Title: Understanding the Grant Compliance Audit Process Presented By: Christine Ackerman, CPA Assoc. VP, In
1 Understanding the Grant Compliance Audit
ProcessPresented ByChristine Ackerman,
CPAAssoc. VP, Internal AuditDawn
BroxtermanSr. Financial Analyst, Internal
AuditJune 10, 2009
- University of CincinnatiInternal Audit
2Topics
- Who is Internal Audit and what do they do?
- Grant Compliance Audit Process
- Key Areas of Audit
- Key Themes within Audits
- Time frame / Communication during Audit
3Who is Internal Audit and what do they do?
- Internal Audit (IA) is comprised of
4Who is Internal Audit and what do they do?
- Internal Audit reports to
- On a day-to-day basis to the Senior Vice
President for Administration and Finance and also
has free access to the Board of Trustees. - Formally meets with the Governance and Audit
Committee twice a year, but also can meet on an
as needed basis.
5Who is Internal Audit and what do they do?
- Internal Audit is an independent function of the
university that performs - Financial audits or reviews,
- Operational reviews,
- Internal control audit or reviews,
- Compliance audits,
- Information technology audits or reviews, and
- Investigations.
6Who is Internal Audit and what do they do?
- The audit or review can be performed over any
area of the University. - An area can be a location such as a
department or office. - The audit or review could be of a centralized
process, such as payroll, purchasing, etc. - The audit or review could be over grants or
provisions of contracts - Investigations are performed based on
allegations, such as fraud, abuse, etc.
7Who is Internal Audit and what do they do?
- We decide what to audit or review based on an
annual risk assessment process - Management input
- Review expenditures by functional area
- External auditor findings
- Findings from past audits
- Risks highlighted in professional literature
- Specific risk assessment for grants
8Who is Internal Audit and what do they do?
- What Internal Audit does NOT do
- Internal Audit must remain independent.
- IA can not perform work that they will ultimately
audit. - Therefore, IA cannot
- Make financial or operational decisions,
- Establish policies, procedures, or controls.
- Internal Audit WILL, if requested
- Discuss and make suggestions for establishing or
improving internal controls, procedures, or
compliance.
These items are the responsibility of University
management.
9Grant Compliance Audit Process
10Grant Compliance Audit Process
- The annual risk assessment evaluates higher risk
areas such as - Uncompleted and/or untimely Labor Verification
Statements (LVS), - Cost transfers,
- P-card expenditures,
- Travel expenditures, and
- Reimbursement expenditures.
- .
11Grant Compliance Audit Process
- The annual risk assessment takes into account the
following - Amount of expenditures by CFDA
- Amount of expenditures within the high dollar
CFDAs by Cost Center - Amount of expenditures by cost center within the
higher risk areas listed previously and - Hotline reports
- Management input
12Grant Compliance Audit Process
- Engagement of the Audit
- Engagement Letter
13Grant Compliance Audit Process
- Engagement of the Audit
- Kick-off Meeting
- Explain
- Objectives
- Compliance requirements that IA will review
- Approach
- Time frame of the audit
- Report process
14Grant Compliance Audit Process
- What does IA review within the Audit?
- Compliance with
- Review grant awards to determine any specific
requirements. - OMB Circular A-21, A110 which include
- Time and Effort
- Allowability of costs
- Eligibility
- Matching
- Earmarking
- Equipment management
- Reporting
- University financial policies
- Record Retention Schedule
- Outside Activity Reports (OAR)
- Review and test internal controls, may include IT
controls
15Grant Compliance Audit Process
- What happens after the Audit is completed?
- A draft report is written based on observations
within the audit and distributed to the key
individuals that were included on the engagement
letter. - The individuals provide feedback and management
responses. - Once everyone is in consensus, the FINAL report
is distributed to - President and Chairman of the Governance and
Audit Committee, - Interim President / Senior Vice President of AF,
- Vice President of Research,
- Provost,
- Dean
- Chair / Department Head
- Office of General Counsel
- And others considered necessary.
16Grant Compliance Audit Process
- Okaythen what?
- IA then receives a response to the audit from the
university either from the Senior VP for AF
(interim President) or from the Executive
Oversight Committee of the Compliance Board - The response typically instructs certain
individuals to take action (e.g., Dean of COM) by
a certain date - IA follows up on the audit findings
17Key Areas of the Audit
- Time and Effort
- Review labor history
- Review appointment letters
- Interview faculty
- Prepare effort analysis
- Review of expenditures
- Allowability
- Period of Availability
- Cash Management
- Review of LAMS expenses on grants associated with
Protocols (to address risk that an animal was
moved to a grant without the proper protocol)
18Key Areas of the Audit
- Time and Effort
- Effort Analysis was obtained from Frank Bossle,
Director of John Hopkins Office of Internal Audit
at an Association of College University
Auditors (ACUA) conference in September 2008.
19Effort Interview
20Key Areas of the Audit
- Allowability of expenditures
- Review expenditures to determine if they are in
compliance with OMB Circular A-21 and University
policies. - Examples
- P-Card policies
- Travel policies
- Determine if using university contracted vendors
- Reasonable expense
- Etc.
21Key Areas of the Audit
- Review of LAMS expenditures charged against a
grant associated with a protocol. - Trace transaction to invoice provided by LAMS
- Review corresponding cage detail report which
provides the protocol number associated with the
cage card (bar code). - Review grant to ensure that the protocol
associated with cage card is approved on this
grant.
22Key Themes w/in Audits
- Untimely LVS (Due to LVS turned in late or not
submitted at all) - Proposal writing charged to grants
- Time and Effort on grants
- LAMS Charges - Approved protocol and Grant
- Untimely, or unapproved OAR
- Inappropriate G/L
23Time Frame / Communication during Audit
- Time Frame
- Audits have been taking anywhere from 624 hrs
(3.9 mths) to 1,254 hrs (7.8 mths) with one
person working on it. - Status Meetings throughout Audit, as needed.
24- QUESTIONS??
- Christine Ackerman, Director
- 556-4310
- Christine.ackerman_at_uc.edu
- Dawn Broxterman, Grant Compliance Auditor
- 556-4306
- Dawn.Broxterman_at_uc.edu
- Website http//www.uc.edu/af/internal_audit/defau
lt.html