PART ONE - Background,
Applicability and Overview
Background
The State Projects Compliance
Supplement (Supplement) was developed pursuant to Sections 215.97(2)(v) and (4)(d), Florida
Statutes, which provides that the Department of Financial Services
(DFS) is responsible for coordinating the initial preparation and
subsequent revisions of the Supplement after consultation with the Chief
Financial Officer and all state agencies that award state financial assistance
to nonstate entities. This Supplement serves to identify important compliance
requirements, which the state expects to be considered as part of the state
single audit. Without the Supplement, auditors would need to research many laws
and rules for each project under audit to determine which compliance
requirements are important to the state and could have a direct and material
effect on a project. Providing this Supplement is an efficient and cost
effective approach to performing this research. For the projects contained
herein, the Supplement provides a source of information for auditors to
understand the state project's objectives, procedures, and compliance
requirements relevant to the audit as well as audit objectives and suggested
audit procedures for determining compliance with these requirements. The
Supplement also provides guidance to assist auditors in determining compliance
requirements relevant to audit, audit objectives, and suggested audit
procedures for projects not included herein.
State agencies are responsible to
annually inform the DFS of any updates needed to this Supplement. This
responsibility includes ensuring that project objectives, procedures, and
compliance requirements, noncompliance which could have a direct and
material effect on these individual state projects, are provided to the DFS for
inclusion in this Supplement. The agency project requirements are included in
Part Four of this Supplement. These individual sections can be updated or
replaced as state projects change, and sections will be added for additional
projects once the objectives, procedures, and compliance requirements relevant
to the project are written.
Applicability
Auditors shall consider this
Supplement and the referenced laws, rules, and other guidelines in determining
the compliance requirements that could have a direct and material effect on the
projects included herein. Use of this Supplement is mandatory, and accordingly,
adherence to this Supplement satisfies the requirements of Section 215.97,
Florida Statutes. For projects not included in this Supplement, the auditor is
to follow the guidance in Part Six and use the types of compliance requirements
in Part Three to identify the applicable compliance requirements which could
have a direct and material effect on the project.
State agencies are responsible to
annually inform the DFS of any updates needed to this Supplement. However,
auditors should recognize that laws and rules change periodically and that
delays will occur between such changes and revisions to this Supplement.
Moreover, auditors should recognize that there may be provisions of contracts
or grant agreements that are not specified in law or rule, and therefore, the
specifics of such may not be included in the Supplement. Accordingly, the
auditor should perform reasonable procedures to ensure that compliance
requirements are current and to determine whether there are any additional
provisions of contracts and grant agreements that should be covered by the
audit. Reasonable procedures would include inquiry of nonstate entity
management and review of the contacts and grant agreements for projects
selected for testing (major projects).
Because the suggested audit
procedures are written to enable application to many different projects
administered by many different entities, they are necessarily general in
nature. Auditor judgment will be necessary to determine whether the suggested
audit procedures are sufficient to achieve the stated audit objectives or
whether additional or alternative audit procedures are needed. Therefore, the
auditor should not consider this Supplement to be a "safe harbor" for
identifying the audit procedures to apply in a particular engagement. However,
the auditor can consider this Supplement a "safe harbor" for identification of
compliance requirements to be tested for the projects included herein if, as
discussed above, the auditor performs reasonable procedures to ensure that the
requirements in the Supplement are current and to determine whether there are
any additional provisions of contracts and grant agreements that should be
covered by the audit.
Overview
Matrix of Compliance Requirements (Part Two)
The Matrix of Compliance
Requirements (Matrix) identifies the state projects and compliance requirements
addressed by the Supplement, and associates the projects with the applicable
compliance requirements. The Matrix also identifies the applicable state agency
and the Catalog of State Financial Assistance (CSFA) number for each project
included in this Supplement.
Compliance Requirements (Part Three)
Part Three lists and describes the
10 types of compliance requirements and, except for Special Tests and
Provisions, the related audit objectives that the auditor shall consider in
every audit conducted under Section 215.97, Florida Statutes. Suggested audit
procedures are also provided to assist the auditor in planning and performing
tests of nonstate entity compliance with the requirements of state projects.
Auditor judgment will be necessary to determine whether the suggested audit
procedures are sufficient to achieve the stated audit objectives and whether
additional or alternative audit procedures are needed. Determining the nature,
timing, and extent of the audit procedures necessary to meet the audit
objectives is the auditor's responsibility.
The compliance requirements for
Special Tests and Provisions are unique to each state project; therefore,
compliance requirements, audit objectives, and suggested audit procedures for
Special Tests and Provisions are not included in Part Three.
Because of the diversity of systems
in place among nonstate entities, Part Three does not include suggested audit
procedures to test internal control. The auditor must determine appropriate
procedures to test internal control on a case-by-case basis considering factors
such as the nonstate entity's internal control, the compliance requirements,
the audit objectives for compliance, the auditor's assessment of control risk,
and the audit requirement to test internal control as prescribed by Section
215.97(10), Florida Statutes. However, see Internal Controls (Part Five) below.
State Project Compliance Requirements (Part Four)
For each state project included,
Part Four discusses project objectives, procedures, and compliance requirements
that are specific to the project. With the exception of Special Tests and
Provisions, the auditor shall refer to Part Three for the audit objectives and
suggested audit procedures that pertain to the compliance requirements
associated with the projects. Since Special Tests and Provisions are unique to
the project, the audit objectives and suggested audit procedures for the
project are included in Part Four.
The description of the project's
procedures is general in nature. Some projects may operate somewhat differently
than described due to the administrative flexibility afforded nonstate entities
and the nature, size, and volume of transactions involved. Accordingly, the
auditor should obtain an understanding of the applicable compliance
requirements and project procedures in operation at the nonstate entity to
properly plan and perform the audit.
Internal Controls (Part Five)
Section 215.97(10), Florida Statutes,
requires auditors conducting a state single audit of recipients or
subrecipients to obtain an understanding of internal controls, assess control
risk, and perform tests of controls unless the controls are deemed to be
ineffective. Also, auditors are to determine whether the nonstate entity has
internal controls in place to provide reasonable assurance of compliance with
the provisions of laws, regulations, and other rules, pertaining to state
awards that have a material effect on each major state project. Part Five is
intended to assist auditors in complying with these requirements by presenting
characteristics of internal control which may be used to reasonably ensure
compliance with the types of compliance requirements in Part Three. The
characteristics of internal control presented in Part Five are neither
mandatory nor all-inclusive.
Guidance for Auditing Projects Not Included in the Compliance
Supplement (Part Six)
Part Six provides guidance to
auditors in identifying the compliance requirements and designing tests of
compliance with such requirements for projects not included in the Supplement.
|