by John Heveron
Will this be the first year you are subject to compliance auditing? If so, the following information will help you prepare.
If you expend (not receive) $750,000 or more of federal funds in a fiscal year, you will be subject to compliance auditing. You can calculate that $750,000 amount on a cash or accrual basis regardless of your regular accounting method, but will need to be consistent with that method going forward.
The $750,000 threshold includes expended amounts that were received directly from the federal government or indirectly through other agencies.
Additional CARES Act funding that you received during the year is federal funding (Heath and Human Services (HHS) Provider Relief Fund), and so is the forgiveness of an EIDL (COVID-19 Economic Injury Disaster Loans) loan because it comes from the SBA (Small Business Administration) – a government agency. However, PPP (Paycheck Protection Programs) loans come from banks and are not considered federal funding even though they are ultimately paid by the federal government.
So, if you expect to be subject to compliance auditing for this fiscal year because you will spend $750,000 in federal funds, here are some key things to do now:
- First, make sure that your CPA firm is experienced and qualified with compliance auditing. If they only do one or two compliance audits, you may want to consider another firm. Ideally, they will be members of the AICPA Governmental Audit Quality Center (Association of International Certified Professional Accountants). You may need to request proposals from other accounting firms
- Schedule a meeting with your auditors in advance of the audit so that you can discuss their expectations of you. Although there are certain procedures auditors must follow, they are permitted to use their professional judgment and conduct the audit in the way they feel is most appropriate.
Because compliance audits incorporate Governmental Auditing Standards and Generally Accepted Auditing Standards, your auditors will perform procedures to be sure that you have systems in place to:
- comply with laws, regulations, contracts and agreements that will impact your financial statements, and have controls over that compliance
- comply with requirements that have a direct and material effect on the funding you receive, and have controls over those areas of compliance. These include items such as, who is eligible to receive services, what services can be provided, and during what time frame.
Uniform Guidance (2 CFR 200) and HHS regulations (45 CFR 75) refer to a process for controls which includes the following:
- The Control Environment–your commitment to integrity and ethical values, your oversight, and your commitment to competence and accountability (ongoing training is big)
- Risk Assessment–identifying and analyzing risks, and assessing fraud risks
- Control Activities–the policies and procedures you adopt for accounting and documentation, and your controls over technology
- Information and Communication–your internal communications and training and external communications about your policies, procedures, and values
- Monitoring Activities–your ongoing assessment of whether controls are appropriate for your current programs and whether they are being followed
This sounds somewhat unwieldy, but stated more simply, it says that you must (1) consider what could go wrong with your accounting, reporting, or the execution of your grants, (2) develop board approve policies to reduce the possibility of errors, and alert you about problems, (3) train staff involved with finances and grant administration about these policies, and (4) periodically check back to make sure your controls are still working and are still proper for your circumstances.
Some of the key policies you will need to have include:
- an up-to-date personnel policy which incorporates current regulations and addresses whistleblower protection and conflicts of interest (these can be separate policies)
- a procurement policy that meets requirements of Uniform Guidance and Uniform Administrative Guidance
- procedures for carrying out federal awards, including for the management of any advance payments you receive, and
- security for protection of confidential information, including employee and client information
Your auditors may also look into your procedures for:
- Budget development and review,
- Compliance with your indirect cost rate or other cost reimbursement procedure,
- Identifying unallowable costs,
- Verifying that costs are necessary and Reasonable
- Records retention,
- Securing property and equipment,
- Dealing with subcontractors and subrecipients, and
- Complying with the buy American and hire American Executive Order.
ILRU has several helpful resources including sample policies and procedures for procurement, records retention and the like.