Office of Management and Budget Click to print this document

PART 6 - INTERNAL CONTROL

 

INTRODUCTION

The A-102 Common Rule and OMB Circular A-110 require that non-Federal entities receiving Federal awards (e.g., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. OMB Circular A-133 requires auditors to obtain an understanding of the non-Federal entity's internal control over Federal programs sufficient to plan the audit to support a low assessed level of control risk for major programs, plan the testing of internal control over major programs to support a low assessed level of control risk for the assertions relevant to the compliance requirements for each major program, and, unless internal control is likely to be ineffective, perform testing of internal control as planned.

This Part 6 is intended to assist non-Federal entities and their auditors in complying with these requirements by describing for each type of compliance requirement, the objectives of internal control, and certain characteristics of internal control that when present and operating effectively may ensure compliance with program requirements. However, the categorizations reflected in this Part 6 may not necessarily reflect how an entity considers and implements internal control. Also, this part is not a checklist of required internal control characteristics. Non-Federal entities could have adequate internal control even though some or all of the characteristics included in Part 6 are not present. Further, non-Federal entities could have other appropriate internal controls operating effectively that have not been included in this Part 6. Non-Federal entities and their auditors will need to exercise judgment in determining the most appropriate and cost effective internal control in a given environment or circumstance to provide reasonable assurance for compliance with Federal program requirements.

The objectives of internal control pertaining to the compliance requirements for Federal programs (Internal control over Federal Programs), as found in '____.105 of OMB Circular A-133, are as follows:

(1) Transactions are properly recorded and accounted for to:

(i) Permit the preparation of reliable financial statements and Federal reports;

(ii) Maintain accountability over assets; and

(iii) Demonstrate compliance with laws, regulations, and other compliance requirements;

(2) Transactions are executed in compliance with:

(i) Laws, regulations, and the provisions of contracts or grant agreements that could have a direct and material effect on a Federal program; and

(ii) Any other laws and regulations that are identified in the compliance supplements; and

(3) Funds, property, and other assets are safeguarded against loss from unauthorized use or disposition.

The characteristics of internal control are presented in the context of the components of internal control discussed in Internal Control-Integrated Framework (COSO Report), published by the Committee of Sponsoring Organizations of the Treadway Commission. The COSO Report provides a framework for organizations to design, implement, and evaluate control that will facilitate compliance with the requirements of Federal laws, regulations, and program compliance requirements. Statement on Auditing Standards No. 78 (SAS 78), Consideration of Internal Control in a Financial Statement Audit, issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) and a related AICPA audit guide, Consideration of Internal Control in a Financial Statement Audit, incorporate the components of internal control presented in the COSO Report.

This Part 6 describes characteristics of internal control relating to each of the five components of internal control that should reasonably assure compliance with the requirements of Federal laws, regulations, and program compliance requirements. A description of the components of internal control and examples of characteristics common to the 14 types of compliance requirements are listed below. Objectives of internal control and examples of characteristics specific to each of 13 of the 14 types of compliance requirements follow this introduction. (Because Special Tests and Provisions are unique for each program, we could not provide specific control objectives and characteristics for this type of compliance requirement.)

Control Environment sets the tone of an organization influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure.

Risk Assessment is the entity's identification and analysis of relevant risks to achievement of its objectives, forming a basis for determining how the risks should be managed.

- Key managers have been given responsibility to identify and communicate changes.

- Employees who require close supervision (e.g. inexperienced) are identified.

- Management has identified and assessed complex operations, programs, or projects.

- Management is aware of results of monitoring, audits, and reviews and considers related risk of noncompliance.

Control Activities are the policies and procedures that help ensure that management's directives are carried out.

- Data entry controls, e.g., edit checks.

- Exception reporting.

- Access controls.

- Reviews of input and output data.

- Computer general controls and security controls.

Information and Communication are the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities.

- Staff meetings.

- Bulletin boards.

- Memos, circulation files, e-mail.

- Surveys, suggestion box.

Monitoring is a process that assesses the quality of internal control performance over time.

A. ACTIVITIES ALLOWED OR UNALLOWED
and
B. ALLOWABLE COSTS/COST PRINCIPLES

Control Objectives

To provide reasonable assurance that Federal awards are expended only for allowable activities and that the costs of goods and services charged to Federal awards are allowable and in accordance with the applicable cost principles.

Control Environment

Risk Assessment

Control Activities

Information and Communication

Monitoring

C. CASH MANAGEMENT

Control Objectives

To provide reasonable assurance that the draw down of Federal cash is only for immediate needs, States comply with applicable Treasury agreements, and recipients limit payments to subrecipients to immediate cash needs.

Control Environment

Risk Assessment

Control Activities

- Procedures for requesting cash advances as close as is administratively possible to actual cash outlays;

- Monitoring of cash management activities;

- Repayment of excess interest earnings where required.

- Programs covered by the agreement;

- Methods of funding to be used;

- Method used to calculate interest; and,

- Procedures for determining check clearing patterns (if applicable for the funding method).

Information and Communication

Monitoring

D. DAVIS-BACON ACT

Control Objectives

To provide reasonable assurance that contractors and subcontractors paid prevailing wage rates for projects covered by the Davis-Bacon Act.

Control Environment

Risk Assessment

Control Activities

Information and Communication

Monitoring

E. ELIGIBILITY

Control Objectives

To provide reasonable assurance that only eligible individuals and organizations receive assistance under Federal award programs, that subawards are made only to eligible subrecipients, and that amounts provided to or on behalf of eligibles were calculated in accordance with program requirements.

Control Environment

Risk Assessment

Control Activities

Information and Communication

Monitoring

F. EQUIPMENT AND REAL PROPERTY MANAGEMENT

Control Objectives

To provide reasonable assurance that proper records are maintained for equipment acquired with Federal awards, equipment is adequately safeguarded and maintained, disposition or encumbrance of any equipment or real property is in accordance with Federal requirements, and the Federal awarding agency is appropriately compensated for its share of any property sold or converted to non-Federal use.

Control Environment

Risk Assessment

Control Activities

Information and Communication

Monitoring

G. MATCHING, LEVEL OF EFFORT, EARMARKING

Control Objectives

To provide reasonable assurance that matching, level of effort, or earmarking requirements are met using only allowable funds or costs which are properly calculated and valued.

Control Environment

- Responsibilities for determining required amounts or limits for matching, level of effort, or earmarking.

- Methods of valuing matching requirements, e.g., "in-kind" contributions of property and services, calculations of levels of effort.

-  Allowable costs that may be claimed for matching, level of effort, or earmarking.

- Methods of accounting for and documenting amounts used to calculate amounts claimed for matching, level of effort, or earmarking.

Risk Assessment

Control Activities

- Are from non-Federal sources.

- Involve Federal funding, directly or indirectly.

- Were used for another federally-assisted program.

Note: Generally, matching contributions must be from a non-Federal source and may not involve Federal funding or be used for another federally-assisted program.

Information and Communication

- Separately accounting for data used to support matching, level of effort, or earmarking amounts or limits or calculations.

- Ensuring that expenditures or expenses, refunds, and cash receipts or revenues are properly classified and recorded only once as to their effect on matching, level of effort, or earmarking.

- Documenting the value of "in-kind" contributions of property or services, including:

-- Basis for local labor market rates for valuing volunteer services.

-- Payroll records or confirmation from other organizations for services provided by their employees.

-- Quotes, published prices, or independent appraisals used as the basis for donated equipment, supplies, land, buildings, or use of space.

Monitoring

H. PERIOD OF AVAILABILITY OF FEDERAL FUNDS

Control Objectives

To provide reasonable assurance that Federal funds are used only during the authorized period of availability.

Control Environment

Risk Assessment

Control Activities

Information and Communication

Monitoring

I. PROCUREMENT AND SUSPENSION DEBARMENT

Control Objectives

To provide reasonable assurance that procurement of goods and services are made in compliance with the provisions of the A-102 Common Rule or OMB Circular A-110, as applicable, and that no subaward, contract, or agreement for purchases of goods or services is made with any debarred or suspended party.

Control Environment

Risk Assessment

Control Activities

- Contract files that document significant procurement history.

- Methods of procurement, authorized including selection of contract type, contractor selection or rejection, and the basis of contract price.

- Verification that procurements provide full and open competition.

- Requirements for cost or price analysis, including for contract modifications.

- Obtaining and reacting to suspension and debarment certifications.

- Other applicable requirements for procurements under Federal awards are followed.

- Contains or references the Federal requirements;

- Prohibits the award of a subaward, covered contract, or any other covered agreement for program administration, goods, services, or any other program purpose with any suspended or debarred party; and

- Requires staff to obtain certifications from entities receiving subawards (contract and subcontract) over $100,000, certifying that the organization and its principals are not suspended or debarred.

Information and Communication

- The basis for contractor selection;

- Justification for lack of competition when competitive bids or offers are not obtained; and

- The basis for award cost or price.

Monitoring

J. PROGRAM INCOME

Control Objectives

To provide reasonable assurance that program income is correctly earned, recorded, and used in accordance with the program requirements.

Control Environment

Risk Assessment

Control Activities

Information and Communication

Monitoring

K. REAL PROPERTY ACQUISITION AND
RELOCATION ASSISTANCE

Control Objectives

To provide reasonable assurance of compliance with the real property acquisition, appraisal, negotiation, and relocation requirements.

Control Environment

Risk Assessment

Control Activities

Information and Communication

Monitoring

L. REPORTING

Control Objectives

To provide reasonable assurance that reports of Federal awards submitted to the Federal awarding agency or pass-through entity include all activity of the reporting period, are supported by underlying accounting or performance records, and are fairly presented in accordance with program requirements.

Control Environment

Risk Management

Control Activities

Information and Communication

Monitoring

M. SUBRECIPIENT MONITORING

Control Objectives

To provide reasonable assurance that Federal award information and compliance requirements are identified to subrecipients, subrecipient activities are monitored, subrecipient audit findings are resolved, and the impact of any subrecipient noncompliance on the pass-through entity is evaluated. Also, the pass-through entity should perform procedures to provide reasonable assurance that the subrecipient obtained required audits and takes appropriate corrective action on audit findings.

Control Environment

- They are willing and able to comply with the requirements of the award and

- They have accounting systems, including the use of applicable cost principles, and internal control systems adequate to administer the award.

Risk Assessment

- Economic conditions.

- Political conditions.

- Regulatory changes.

- Unreliable information.

- Financial problems that could lead to diversion of grant funds.

- Loss of essential personnel.

- Loss of license or accreditation to operate program.

- Rapid growth.

- New activities, products, or services.

- Organizational restructuring.

Control Activities

- Determining by inquiry and discussions whether subrecipient met thresholds requiring an audit under OMB Circular A-133.

- If an audit is required, assuring that the subrecipient submits the report, report package or the documents required by OMB circulars and/or recipient's requirements.

- If a subrecipient was required to obtain an audit in accordance with OMB Circular A-133 but did not do so, following up with the subrecipient until the audit is completed. Taking appropriate actions such as withholding further funding until the subrecipient meets the audit requirements.

- Issuing timely management decisions for audit and monitoring findings to inform the subrecipient whether the corrective action planned is acceptable.

- Maintain a system to track and following-up on reported deficiencies related to programs funded by the recipient and ensure that timely corrective action is taken.

- Regular contacts with subecipients and appropriate inquiries concerning the Federal program

- Reviewing subrecipient reports and following-up on areas of concern.

- Monitoring subrecipient budgets.

- Performing site visits to subrecipient to review financial and programmatic records and observe operations.

- Offering subrecipients technical assistance where needed.

- Communication of Federal award requirements to subrecipients.

- Responsibilities for monitoring subrecipients.

- Process and procedures for monitoring.

- Methodology for resolving findings of subrecipient noncompliance or weaknesses in internal control.

- Requirements for and processing of subrecipient audits, including appropriate adjustment of pass-through entity's accounts.

Information and Communication

- A listing of Federal requirements that the subrecipient must follow. Items can be specifically listed in the award document, attached as an exhibit to the document, or incorporated by reference to specific criteria.

- The description and program number for each program as stated in the Catalog of Federal Domestic Assistance (CFDA). If the program funds include pass-through funds from another recipient, the pass-through program information should also be identified.

- A statement signed by an official of the subrecipient, stating that the subrecipient was informed of, understands, and agrees to comply with the applicable compliance requirements.

Monitoring


Return to this article at:
/omb/circulars/a133_compliance/pt6.html

Click to print this document