Improving Single Audits to Protect Taxpayers

1
Improving Single Audits to Protect Taxpayers

• Department of the Interior
• Office of Inspector General
• March 11, 2008

2
Delegation within DOI
Audit Resolution
Oversight
3
OIG Responsibilities

• Monitor audit work performed by nonfederal
  auditors on Federal programs.
• Desk Reviews
• Quality Control Reviews
• Notify auditor oversight bodies about substandard
  audit work.
• Provide single audit technical assistance to
  auditors, auditees, DOI bureaus, and other
  Federal agencies.

4
More OIG Responsibilities

• Consider grantee requests for extensions for
  submission of their single audit reports.
• Draft OIG policy regarding single audits.
• Serve as OIGs liaison to the single audit
  community.
• Single Audit Roundtable
• OMB A-133 Workgroups

5
Desk Reviews

• Based on the PCIE Uniform Guide for Initial
  Review of A-133 Audit Reports.

• Revised by Single Audit Team to incorporate
  updated standards and regulations, as well as
  financial review items.

6
Desk ReviewsWhat We Review

• Auditors reports
• Schedule of Expenditures of Federal Awards
• Schedule of Findings and Questioned Costs
• Data Collection Form
• Financial statements
• Notes to the financial statements

7
Desk ReviewsWhat We Find Auditor Errors

• Incorrect opinions
• Incorrect auditee risk assessment
• Incorrect threshold calculation
• Major program(s) omission
• Insufficient major program coverage
• Deficient findings
• Data Collection Form errors
• Inconsistencies through the reporting package

8
Desk ReviewsWhat We Find Auditee Errors

• Late reporting
• Deficient SEFA
• Misidentification of Federal agency
• Insufficient pass-through information
• Omission of CFDA number or other identifying
  number
• Deficient corrective action plan
• No implementation date
• No contact name
• Financial statement deficiencies
• Omission of financial statement note disclosures

9
Risk Assessment

• Tiered risk system
• Align monitoring with risk score
• Objectivity
• Factors
• Number and types of deficiencies noted in desk
  review
• Auditor experience

10

• Low Risk Audits

• FYI letter to auditor and/or auditee, noting
  deficiencies.
• Review the audit report with the same
  firm/partner on a biennial basis.

11

• Moderate Risk Audits

• Require response from auditor and/or auditee.
• May require reissuance of report and/or Data
  Collection Form.
• Potential quality control review.

12

• Require response from auditor and/or auditee.
• May require reissuance of audit report and/or
  Data Collection Form.
• Potential quality control review.
• Referral to AICPA and State Board.

• High Risk Audits

13
(No Transcript)
14
Quality Control Reviews

• Factors for selection
• Moderate risk or higher in risk analysis
• Location and timing
• Common auditor in many of our audits
• Inquiries from other agencies
• Investigative results
• IG request
• Professional judgment

15
Quality Control ReviewWhat We Review

• Auditor proficiency
• Licensing
• Continuing professional education (CPE)
• Peer review
• Audit planning
• Selection of major programs
• Identification of compliance requirements
• Testwork
• Internal control
• Compliance

16
Quality Control ReviewsWhat We Find

• Auditor proficiency
• Insufficient CPE
• Audit planning
• Misidentification of applicable compliance
  requirements
• Testwork
• Incomplete understanding of internal control
• Omitted compliance procedures

17
Our Results

• Report re-issuances

• Auditor referrals

• FY2005 14
• FY2006 5
• FY2007 5

• FY2005 7 auditors
• FY2006 2 auditors
• FY2007 2 auditors
• Six of the 11 individuals referred had completed
  less than 10 single audits.