Now in its third year of implementation, most organizations should be at least familiar with the compliance requirements of the Uniform Guidance. Even so, certain compliance and internal control findings are still commonplace for many auditees. Some of the most common single audit findings fall into the following categories: Allowable Costs/Cost Principles; Procurement, Suspension, and Debarment; Reporting; and Subrecipient Monitoring.
Allowable Costs/Cost Principles
The most common finding for this category relates to the allocation of indirect costs to federal award programs. Frequently, agencies have not updated their indirect cost allocation plans to meet the Uniform Guidance requirements, have not reviewed the estimates and allocation bases in the plans on a regular basis, or have not submitted them to their oversight agency in the manner prescribed by the Uniform Guidance.
Procurement, Suspension, and Debarment
The most common finding for this category relates to the exclusion checks of contractors and subrecipients. Exclusion checks are usually performed for suspension or debarment; however, the Agency failed to perform the check prior to the contract being awarded or subrecipient agreement being executed.
The most common finding in this category relates to the failure to identify required reports or reporting deadlines, resulting in reports not being filed or filed timely.
The most common findings include a failure of the pass-through entity to perform risk assessment and monitoring activities over the subrecipient and subrecipient contracts not including all information required to be included by the Uniform Guidance such as the CFDA number and contract period.
What they all have in common:
Each of these common findings have one thing in common: they could all be easily avoided through the implementation of a proper internal control framework. The Uniform Guidance requires that all recipients of federal awards develop an internal control framework in line with the framework proposed by the Committee of Sponsoring Organizations (COSO). The five elements of the COSO framework are the control environment, risk assessment, control activities, information and communication, and monitoring. Each one of these common findings could be prevented by developing control activities which would address the risks of noncompliance identified by management. Management should communicate these control activities to staff, and information provided to management should be relevant and timely to assist in monitoring activities. Monitoring activities by management are vital, as internal controls may be ineffective by design, or intentionally circumvented in the absence of review. Through the application of effective internal controls, these common single audit findings can disappear from Single Audit Reports, and agencies can achieve a greater degree of compliance with federal regulations.
As an assurance manager, Ryan leads audit engagements, completes technical reviews of financial statements and reviews audit files for municipalities, water districts and fire authorities. He is also involved in training new staff members. He acts as a mentor and resource to both his clients and his team.
Ryan can be reached at 714-672-0022.
Read Ryan’s full bio.