PART SIX - Guidance for
Auditing Projects Not Included in the Compliance Supplement
Purpose
The purpose of this part is to
provide the auditor with guidance on how to identify the applicable compliance
requirements for programs not included in this Supplement for single audits.
While a state project may have many compliance requirements, normally there are
only a few key compliance requirements that could have a direct and material
effect on the project. Since the single audit process is not intended to cover
every compliance requirement, the Supplement and the auditor’s focus should be
on the types of compliance requirements enumerated in Part Three. The following
are suggested procedures to assist the auditor in making this determination.
Steps for Identifying Compliance Requirements
Determining what compliance
requirements to test involves several steps. The auditor should address the
following questions:
-
What are the project objectives, procedures, and compliance requirements for a
specific project?
The first step is to gain an understanding of how the project works (e.g., the
project objectives and procedures) and determine what laws, rules, and
provisions of contracts or grant agreements apply to the project. The auditor
should consider the following:
-
Discuss the project with the nonstate entity, and if necessary, the state
agency.
-
Review the Catalog of State Financial Assistance (Catalog). The Catalog
provides summary information about each project and includes agency contact
information.
-
Review the contracts or grant agreements and referenced laws and rules
applicable to the project, including any amendments. The documents or
agreements may identify the name and telephone number of an agency contact
person the auditor may wish to contact for additional information. Note: The
auditor should be aware that a particular nonstate entity may be subject to
provisions that are unique to that entity. For example, previous noncompliance
by a nonstate entity may result in additional requirements to which the
nonstate entity must adhere, in order to continue its participation in a state
project, and such provisions would generally not be based on laws and
regulations applicable to the state project. Reasonable procedures to identify
such compliance requirements would be inquiry of nonstate entity management and
review of the contracts or grant agreements pertaining to the project. Any such
requirements identified which could have a direct and material effect on the
major project should be included in the audit.
-
Which of the compliance requirements could have a direct and material effect on
the project?
Generally Accepted Government Auditing Standards
requires that the auditor plan the audit to provide reasonable assurance that
the financial statements are free of material misstatement resulting from
violations of laws and rules that have a direct and material effect on the
determination of financial statement amounts. The Florida Single Audit Act
requires the auditor to determine whether the nonstate entity has complied with
applicable provisions of laws, rules, and guidelines that could have a direct
and material effect on the state project. Therefore, the auditor must determine
which compliance requirements could have a direct and material effect on each
major state project.
In assessing materiality, the auditor should consider that materiality is based
on qualitative as well as quantitative aspects. Examples of characteristics
indicative of compliance requirements that could have a direct and material
effect on a major project include:
-
The requirement affects a large part of the state project (e.g., a material
amount of project dollars).
-
Noncompliance could cause the state agency (or recipient in the case of a
subrecipient) to take action, such as seeking reimbursement of all or a part of
the award and suspending the recipient’s (subrecipient’s) participation in the
project.
-
Which of the compliance requirements are susceptible to testing by the auditor?
The auditor is only expected to test compliance for those requirements that are
susceptible to testing by the auditor, that is, the requirements can be
evaluated against objective criteria, and the auditor can reasonably be
expected to have sufficient basis for recognizing noncompliance. Further, the
auditor would not be expected to test for compliance with requirements that the
state agency should have the ability to verify in the normal course of
administering the project (e.g., if the requirement is that the nonstate entity
must file a report by a certain date, the state agency should know whether it
received the report on time). Characteristics of compliance requirements that
auditors are typically expected to test include those:
-
Which are practical to test.
-
With objective criteria available for the auditor to assess compliance.
-
Where an audit objective can be written that supports an opinion on compliance.
-
When testing adds value, i.e., the state agency does not otherwise have
information that verifies compliance.
-
Into which of the common compliance requirements enumerated in Part Three of the
Supplement does each compliance requirement fall?
The auditor shall use the compliance requirements enumerated in Part Three for
identifying which requirements applicable to the project are subject to
testing. Not all compliance requirements apply to all projects, and conversely,
certain types almost always apply.
-
Activities Allowed or Unallowed
almost always applies to state projects. The auditor should look at the project
requirements, agency rules, grant applications, and contracts or grant
agreements for what constitutes allowable or unallowable activities.
-
Allowable Costs
almost always applies since most projects allow for charges of goods and
services.
-
Cash Management
will generally not apply if the project operates solely on a cost-reimbursement
agreement with no cash advanced.
-
Eligibility
applies to state projects that provide benefits to individuals or groups of
individuals, or that make subawards. For projects with eligibility
requirements, the auditor should review the project laws, rules and provisions
of contracts or grant agreements to determine the specific eligibility
requirements. Eligibility involves both who is eligible and the amount of
benefits provided to those who are eligible.
-
Equipment and Real Property Management
applies to state projects that provide for the purchase of equipment or real
property.
-
Matching, if applicable, would be specific to the state project and
the nonstate entity. Therefore, the auditor will have to review the laws,
rules, and provisions of contracts or grant agreements applicable to the
project to make specific determinations.
-
Period of Availability of State Funds
almost always applies to state projects. The contract or grant agreement
applicable to the project often indicates the period during which the funds are
available for obligation under the project. The auditor should also look for
project requirements regarding carryover of unused funds to future funding
periods, and whether pre-award costs are allowable, to what extent, and under
what circumstances.
-
Reporting
often applies to state projects, but vary significantly.
-
Subrecipient Monitoring
applies when state awards are subawarded by the recipient to a nonstate entity.
-
Special Tests and Provisions include those compliance requirements that
do not fit the description of the types of compliance requirements discussed
above. These will generally be the most difficult type of compliance
requirement to identify because, by definition, they are unique to each
project. In addition to reviewing the project’s contracts and grant agreements,
referenced laws and rules, the auditor should also make inquiries of the
nonstate entity to help identify and understand Special Tests and Provisions.
For each of the types of compliance requirements listed above, except for
Special Tests and Provisions, the auditor shall consider the compliance
requirements and related audit objectives in Part Three. In making a
determination not to test a compliance requirement, the auditor must conclude
that the requirement either does not apply to the particular nonstate entity or
that noncompliance with the requirement could not have a material effect on a
major project. The suggested audit procedures in Part Three are provided to
assist auditors in planning and performing tests of nonstate entities’
compliance with the requirements of state projects. Auditor judgment will be
necessary to determine whether the suggested audit procedures are sufficient to
achieve the stated audit objective and whether additional or alternative audit
procedures are needed.
Also, because of the diversity of systems in place among nonstate entities,
Part Three does not include suggested audit procedures to test internal
control. The auditor must determine appropriate procedures to test internal
control on a case by case basis considering factors such as the nonstate
entity’s internal control, the compliance requirements, the audit objectives
for compliance, the auditor’s assessment of control risk, and the audit
requirement to test internal controls as prescribed in Section 215.97(8),
Florida Statutes. However, the auditor may look to Part Five which presents
characteristics of internal control which may be used to reasonably ensure
compliance with the types of compliance requirements enumerated in Part Three.
-
For Special Tests and Provisions, what are the applicable audit objectives and
audit procedures?
For each of the types of compliance requirements discussed under question 4,
Part Three of the Supplement provides generic audit objectives and suggested
audit procedures, except for Special Tests and Provisions. As noted above,
Special Tests and Provisions are sufficiently unique to every project that
generic audit objectives and suggested audit procedures are not practicable.
Therefore, the auditor will have to develop audit objectives and audit
procedures for each identified special test or provision using the guidance
described in Part Three.
|