PART 7 - GUIDANCE
FOR AUDITING PROGRAMS
NOT INCLUDED
IN THIS COMPLIANCE SUPPLEMENT
Purpose
- OMB Circular A-133 ('__.500(d)(3)) states that for those Federal programs
not covered in the compliance supplement, the auditor should use the types
of compliance requirements (see 14 types of compliance requirements described
in Part 3) contained in the compliance supplement (this Supplement) as
guidance for identifying the types of compliance requirements to test,
and determine the requirements governing the Federal program by reviewing
the provisions of contract and grant agreements and the laws and regulations
referred in such contract and grant agreements.
The purpose of this
Part is to provide the auditor with guidance on how to identify the applicable
compliance requirements for programs not included in this Supplement for
single audits and for program-specific audits when a program-specific
audit guide is not available. This Supplement only includes the largest
and/or riskiest Federal programs. However, there are more than 600 assistance
programs currently funded by the Federal Government. Therefore, it is
likely that the auditor will encounter programs that the auditor is required
to test as major programs which are not included in this Supplement. For
this reason, the following guidance is provided for the auditor to identify
those compliance requirements that should be tested.
Organization of
this Supplement - First, a review of how this Supplement is organized
will be helpful, since the auditor must consider several parts of the
Supplement in identifying compliance requirements to be tested. This Supplement
is comprised of the following parts:
Part 1 - Background,
Purpose, and Applicability
Part 2 - Matrix of
Compliance Requirements
Part 3 - Compliance
Requirements
Part 4 - Agency Program
Requirements
Part 5 - Clusters
of Programs
Part 6 - Internal
Control
Part 7 - Guidance
for Auditing Programs Not Included in This Compliance Supplement
In determining the
compliance requirements to test for programs not included in this Supplement,
the auditor shall to refer to Parts 3 and 5. Part 3 identifies and describes
the 14 types of compliance requirements where noncompliance may have a
direct and material effect on a Federal program and provides audit objectives
and suggested audit procedures. The 14 types of compliance requirements
are:
A. Activities
Allowed or Unallowed
B. Allowable
Costs/Cost Principles
C. Cash Management
D. Davis-Bacon
Act
E. Eligibility
F. Equipment
and Real Property Management
G. Matching,
Level of Effort, Earmarking
H. Period of
Availability of Federal Funds
I. Procurement
and Suspension and Debarment
J. Program Income
K. Real Property
Acquisition and Relocation Assistance
L. Reporting
M. Subrecipient
Monitoring
N. Special Tests
and Provisions
Part 5 enumerates
those programs that are considered to be clusters of programs as defined
by OMB Circular A-133 ('__.105). A cluster of programs means Federal programs
with different Catalog of Federal Domestic Assistance (CFDA) numbers that
are defined as a cluster of programs because they are closely related
programs and share compliance requirements. Part 5 identifies research
and development (R&D) and Student Financial Aid (SFA) as clusters,
as well as certain other clusters. Also, Part 5 identifies other clusters
of programs that are not yet included in this Supplement.
For programs not
included in this Supplement, the auditor must determine the applicable
compliance requirements. While a Federal program may have many compliance
requirements, normally there are only a few key compliance requirements
that could have a direct and material effect on the program. Since the
single audit process is not intended to cover every compliance requirement,
this Supplement and the auditor's focus should be on the 14 types of compliance
requirements enumerated in Part 3. The following are suggested procedures
to assist the auditor in making this determination.
Although the focus
of this Supplement is on compliance requirements that could have a direct
and material effect on a major program, auditors also have responsibility
under Generally Accepted Government Auditing Standards (GAGAS)
for other requirements when specific information comes to the auditors'
attention that provides evidence concerning the existence of possible
noncompliance that could have a material indirect effect on a major program.
Steps for Identifying
Compliance Requirements
Determining what
compliance requirements to test involves several steps. The auditor should
address the following questions:
1. What are
the program objectives, program procedures, and compliance requirements
for a specific program?
2. Which of
the compliance requirements could have a direct and material effect
on the program?
3. Which of
the compliance requirements are susceptible to testing by the auditor?
4. Into which
of the 14 types of compliance requirements does each compliance requirement
fall?
5. For Special
Tests and Provisions, what are the applicable audit objectives and audit
procedures?
1. What are the
program objectives, program procedures, and compliance requirements for
a specific program?
The first step is
to gain an understanding of how the program works (e.g., the program objectives
and procedures) and determine what laws, regulations, and provisions of
contract or grant agreements (compliance requirements) apply to the program.
The auditor should consider the following steps:
a. Discuss the
program with the non-Federal entity and, if necessary, the Federal agency
or, in the case of a subrecipient, the pass-through entity.
b. Review the
contract and grant agreements and referenced laws and regulations applicable
to the program, including any amendments or closeout agreements. The
documents or agreements may identify the name and telephone number of
a Federal contact person or, if a subaward, the contact person for the
pass-through entity whom the auditor may wish to contact for additional
information.
Note: The
auditor should be aware that a particular non-Federal entity or Federal
award may be subject to provisions that are unique to that entity or
award. For example, previous noncompliance by a non-Federal entity may
result in additional requirements to which the non-Federal entity must
adhere, in order to continue its participation in the Federal program.
Such provisions would generally not be based on laws and regulations
applicable to all awards under the Federal program. Reasonable procedures
to identify such compliance requirements would be inquiry of non-Federal
entity management and review of the contract and grant agreements pertaining
to the program. Any such requirements identified which could have a
direct and material effect on a major program should be included in
the audit.
c. Review the
Catalog of Federal Domestic Assistance (CFDA). The CFDA provides
summary information about each program and includes the name and telephone
number of a Federal contact person. A searchable copy of the CFDA is
available through the Internet on the GSA Home Page (http://www.gsa.gov/fdac).
d. If there
is a program-specific audit guide or other audit guidance issued by
the Federal agency's Office of Inspector General (OIG), the auditor
may wish to consider this guidance in identifying the program objectives,
program procedures, and compliance requirements. The availability of
program audit guides can be determined by consulting the President's
Council on Integrity & Efficiency (PCIE) publication, Revised
Program Audit Guide Listing (available from the Government Printing
Office) or by contacting the appropriate Regional OIG.
e. Consider
other audit guidance, including previously issued guidance, pertaining
to the program that has continuing relevance.
2. Which of the
compliance requirements could have a direct and material effect on the
program?
Generally Accepted
Government Auditing Standards require that the auditor plan the audit
to provide reasonable assurance that the financial statements are free
of material misstatement resulting from violations of laws and regulations
that have a direct and material effect on the determination of financial
statement amounts. OMB Circular A-133 requires the auditor to perform
procedures to determine whether the non-Federal entity has complied with
laws, regulations, and the provisions of contract or grant agreements
that could have a direct and material effect on each major program. Therefore,
the auditor must determine which compliance requirements could have a
direct and material effect on each major program.
In assessing materiality,
the auditor should consider that materiality is based on qualitative as
well as quantitative aspects. Also, the auditor should consider whether
to set materiality at lower levels in audits of Federal programs than
private sector audits of financial statements due to the visibility and
sensitivity of such programs. Examples of characteristics indicative of
compliance requirements that could have a direct and material effect on
a major program include:
- Noncompliance
could likely result in questioned costs.
- The requirement
affects a large part of the Federal program (e.g., a material amount
of program dollars).
- Noncompliance
could cause the Federal agency, or pass-through entity in the case of
a subrecipient, to take action, such as seeking reimbursement of all
or a part of the award and suspending the recipient's or subrecipient's
participation in the program.
3. Which of the
compliance requirements are susceptible to testing by the auditor?
The auditor is only
expected to test compliance for those requirements which are susceptible
to testing by the auditor (i.e., the requirements can be evaluated against
objective criteria, and the auditor can reasonably be expected to have
sufficient basis for recognizing noncompliance). Further, the auditor
would not be expected to test for compliance with requirements that the
Federal agency should have the ability to verify in the normal course
of administering the program (e.g., if the requirement is that the non-Federal
entity must file a report by a certain date, the Federal agency should
know whether it received the report on time). Characteristics of compliance
requirements that auditors are typically expected to test include those:
- Which are practical
to test.
- With objective
criteria available for the auditor to assess compliance.
- Where an audit
objective can be written that supports an opinion on compliance.
- When testing adds
value, for example:
- It is likely
that the auditor could document the noncompliance in a manner that:
(1) permits the Federal or pass-through entity to take action, or
(2) gives the Federal or pass-through entity an early warning to initiate
a monitoring visit or other contact with the non-Federal entity.
- The Federal
or pass-through entity does not otherwise have information that verifies
compliance.
4. Into which
of the 14 types of compliance requirements does each compliance requirement
fall?
Note: In performing
this step, the auditor may find it helpful to prepare a matrix similar
to the matrix included in Part 2 for programs included in this Supplement.
The auditor shall
use the 14 types of compliance requirements listed for identifying which
requirements applicable to the program are subject to testing. Not all
compliance requirements apply to all programs. Conversely, certain types
almost always apply.
A. Activities
Allowed or Unallowed almost always applies to Federal programs.
The auditor should look at the program requirements and Federal award
documents for what constitutes allowable or unallowable activities.
B. Allowable
Costs/Cost Principles almost always applies since most Federal programs
have charges for goods or services. However, if a program only involves
benefits to eligible recipients, with no administrative costs, purchases
of goods or services (including salaries and overhead), or allocated
costs, then allowable costs may not apply.
C. Cash Management
almost always applies to Federal programs. An exception would be a Federal
award that operates on a cost reimbursement basis only with no cash
being advanced.
D. Davis-Bacon
Act only applies as required by the Act itself, the Department of
Labor's (DOL) governmentwide implementation of the Davis-Bacon Act,
or by Federal program legislation, for construction contracts in excess
of $2000 financed by Federal funds. The auditor should review award
documents to determine whether the Davis-Bacon Act applies.
E. Eligibility
applies to most Federal programs which provide benefits to individuals,
groups of individuals, or make subawards. For programs with eligibility
requirements, the auditor should review the program laws, regulations,
and provisions of contract or grant agreements to determine the specific
eligibility requirements. Eligibility involves not only individuals
but also possibly groups of individuals, geographical areas, or subrecipients.
Additionally, the auditor should consider whether continuing, as well
as initial, eligibility requirements apply. Furthermore, eligibility
involves both who is eligible and the amount of benefits provided to
the eligible.
F. Equipment
and Real Property Management requirements applies to Federal programs
which purchase equipment or real property.
G. Matching,
Level of Effort, Earmarking is not universal, and, if applicable,
would be specific to the Federal program and often the non-Federal entity.
Therefore, the auditor will have to review the laws, regulations, contract
or grant agreements applicable to the program to determine specific
requirements for matching, level of effort, and/or earmarking.
H. Period
of Availability of Federal Funds almost always applies to Federal
programs. The contract or grant agreement applicable to the program
often indicates the period during which the funds are available for
obligation under the program. The auditor should also look for program
requirements regarding carry-over of unused funds to future funding
periods, and whether pre-award costs are allowable, to what extent,
and under what circumstances.
I. Procurement
and Suspension and Debarment applies any time the entity procures
goods or services. Suspension and debarment applies to both procurements
and subawards.
J. Program
Income applies to any program that generates program income (primarily
related to the disposition of the income). Program regulations or the
contract or grant agreements applicable to the program may specify additional
criteria.
K. Real Property
Acquisition and Relocation Assistance only applies as required by
the Uniform Relocation Assistance and Real Property Acquisition Policies
Act of 1970 (URA) for payments to persons displaced from their homes,
businesses, or farms by federally-assisted programs. While this requirement
only applies to a few programs, when it does apply, it is generally
a significant aspect of the program. For example, the U.S. Department
of Transportation (DOT) funds many programs to construct highways in
which real property acquisition and relocation assistance is a significant
part of the program activities. The U.S. Department of Housing and Urban
Development has the most transactions subject to the URA and the DOT
has the most Federal dollars affected.
L. Reporting
almost always applies to Federal programs. The standard financial reports
are described in Part 3; however, the Federal agency or the pass-through
entity may have developed its own forms for financial reporting. These
forms may be in addition to or in lieu of the standard Federal financial
reports and may include electronic submissions. The auditor should determine
whether the standard reports are used, and if not, whether other forms
are used to report the same or similar information. Information collections
by Federal agencies must be approved by OMB in accordance with the Paperwork
Reduction Act of 1995 (44 USC 3501-3520) and assigned an OMB control
number. A Federal agency may not conduct or sponsor, and a person is
not required to respond to, a collection of information unless the collection
displays a valid control number
For performance
reporting and special reporting, if there is a program in this Supplement
funded by the same Federal agency that requires the same performance
or special reporting required by the program for which the auditor is
seeking to identify compliance requirements, and this Supplement requires
testing of those data, then the auditor should use such guidance in
identifying compliance requirements to test. Otherwise, the auditor
is only required to test financial reporting.
M. Subrecipient
Monitoring applies when Federal awards are passed through to a subrecipient.
If the entity is not a pass-through entity, this requirement does not
apply.
N. Special
Tests and Provisions includes those compliance requirements that
do not fit the description of the types of compliance requirements discussed
above. These will generally be the most difficult type of compliance
requirement to identify because, by definition, they are unique to each
program. In addition to reviewing the program's contract and grant agreements
and referenced laws and regulations, the auditor should also make inquires
of the non-Federal entity to help identify and understand Special Tests
and Provisions.
For each of the types
of compliance requirements listed above, except for Special Tests and
Provisions, the auditor shall consider the compliance requirements and
related audit objectives in Part 3. In making a determination not to test
a compliance requirement, the auditor must conclude that the requirement
either does not apply to the particular non-Federal entity or that noncompliance
with the requirement could not have a material effect on a major program
(e.g., the auditor would not be expected to test Procurement if the non-Federal
entity charges only small amounts of purchases to a major program). The
suggested audit procedures in Part 3 are provided to assist auditors in
planning and performing tests of non-Federal entity compliance with the
requirements of Federal programs. Auditor judgment will be necessary to
determine whether the suggested audit procedures are sufficient to achieve
the stated audit objective and whether additional or alternative audit
procedures are needed.
Also, because of
the diversity of systems in place among non-Federal entities, Part 3 does
not include suggested audit procedures to test internal control. The auditor
must determine appropriate procedures to test internal control on a case
by case basis considering factors such as the non-Federal entity's internal
control, the compliance requirements, the audit objectives for compliance,
the auditor's assessment of control risk, and the audit requirement to
test internal control as prescribed in OMB Circular A-133.
5. For Special
Tests and Provisions, what are the applicable audit objectives and audit
procedures?
For each of the types
of compliance requirements discussed above, Part 3 includes generic audit
objectives and suggested audit procedures, except for Special Tests and
Provisions. As noted above, Special Tests and Provisions are sufficiently
unique to every program that generic audit objectives and suggested audit
procedures are not practicable. Therefore, the auditor will have to develop
audit objectives and audit procedures for each identified Special Test
and Provision using the guidance described in Part 3 under Special Tests
and Provisions.