Jan 6th 2014
This post originally appeared at Yellowbook-CPE. Read more posts from Leita Hart-Fanta's series: Auditing Yellow Book Style.
On December 26 the feds finalized changes to the Single Audit requirements. I am writing to give you a quick heads up about how the changes could affect auditors.
Some people like to wait until everything is perfect before they speak or write. I am not by any stretch of the imagination a perfectionist – but when it comes to technical audit standards, I do like to be very careful. I don’t want to mislead anyone with my writing.
But I am taking a risk for you, dear readers, of getting something wrong regarding the revised federal grant guidance in the interest of speed. The experts will take a month or more to come out with a synopsis because they will carefully and responsibly send it through layers and layers of review.
I reason that I am in a unique position to put something out now – because I am not part of a large institution. When the expert’s summaries of changes come out, you can compare it to my list here and write to me with your comments and, possibly, your corrections.
As always, I encourage you to read the changes yourself rather than relying on someone else to filter the changes for you. Here's the link.
This new document is comprehensive and covers federal grants from the management perspective and the audit perspective. The super long title of the new regulations is …”Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards.” Will we start calling it UARCPARFA? Let us hope not. May I propose the slang term “Unireq” pronounced you-knee-wreck. Might as well pick what we want, before someone else picks it for us!
My list of significant changes is biased toward concerns for AUDITORS… not concerns for administrators of these grants or pass-through entities.
Here is what I see so far:
1. Lumps it all in one place: The feds have finally consolidated all of the cost principles, administrative principles, and audit requirements in one document. Where there used to be 8 places the regulations could appear, now you only have to reference one very long document –- over a hundred pages long. See section II.1.
2. Synchronizes terms and acronyms: Part 200, sub-part A contains a list of acronyms and terms that will be used throughout the document and for all entities involved in the grants management process. In an earlier article, I mentioned that the feds were going to change the CFDA acronym to CFFA, but this did not happen. CFDA stands for Catalog of Federal Domestic Assistance. CFFA was to stand for Code of Federal Financial Assistance.
3. De-fuzzes some guidance: The feds seek to reduce the number of relatively silly findings that result from a minor technicality regarding the interpretation of unclear guidance. I get about a dozen emails and calls a year from auditors asking for my opinion regarding the interpretation of this or that regulation because they aren’t sure how to apply it or they are having a nasty disagreement with the client about some fuzzy part of the regulations. Here is an example of a small change that could stop a few unnecessary arguments: in the auditing standards (section 200.514 (d) (1) )the feds make it clear that they are not concerned with compliance with all laws and regulations as stated in the superseded OMB Circular A-133– only the FEDERAL laws and regulations.
4. Addresses recent bad behaviors: Employee morale costs are now prohibited and conference guidelines have been rewritten to help make clear that grantees shouldn’t charge the taxpayers for parties in Vegas (can anyone say I.R.S.?). See section B: discussion of section 200.437. Concerns regarding personally identifiable information are also woven throughout the standards.
5. Includes a few pet projects: An interesting management initiative or two has made it into regulations including ‘family friendly policies’ to help employees with expenses related to childcare when they attend conferences. See section B: discussion of section 200.432 and section 200.432.
6. Tweaks expectations regarding internal controls: The federal government, like all of us, is seeking to strike a balance between burdensome bureaucracy and reasonable controls. In some cases, they seem to be asking for more stringent controls and in other places they are lightening up. Here a just a few examples:
- Tighter controls: The long existing coverage of internal controls ala COSO in Part 6 of the compliance supplement is now specifically referenced in the auditor section 200.514 pounding home the importance of the auditors work regarding internal controls over federal programs. The discussion in the compliance supplement is not new – the reference to it in the audit requirements is. See Section 200.514 (c) (1)
- Less controls: Computing devices under $5000 are classified as ‘supplies’ and not ‘equipment’ to ‘reduce administrative burden.’ See Section 200.94
- Depends on who you are: Section 200.430 covers ‘compensation’ and goes on for several pages. When you add it to section 200.431 on fringes, you end up with 4+ pages of text. Is this more or less controls? Depends on who you are and how tight your controls are now. These are sections worthy of detailed study.
7. Syncs up concepts with GAGAS. The GAO’s yellow book (or GAGAS – Generally Accepted Government Auditing Standards) has been revised several times since the last time the single audit requirements were revised. Now the single audit requirements are catching up and emphasizing important GAO concepts including:
- Abuse -– Abuse is now formally mentioned in the federal regulations as a reportable condition along with fraud, internal control weaknesses, and noncompliance. Abuse has been a reportable condition under GAO standards for about 10 years. Abuse is behavior that is deficient or improper in contrast with the behavior of a prudent person. See section 200.516 (a)(1)
- Cause –- The GAO has always mentioned cause as one of the elements of a finding, but OMB Circular A-133 mentioned it in a very passive way, asking that the auditor give the reader enough information to determine the cause of a finding. The new requirements now clearly indicate that the auditor is responsible for expressly stating the cause in each audit finding. See section 200.515 (b) (4)
- Effect – More specific and descriptive language was added to further describe the importance of detailing the effect of each finding. See section 200.515 (b)(5)
8. Requires additional auditor transparency:
- Sampling -– Single audit requirements have always asked auditors to describe their sample sizes and testing results in their findings. Now the feds have tacked on another requirement that the auditor describe whether the sample was statistically valid. Section 200.515 (b) (7)
- Peer review -– Grantees must request a copy of the auditor’s latest peer review report as they select an auditor. See section 200.509.
9. Raises thresholds for the:
- Trigger of the single audit -– Grantees expending more than $750,000 during the entity’s fiscal year must undergo a Single Audit. See section 200.501 (a) The federal government notes that this still achieves audit coverage on over 99% of federal dollars currently covered. Do not read that to say that 99% of federal expenditures are covered. It says that 99% of funds currently covered using the current threshold are still covered. This change will eliminate the need for 5,000 Single Audits!
- Reportable questioned costs –- The questioned cost threshold was $10,000 and now it is $25,000. See section 200.516 (a) (3)
10. Rewords the steps regarding the determination of major programs. The guidance has always made it seem that choosing which programs to audit (major programs) is very straight forward and a matter of taking four simple steps. That is so misleading! The process is an involved mess. The bigger the entity and the more grants they have, the messier the process gets. I can’t conclude whether the slight changes to wording in this section will make things simpler until I try it myself. But I do know that the slight rewordings could make a difference to which programs are chosen for audit making this section worth paying close attention to. See section 200.517.
11. Disallows charges for financial audits that are not related to the single audit: The cost of a financial audit of an entity that receives federal funds but DOES NOT trigger the single audit can’t be charged directly to the program, although the cost may enter into the calculation of indirect cost rates. Pass-through entities that utilize agreed-upon procedure engagements to monitor sub-recipients that do not meet the single audit threshold must meet strict criteria in order to charge cost of the engagement to the grant. See section 200.425.
The committee that created Unireq (what do you think of that? I kind of like it!) stars in 30+ minute video to that covers the major changes. The meat of the presentation begins around the 8 minute mark.
There has also been discussion of reducing the number of compliance items from 14 to 6 –- but this will not be finalized until the compliance supplement is published this spring.
If you see anything that I could share with this community of readers, please write to me at [email protected].
May 2014 find you healthy, wealthy, and wise.