Wisconsin Department of Health and Family Services Single Audits

1
Wisconsin Department of Health and Family
ServicesSingle Audits

• Ann Marie Anderson, CPA
• September 20, 2007

2
Introduction

• Wisconsin Department of Health and Family
  Services
• Programs include child welfare, long term care,
  physical and developmental disability programs,
  sensory disability programs, substance abuse,
  mental health and public health programs
• Overall budget about 6.5 billion
• Subgrant about 1 billion

3
Introduction

• DHFSs Audit Section
• Establish grant administration and audit policy,
  including FMM, ACPM, SSAG, and PAAG
• Collect and review audit reports of agencies that
  receive DHFS funds
• Provide training and technical assistance

4
Topics for today

• Why are audits needed?
• Audit standards
• The audit report
• Our review of audit reports
• SOX creep
• Waiving audits of providers
• Common problems three views
• Recommendations

5
Why are audits needed?

• Its the law
• Federal Single Audit Act Amendments of 1996
  require an audit if agency is nonprofit or state
  or local govt and agency expended 500K or more
  in federal awards (i.e. grants)
• Wis Stat 46.036 requires an audit for agencies
  that receive 25,000 or more in funding from DHFS
  or counties

6
Why are audits needed?

• Its a condition of license
• Audit is a condition of license for group homes
  and residential care centers that provide
  residential care for kids
• Its a condition of contract
• Contract might require audit even if federal or
  state law and regulations do not
• Its good business practice

7
Audit standards

• Generally accepted auditing standards - all
• Government Auditing Standards (aka yellow book)
  - all
• DHFS audit standards, either State Single Audit
  Guidelines or Provider Agency Audit Guide - all
• Single Audit Act implemented through OMB Circular
  A-133, if agency is nonprofit or local govt and
  if it expended 500K or more in federal
  awards/grants

8
Audit standards State Single Audit Guidelines

• Started with original federal Single Audit Act of
  1984 and OMB Circular A-128
• SSAG extends federal single audit concept to
  state funded programs and some federal pass
  through programs
• SSAG consists of main document plus department
  appendices (DHFS, DWD, DOA, DOT, etc.)
• Documents on web at www.ssag.state.wi.us

9
Audit standards SSAG - Main document

• Auditor uses risk based approach for identifying
  federal and state major programs
• Auditor assess overall agency risk
• Auditor assess risk for individual programs to
  decide what to test
• Granting agency can designate specific programs
  to be tested

10
Audit standards SSAG - DHFS appendix

• General requirements
• Applicable if the agency received more than
  25,000 from department
• Auditor uses results of testing for general
  requirements to feed into risk assessment for
  determining which specific programs need to be
  tested

11
Audit standards SSAG - DHFS appendix

• General Requirements
• 2.1 Reporting
• 2.3 Information technology
• 2.4 Purchase of service
• 2.5 Segregation of duties
• 2.7 Allowable costs, cost allocation and
  indirect cost plans
• 2.8 Client rights and client funds

12
Audit standards SSAG - DHFS appendix

• Three declared major programs that always need to
  be tested
• 3.1 Community Options program
• 3.2 Community Integration Program I/Brain Injury
  Waiver/Childrens Long Term Support, a program
  cluster
• 3.3 Family Care

13
Audit standards SSAG - DHFS appendix

• Six Type A programs always need risk assessment,
  major program if risk is not low
• 3.4 Case Management
• 3.5 Community Integration Program II/Community
  Options Program Waiver
• 3.6 Wisconsin Medicaid Cost Reporting
• 3.7 Personal Care
• 3.11 Income Maintenance Administrative
  Requirements
• 3.16 Comprehensive Community Services

14
Audit standards SSAG - DHFS appendix

• And, guidance for testing other significant DHFS
  programs
• 3.8 Basic County Allocation
• 3.9 County General Relief
• 3.10 Tribal Relief
• 3.12 Guidance for auditing a program which does
  not have a compliance supplement
• 3.13 Consolidated Public Health Programs
• 3.14 Aging Programs

15
The audit report

• Generally Accepted Auditing Standards elements -
  financial statements and opinion
• Government Auditing Standards (yellow book)
  elements - Report on internal controls and
  compliance based on financial statement audit
• A-133 report elements, which SSAG extends to
  include state programs
• Report on compliance and internal controls for
  major programs

16
The audit report

• A-133 report elements, contd
• Schedule of expenditures of federal awards and
  opinion on the schedule
• Schedule of findings and questioned costs
• Schedule of prior year findings
• Corrective action plan
• Management Letter or written assurance one was
  not issued

17
Our review of audit reports

• At intake, screen for issues in schedule of
  findings and questioned costs
• If significant issues in initial screening or
  history of problems, assign for review
  immediately, otherwise review is on first in
  first out basis
• Desk review to answer three essential questions
• Does report reference applicable standards?
• Does the report show issues affecting government
  programs?
• If yes, does agency have adequate corrective
  action plan?

18
Our review of audit reports

• For county audits
• Notify other departments of findings related to
  their programs
• Send findings related to specific programs from
  our department to respective program staff
• Send findings related to Purchase of Services,
  segregation of duties, and certain other
  cross-cutting affecting the State/County Contract
  to Area Administrator
• Resolve findings related to general agency
  operations

19
Our review of audit reports

• Options for addressing findings
• Do nothing, i.e. issue is inconsequential
• Require agency to repay funds
• Accept agencys corrective action plan
• Require a more detailed corrective action plan
• Withhold money to encourage corrective action
• Increase monitoring, including going onsite
• Require additional reporting
• Provide technical assistance
• Look at our own business functions, contract
  language, program instructions, etc.

20
SOX creep (Just one of the factors driving up
audit costs)

• Enron, WorldCom, and other high profile corporate
  failures in 2001 led to
• Sarbanes-Oxley Act of 2002 (SOX), which created
  
• Public Company Accounting Oversight Board
  (PCAOB), which developed new definitions for
  internal control issues
• Significant deficiency - more than a remote
  likelihood that a misstatement of the entitys
  financial statements that is more than
  inconsequential will not be prevented or
  detected. Broader than previous reportable
  condition.
• Material weakness - more than a remote likelihood
  that a material misstatement of the financial
  statements will not be prevented or detected.
  Broader than previous material weakness.

21
SOX creep

• American Institute of Certified Public
  Accountants (AICPA) issued Statement on Auditing
  Standards (SAS) 112
• Effective for periods ending on or after
  12/15/06.
• SASs convey the auditing standards generally
  accepted in the United States that apply to all
  audits, including those of governments and
  nonprofits.
• New SAS adopts PCAOBs definitions for internal
  control deficiencies, so that what was applicable
  just to publicly traded companies is now
  applicable to all agencies that have audits.
• Requires auditors to communicate significant
  internal control issues in writing (this is not
  new for govts)

22
SOX creep

• SAS 112 identifies the following conditions as at
  least a significant deficiency
• Deficiencies in controls over selection/applicatio
  n of accounting principles
• Deficiencies in antifraud policies and controls
• Deficiencies in controls over nonroutine and
  nonsystematic transactions
• Deficiencies in controls over year-end financial
  reporting process

23
SOX creep

• SAS 112 identifies the following conditions as at
  least a significant deficiency and a strong
  indicator of a material weakness
• Ineffective oversight of the financial reporting
  and internal control by those charged with
  governance
• Restatement of previously issued financial
  statements to reflect correction of a material
  misstatement

24
SOX creep

• SAS 112, contd
• Identification of misstatements that were not
  initially detected by the agencys internal
  control system
• Ineffective internal audit or risk assessment
  function in large or highly complex agencies
• Identification of fraud of any magnitude on the
  part of senior management
• Failure to correct a previous significant
  deficiency
• Ineffective internal control environment

25
SOX creep

• Revisions to Government Auditing Standards
• Incorporate SAS 112 terminology
• Expand audit procedures beyond whats needed for
  SAS 112
• Revisions to A-133
• Incorporate SAS 112 terminology
• Still to come
• incorporate changes to audit procedures coming
  from SAS 112 and Government Auditing Standards
• Incorporate recommendations of PCIE single audit
  study (slide 40)

26
SOX creep

• What to expect for 2006 audits and beyond
• Audit reports will have more significant
  deficiencies and material weaknesses
• More significant internal control findings (and
  other changes to audit standards) will result in
  auditors needing to do more audit testing in
  other areas
• More audit testing leads to more audit cost
• More audit cost leads to more agencies requesting
  waivers of audits

27
Waiving audits required by Wis Stat 46.036

• Applicable to audits that are required only under
  state law in Wis Stat 46.036, i.e. not required
  under federal single audit law/A-133 or needed
  for other purposes
• 46.036 Unless waived by the department,
  biennially, or annually if required under federal
  law, provide the purchaser with a certified
  financial and compliance audit report if the care
  and services purchased exceed 25,000.

28
Waiving audits required by Wis Stat 46.036

• Guidance in Provider Agency Audit Guide, chapters
  2 3, (www.dhfs.state.wi.us/grants)
• Perform risk analysis
• Risks associated with program
• Risks associated with provider
• Risks associated with the granting agency
• Consider other factors
• Whether feds require audit
• Prohibition on charging some audit costs to
  federal grants
• Cost of audit in relation to benefit from audit
• Need for audited information
  contd

29
Waiving audits required by Wis Stat 46.036

• Use risk and other factors to decide what to
  require for audit
• Waive audit - If you decide a waiver is
  appropriate, send your risk analysis to the Area
  Administrator for department approval
• Hire an auditor to do agreed-upon procedures,
  perhaps for a group of providers
• Require program audit auditor looks just at
  your program
• Require full audit of agencys financial
  statements and programs

30
Waiving audits required by Wis Stat 46.036

• Mandate Relief Waivers
• Authorized under Wis. Stat. 66.0143
• A political subdivision may file a request with
  the Department of Revenue for a waiver from a
  state mandate that is not related to health or
  safety.
• About 1/3 of counties have mandate relief waivers
  raising threshold to 75,000 (in a couple cases
  100K).

31
Waiving audits required by Wis Stat 46.036

• Mandate Relief Waivers, contd
• Waivers are good for four years and the earliest
  ones expire during 2007. Options
• Do nothing, i.e. leave the waiver to expire and
  resume requiring audits at 25K
• Send DOR a letter requesting an extension of the
  waiver
• Send DOR a full application package if county
  wants to increase the threshold or extend the
  waiver to also include DWDs statute

32
Common problems

• Three views
• Common root causes of problems for both auditees
  and auditors
• Programs most likely to have findings
• Quality of audit work

33
Root causes

• 1 Failure to read the contract
• Alternatively
• 1 Failure to realize that we actually
• meant that the agency would comply
• with those contract provisions

34
Root causes

• 2 Failure to apply right audit standards
• I dont have to do a fraud risk assessment in my
• audits. I know none of my clients have fraud.
• Your insisting on a peer review makes it too
• hard for small firms to do these audits.
• I tried using your family care audit guide for
  the
• family support program, and its completely
  useless.

35
Root causes

• 3 Failure to understand allowable costs
• Fair market rent is fair.
• Reasonable salary for this person is
• salary of CEO salary of COO salary of CFO.
• We allocated costs based on the budget.

36
Frequent findings

• Findings in County audits are usually for a
  program or other requirement from DHFS
• Department 2004 2005
• DHFS 100 117
• DATCP 2 3
• Commerce 1 3
• DNR 1 4
• DOA 2 1
• DOC -- 1
• DOJ -- 1
• DOR -- 2
• DOT 2 19
• DWD 9 8

37
Frequent findings

• Several DHFS program or requirements account for
  majority of findings in County audits
• DHFS Appendix Section 2004 2005
• 2.1 Reporting costs 11 10
• 2.4 Purchase of care 32 25
• 2.8 Client rights/funds 10 10
• 3.1/3.5 COP, CIPII/COPW 18 16
• 3.2 CIP I 8 33
• Segregation of duties 18 17
• (New Section 2.5 in 2006 revision)

38
Auditor quality issues

• PCIE/ECIE study on quality of single audits from
  2002-2003 time span
• 48 of audits covering 93 of federal funding in
  the sample were acceptable and can be relied on
• 16 covering 2 of funding had limited
  reliability
• 35 covering 5 of funding were unacceptable and
  cannot be relied on
• Single audits of large federal amounts more
  reliable than other single audits (large
  defined as federal expenditures of 50M or more.
  For perspective in 2005, St of WI expended 9.2B
  in federal funds, Milwaukee Co - 461M, Dane Co -
  81M.)

39
Auditor quality issues

• Serious, common deficiencies
• Not documenting understanding of internal
  controls over compliance requirements
• Not documenting testing of internal controls of
  at least some compliance requirements
• Not documenting compliance testing of at least
  some compliance requirements
• Missing or having inadequate audit program
• Incorrectly reporting testing of major programs
• Not reporting audit findings

40
Auditor quality issues

• Studys recommendations
• Revise and improve single audit standards,
  criteria and guidance (in addition to changes for
  SOX YB slide 25)
• Establish minimum requirements on training on
  performing single audits as prerequisite for
  doing this work and CPE thereafter
• Review and enhance process to address
  unacceptable single audits suspension and
  debarment, sanctions, and fines of auditors
• Source Report on National Single Audit Sampling
  Project, June 2007

41
More recommendations

• Make sure your auditor is up to the job
• Has experience doing this kind of audit
• ( http//harvester.census.gov/sac/ )
• Had peer review within last three years
• Uses current audit guide
• Asks questions
• Reach out for help from program experts
• Review audit guides use them to self assess
  your operations

42
How to contact us

• Ann Marie Anderson, CPA
• Division of Enterprise Services
• Department of Health and Family Services
• 1 West Wilson Street, Room 672
• P.O. Box 7850
• Madison, WI 53707-7850
• Tel 608-267-2836
• Email anderam_at_dhfs.state.wi.us
• www.dhfs.state.wi.us/grants