Understanding the Grant Compliance Audit Process Presented By: Christine Ackerman, CPA Assoc. VP, In

1
Understanding the Grant Compliance Audit
ProcessPresented ByChristine Ackerman,
CPAAssoc. VP, Internal AuditDawn
BroxtermanSr. Financial Analyst, Internal
AuditJune 10, 2009

• University of CincinnatiInternal Audit

2
Topics

• Who is Internal Audit and what do they do?
• Grant Compliance Audit Process
• Key Areas of Audit
• Key Themes within Audits
• Time frame / Communication during Audit

3
Who is Internal Audit and what do they do?

• Internal Audit (IA) is comprised of

4
Who is Internal Audit and what do they do?

• Internal Audit reports to
• On a day-to-day basis to the Senior Vice
  President for Administration and Finance and also
  has free access to the Board of Trustees.
• Formally meets with the Governance and Audit
  Committee twice a year, but also can meet on an
  as needed basis.

5
Who is Internal Audit and what do they do?

• Internal Audit is an independent function of the
  university that performs
• Financial audits or reviews,
• Operational reviews,
• Internal control audit or reviews,
• Compliance audits,
• Information technology audits or reviews, and
• Investigations.

6
Who is Internal Audit and what do they do?

• The audit or review can be performed over any
  area of the University.
• An area can be a location such as a
  department or office.
• The audit or review could be of a centralized
  process, such as payroll, purchasing, etc.
• The audit or review could be over grants or
  provisions of contracts
• Investigations are performed based on
  allegations, such as fraud, abuse, etc.

7
Who is Internal Audit and what do they do?

• We decide what to audit or review based on an
  annual risk assessment process
• Management input
• Review expenditures by functional area
• External auditor findings
• Findings from past audits
• Risks highlighted in professional literature
• Specific risk assessment for grants

8
Who is Internal Audit and what do they do?

• What Internal Audit does NOT do
• Internal Audit must remain independent.
• IA can not perform work that they will ultimately
  audit.
• Therefore, IA cannot
• Make financial or operational decisions,
• Establish policies, procedures, or controls.
• Internal Audit WILL, if requested
• Discuss and make suggestions for establishing or
  improving internal controls, procedures, or
  compliance.

These items are the responsibility of University
management.
9
Grant Compliance Audit Process
10
Grant Compliance Audit Process

• The annual risk assessment evaluates higher risk
  areas such as
• Uncompleted and/or untimely Labor Verification
  Statements (LVS),
• Cost transfers,
• P-card expenditures,
• Travel expenditures, and
• Reimbursement expenditures.
• .

11
Grant Compliance Audit Process

• The annual risk assessment takes into account the
  following
• Amount of expenditures by CFDA
• Amount of expenditures within the high dollar
  CFDAs by Cost Center
• Amount of expenditures by cost center within the
  higher risk areas listed previously and
• Hotline reports
• Management input

12
Grant Compliance Audit Process

• Engagement of the Audit
• Engagement Letter

13
Grant Compliance Audit Process

• Engagement of the Audit
• Kick-off Meeting
• Explain
• Objectives
• Compliance requirements that IA will review
• Approach
• Time frame of the audit
• Report process

14
Grant Compliance Audit Process

• What does IA review within the Audit?
• Compliance with
• Review grant awards to determine any specific
  requirements.
• OMB Circular A-21, A110 which include
• Time and Effort
• Allowability of costs
• Eligibility
• Matching
• Earmarking
• Equipment management
• Reporting
• University financial policies
• Record Retention Schedule
• Outside Activity Reports (OAR)
• Review and test internal controls, may include IT
  controls

15
Grant Compliance Audit Process

• What happens after the Audit is completed?
• A draft report is written based on observations
  within the audit and distributed to the key
  individuals that were included on the engagement
  letter.
• The individuals provide feedback and management
  responses.
• Once everyone is in consensus, the FINAL report
  is distributed to
• President and Chairman of the Governance and
  Audit Committee,
• Interim President / Senior Vice President of AF,
  
• Vice President of Research,
• Provost,
• Dean
• Chair / Department Head
• Office of General Counsel
• And others considered necessary.

16
Grant Compliance Audit Process

• Okaythen what?
• IA then receives a response to the audit from the
  university either from the Senior VP for AF
  (interim President) or from the Executive
  Oversight Committee of the Compliance Board
• The response typically instructs certain
  individuals to take action (e.g., Dean of COM) by
  a certain date
• IA follows up on the audit findings

17
Key Areas of the Audit

• Time and Effort
• Review labor history
• Review appointment letters
• Interview faculty
• Prepare effort analysis
• Review of expenditures
• Allowability
• Period of Availability
• Cash Management
• Review of LAMS expenses on grants associated with
  Protocols (to address risk that an animal was
  moved to a grant without the proper protocol)

18
Key Areas of the Audit

• Time and Effort
• Effort Analysis was obtained from Frank Bossle,
  Director of John Hopkins Office of Internal Audit
  at an Association of College University
  Auditors (ACUA) conference in September 2008.

19
Effort Interview
20
Key Areas of the Audit

• Allowability of expenditures
• Review expenditures to determine if they are in
  compliance with OMB Circular A-21 and University
  policies.
• Examples
• P-Card policies
• Travel policies
• Determine if using university contracted vendors
• Reasonable expense
• Etc.

21
Key Areas of the Audit

• Review of LAMS expenditures charged against a
  grant associated with a protocol.
• Trace transaction to invoice provided by LAMS
• Review corresponding cage detail report which
  provides the protocol number associated with the
  cage card (bar code).
• Review grant to ensure that the protocol
  associated with cage card is approved on this
  grant.

22
Key Themes w/in Audits

• Untimely LVS (Due to LVS turned in late or not
  submitted at all)
• Proposal writing charged to grants
• Time and Effort on grants
• LAMS Charges - Approved protocol and Grant
• Untimely, or unapproved OAR
• Inappropriate G/L

23
Time Frame / Communication during Audit

• Time Frame
• Audits have been taking anywhere from 624 hrs
  (3.9 mths) to 1,254 hrs (7.8 mths) with one
  person working on it.
• Status Meetings throughout Audit, as needed.

24

• QUESTIONS??
• Christine Ackerman, Director
• 556-4310
• Christine.ackerman_at_uc.edu
• Dawn Broxterman, Grant Compliance Auditor
• 556-4306
• Dawn.Broxterman_at_uc.edu
• Website http//www.uc.edu/af/internal_audit/defau
  lt.html