swimming pool.Source of Governing Requirements
The requirements for activities allowed or unallowed are contained in program legislation or, as applicable, theRecovery Act, federal awarding agency regulations, and the terms and conditions of the award.Audit Objectives1. Obtain an understanding of internal control, assess risk, and test internal control as required by OMBCircular A 133 § .500(c).2. Determine whether federal awards were expended only for allowable activities.Suggested Audit ProceduresInternal Control1. Using the guidance provided in Part 6 Internal Control of the ComplianceSupplement at Gov. Doc. No. 9, perform procedures to obtain an understand ing of internal control sufficient to plan the audit to support a low assessed levelof control risk for the program.2. Plan the testing of internal control to support a low assessed level of control riskfor activities allowed or unallowed and perform the testing of internal control asplanned. If internal control over some or all of the compliance requirements islikely to be ineffective, see the alternative procedures in § .500(c)(3) of OMBCircular A 133, including assessing the control risk at high and consideringwhether additional compliance tests and reporting are required because ofineffective internal control.3. Consider the results of the testing of internal control in assessing the risk ofnoncompliance. Use this as the basis for determining the nature, timing, andextent (e.g., number of transactions to be selected) of substantive tests ofcompliance.Compliance4. Identify the types of activities which are either specifically allowed or prohibitedby the laws, regulations, and the provisions of contracts or grant agreementspertaining to the program.5. When allowability is determined based upon summary level data, performprocedures to verify that the activities were allowable and that the individualtransactions were properly classified and accumulated into the activity total.6. When allowability is determined based upon individual transactions, select asample of transactions and perform procedures to verify that the transactionwas for an allowable activity.Practical Considerations: Transaction testing is included as a suggested audit procedure in several of the suggestedaudit procedures, including this step. To aid the auditor in coordinating and completing theseprocedures more efficiently, the authors have developed the worksheet at GSA CX 10.1. Part 3, Section D of the Compliance Supplement notes that auditors are not expected todetermine whether prevailing wage rates were paid.7. The auditor should be alert for large transfers of funds from program accountswhich may have been used to fund unallowable activities.N/APerformed byand DateWorkpa per Index
B. ALLOWABLE COSTS /COST PRINCIPLES (See Gov. Doc. No. 9, Part 3, Section B.) This Section is N/A Allowable Costs/Cost Principles almost always applies since most federal programs have charges for goods orservices. However, if a program only involves benefits to eligible recipients, with no administrative costs, purchasesof goods or services (including salaries and overhead), or allocated costs, then allowable costs may not apply.Applicability of OMB Cost Principles CircularsThe OMB cost principles circulars prescribe the cost accounting policies associated with the administration ofFederal awards. The cost principles applicable to a non federal entity apply to all federal awards received by theentity, regardless of whether the awards are received directly from the federal government or indirectly through apass through entity. The circulars describe selected cost items, allowable and unallowable costs, and standardmethodologies for calculating indirect costs rates (e.g., methodologies used to recover facilities and administrativecosts (F&A) at institutions of higher education). Federal awards include federal programs and cost type contractsand may be in the form of grants, contracts, and other agreements.Source of Governing RequirementsThe requirements for allowable costs/cost principles are contained in the A 102 Common Rule (§ .22) (Gov.Doc. No. 10), OMB Circular A 110 (2 CFR section 215.27) (Gov. Doc. No. 6), program legislation, federal awardingagency regulations, and the terms and conditions of the award.The three cost principles circulars are as follows: OMB Circular A 87, Cost Principles for State, Local, and Indian Tribal Governments (2 CFR part 225) (Gov. Doc.No. 4). OMB Circular A 122, Cost Principles for Non Profit Organizations (2 CFR part 230) (Gov. Doc. No. 7). OMB Circular A 21, Cost Principles for Educational Institutions (2 CFR part 220) (Gov. Doc. No. 3).Although the circulars have been reissued in Title 2 of the CFR for ease of use, the Compliance Supplementcontinues to refer to them by circular name and number.The cost principles articulated in the three OMB cost principles circulars are in most cases substantially identical,but a few differences do exist. These differences are necessary because of the nature of the federal/state/local/non profit organizational structures, programs administered, and breadth of services offered by some grantees and notothers. Exhibit 1 of Part 3 of the Compliance Supplement, Selected Items of Cost," lists the treatment of theselected cost items in the different circulars. (Gov. Doc. No. 9 contains a link to the Compliance Supplement.)In order to recover indirect costs, organizations must prepare cost allocation plans (CAPs) or indirect cost rateproposals (ICRPs) in accordance with the guidelines provided in OMB Circular A 21, A 87, or A 122. (Only states,local, and Indian tribal governments prepare CAPs.) States, major local governments, Indian tribal governments,institutions of higher education, and nonprofit organizations must submit CAPs or ICRPs to the federal cognizantcost negotiation agency for approval. (A listing of local governments that have been designated as major localgovernments" by OMB is posted on the OMB website at www.whitehouse.gov/omb/management.) Otherorganizations, such as smaller local governments, must prepare the appropriate CAPs or ICRPs and maintain themon file for review. Those other organizations may use the allocation methods and indirect costs rate maintained onfile for cost recovery.Organization by OMB Cost Principle CircularThe following audit objectives and suggested audit procedures are organized by applicable OMB Cost Circular(i.e., A 87, A 122, and A 21).OMB CIRCULAR A 87 This Section (on Circular A 87) is N/A
Audit Objectives State/Local wide Central Service Costs1. Obtain an understanding of internal control over the compliance requirements for central service costs, assessrisk, and test internal control as required by OMB Circular A 133 § .500(c) (Gov. Doc. No. 8).2. Determine whether the governmental unit complied with the provisions of OMB Circular A 87 (Gov. Doc. No. 4)as follows:a. Direct charges to Federal awards were for allowable costs.b. Charges to cost pools allocated to Federal awards through the central service CAPs were for allowablecosts.c. The methods of allocating the costs are in accordance with the applicable cost principles, and producean equitable and consistent distribution of costs, which benefit from the central service costs beingallocated (e.g., cost allocation bases include all activities, inclu
determining major programs; lowrisk auditee status and appropriate compliance requirements, objectives, and audit procedures; and preparing the compliance audit program and schedule of expenditures of federal awards. PPC’s SMART Single Audit can be obtained by calling PPC at (800) 4319025.
