OFFICE OF INSPECTOR GENERAL (OIG) AUDIT PROCESS FOR HUD GRANTEES

COSCDA Conference

February 26, 2019 – 8:30 – 10:00 AM

1

PresenterAnalyst working on OIG audit

resolution in HUD’s Office of

Community Planning and

Development (CPD):

• Aaron Taylor

2

Overview• OIG Role and Office of Audit

• OIG Audit Process – Four Stages

• Audit Recommendation Examples

• Lessons Learned from Audit Process Discussion

• Audit Guide and Available Resources

• Applying What We have Learned

3

HUD’s Office of Inspector General (OIG):Mission and Office of Audit

Mission

The OIG is statutorily mandated to detect and prevent fraud, waste, and abuse and promote the effectiveness and efficiency of government operations. The OIG executes its mission by auditing, investigating, and evaluating HUD, its partners, and its program participants.

Organizational Design

The HUD OIG has five

functional offices:

• AUDIT

• Investigation

• Evaluation

• Mgmt and Technology

• Legal Counsel

External Audits

Audits of program participants (i.e., grantees, contractors, subrecipients, project partners, etc.).

Internal Audits

Audits of HUD’s administration

and implementation of Federal

funds and programs. Also includes

State DR grantee audits since

grant awards are HQ managed.

4

The Office

of Audit

performs:

HUD’s Office of Inspector General:Auditee Selection

Audits are most often started due to one of the following reasons:

• congressional or legislative mandate,

• identification through OIG risk analysis,

• HUD recommendation, or

• OIG hotline tip.5

HUD’s Office of Inspector General:Regional Offices

8 Regional Offices

Within each region, the

OIG has multiple offices,

providing the OIG a local

presence to cover all the

places where HUD

programs and funds are

used.6

OIG Audit Process – Four Stages

Stage 1: Survey

Notification

Entrance conference

Survey

Stage 2: Audit

Interview

Record review

Finding outline

Stage 3: Report Issuance

Draft report

Exit conference

Draft report comments

Final report

Stage 4: Audit Resolution

Corrective action plan

Plan approval

Plan implementation

Recommendation closure

7

OIG Audit Process – Stage 1

TIMING CONSIDERATION: Prepping for the Entrance Conference

Distribute the notification letter around your

organization and share with applicable program

partners. Have a pre-meeting to discuss the

logistics of file, data, and staff availability and

write out any questions you have for the OIG.

8

Stage 1: Survey

Notification

Entrance conference

Survey

Notification

OIG will email the authorized representative with a

notification letter announcing the start of an audit or

survey. The notification letter will provide the entrance

conference information, summarize the audit purpose

and scope, and outline the audit timeframe.

OIG Audit Process – Stage 1Stage 1: Survey

Notification

Entrance conference

Survey

Entrance Conference

On-site or remote meeting to discuss the audit scope and

implementation. Program participant is expected to

provide a summary of its program and a summary of its

file structure and organization.

BEST PRACTICES: Goals for the Entrance Conference

1. Clarify any areas of confusion about the audit scope

or process.

2. Make sure HUD is aware of the audit and participates

in the entrance conference.

3. Establish pathways for communication with the OIG.9

A survey is a limited

review of a program

to assess the need

for a full audit. OIG

will share results

before moving to

Stage 2.

OIG Audit Process – Stage 2Stage 2: Audit

Interview

Record review

Finding outline

10

Interviews Record Review

Management and Staff

Contractors

Consultants

Subrecipients

Clients

Policies and Procedures

Financial Documents

Timesheets and Payroll

Procurement Files

Contracts and Subagreements

Learn organizational structure

Learn staff and management and qualifications and duties

Review program implementation

Review controls

Federal fund usage (activities)

Compliance with organizational P&Ps and Federal rules

Sound financial management and internal controls

Supporting documentation for program activities and

transactions

Two Primary Methods of Assessment:

OIG’s Assessment Focus Areas

OIG Audit Process – Stage 2 (cont.)Stage 2: Audit

Interview

Record review

Finding outline

11

BEST PRACTICES: Responding to the Finding Outline

1. Setup a time to discuss the document.

2. Read through the document thoroughly.

3. Identify questions and concerns.

4. Provide missing documents ASAP.

TIMING CONSIDERATION: Resolving Confusion or Disagreement

Ask questions early and often. Once the

audit moves into Stage 3, it is very difficult

to reconcile confusion or disagreements.

Finding Outline

Preliminary outline of audit

conclusions. Delivered upon

completion of the

interviews and record

review. Precursor to the

draft report.

TIMING CONSIDERATION: Draft to Final Report Timeline

The timeline for the draft release to final report issuance can be as short as a few weeks, therefore diligently work to get issues resolved before Stage 3, because there is a small window to make last minute changes.

OIG Audit Process – Stage 3Stage 3: Report

Issuance

Draft report

Exit conference

Draft report comments

Final report

12

Draft Report

Draft report of audit

conclusions including a

summary of the review,

findings and

recommendations, and

questioned costs.

Approx. 1 week later

Exit Conference

OIG led meeting to discuss

draft report. Come

prepared with questions

and if prepared, discuss

issues that will be included

in the official comments.

OIG Audit Process – Stage 3 (cont.)Stage 3: Report Issuance

Draft report

Exit conference

Draft report comments

Final report

13

• Organize narrative response by finding and recommendation.

• Provide a clear explanation for any disagreement(s) and include supporting documentation.

• Leave out PII.

• Maintain level tone and diction.

• Response is made public.

TIMING CONSIDERATION: Draft Report Comments

Report comments are due 10-15 days after the draft

issuance, therefore have a plan in place to get this

work done and promptly notify all individuals who

will review and sign off on the final comments.

Draft Report Comments

Official letter from authorized representative to the OIG Lead detailing the auditee’s feedback on to the audit conclusions. This letter is included as an attachment in the publicly released report.

OIG Audit Process – Stage 3 (cont.)Stage 3: Report Issuance

Draft report

Exit conference

Draft report comments

Final report

14

Final Report

Publicly issued report by the OIG summarizing the audit conclusions. Report is assigned an official report number and is issued to the authorized HUD official responsible for the program and/or audited entity.

Clean Report

CONGRATULATIONS! A clean report has no findings or recommendations. No further work is required.

Proceed to Stage 4

Final report has at least

one finding and one

recommendation.

Auditee will work with

HUD to resolve the

recommendation(s).

OIG Audit Process – Stage 4Stage 4: Audit Resolution

Corrective action plan

Plan approval

Plan implementation

Recommendation closure

15

Auditee

• Propose draft

corrective action plan

with actions and

timelines addressing

each recommendation

in response to HUD’s

letter of request

• Address any HUD

concerns with the plan

and submit final draft

to HUD.

120 days following report issuance, there will be a

HUD and OIG approved corrective action plan:

HUD

• Request corrective

action plan from

auditee

• Review corrective

action plan and request

corrections as

necessary

• Submit high-level

corrective action plan

summary to OIG for

approval

OIG

• Approve or reject

HUD submitted

corrective action plan

OIG Audit Process – Stage 4 (cont.)Stage 4: Audit Resolution

Corrective action plan

Plan approval

Plan implementation

Recommendation closure

16

Auditee

• Implement corrective

actions from the

approved plan.

• Submit documentation

to HUD for review and

closure.

• Revise/update

documentation as

needed.

• Make repayment.

Auditee will work to complete corrective actions

based on the target dates in the approved plan:

HUD

• Track plan

implementation.

• Review documentation

submission.

• Submit documents to

OIG for

recommendation

closure.

• Process repayments.

OIG

• Approve or reject

submitted

documentation.

• Reconcile cost

balances.

• Close

recommendations.

Audit

OIG Audit Process – Stage 4 (cont.)Stage 4: Audit Resolution

Corrective action plan

Plan approval

Plan implementation

Recommendation closure

17

BEST PRACTICES: Getting to Recommendation Closure

1. Do not push the report aside, stay focused – THIS IS SERIOUS!

2. Assign staff to audit resolution and start developing your corrective action plan as soon as possible.

3. Ensure there is clear understanding amongst you, HUD, and the OIG on what documentation will satisfy audit findings.

4. Submit documentation to close recommendations with your draft corrective action plan to HUD.

5. Choose achievable resolution target dates (implementation timelines).

6. Once the plan is approved, start implementing it right away.

7. If implementation obstacles arise contact HUD immediately.

OIG Audit Recommendations

Recommendation Definition

The auditor’s written suggestions for specific action to correct a deficient condition, prevent a recurrence

of the condition, or alleviate the adverse effects of a condition

18

2 Primary Types of Recommendations

Policy and Grant Admin

• Policy and procedures

• Training

• Contract revisions

• Project or subrecipient monitoring

Questioned Costs

• Ineligible costs

• Unsupported costs

• Funds to Be Put to Better Use

OIG Audit Recommendation:Policy and Grant Admin Example 1

Recommendation – Policy and Grant Admin Example 1

Implement adequate policies and procedures to ensure that future projects will

meet all Community Development Block Grant requirements before approval.

19

Things to Consider

• Partial or full P&P update

• Are there corresponding recs

• What resources are required

• Implementation timeline

• Who needs to sign off

Common Pitfalls

• Prioritization of questioned cost based recs

• Overcomplicating and overpromising

• Obtaining approval for final document

OIG Audit Recommendation:Policy and Grant Admin Example 2

Recommendation – Policy and Grant Admin Example 2

Ensure that each subrecipient understands procurement requirements by continuing to require training

for all new subrecipients and for those that do not understand the requirements.

20

Things to Consider

• Who needs training

• When and how can training be delivered

• Are there corresponding recs

• How to track implementation of new skills/knowledge

Common Pitfalls

• Training does not cover the

appropriate subject matter

• Fail to document training

OIG Audit Recommendation:Questioned Costs Example 1

Recommendation – Questioned Costs Example 1

• Reimburse from non-Federal funds the $105,514 spent on ineligible costs.

21

Things to Consider

• Do you concur, if yes then repay, if no – what is the plan

• What is the eligibility issue and what is the accepted documentation standard

• Can you produce the documentation

• Who is going to do the work and how long will it take

Common Pitfalls

• Documentation does not address the relevant issue

• Documentation does not meet accepted standards

• Workload is not properly assessed or staffed

• No funds to repay

Ineligible means a

violation of Federal

rules or regulations,

therefore the burden to

overturn is high.

OIG Audit Recommendation:Questioned Costs Example 2

Recommendation – Questioned Costs Example 2

• Provide supporting documentation to show that nine tenants were income eligible for assistance

under activity 001 or reimburse its program $220,589 from non-Federal funds.

22

Things to Consider

• Do you concur, if yes then repay, if no –what is the plan

• What documentation was missing

• Can the documentation be obtained or legally created

• Who is going to do the work and how long will it take

Common Pitfalls

• Documentation does not address the relevant issue

• Documentation does not meet accepted standards

• Workload is not properly assessed or staffed

• Documentation provides partial support

• No funds to repay

Unsupported means that there was inadequate documentation to substantiate the use of funds. Unsupported does not imply ineligible, but a failure to produce supporting documentation will lead to repayment.

Lessons Learned from Audit Process Discussion

23

Policies and

procedures

Regularly review organization policies and procedures to ensure program compliance. Ensure that staff

members are properly trained on the policies and procedures and that they are correctly implementing them

on active projects.

Program records

and archives

Have protocol in place to manage program records and to properly archive records once an award or project

is complete. The OIG audit process will be much smoother if a program participant has definitive policies in

place to manage records and has taken the time to properly ensure that all records are collected and stored

in compliance with its policies.

Ask questions Do not hesitate to ask HUD or OIG if you have questions about the scope or process of an audit. It has been

all too common for unasked questions to result in audit findings that can take hundreds of hours to resolve.

Prompt response If OIG or HUD asks for responses with respect to an audit, program participants should place a priority on

responding in a timely manner. This is especially important during the audit phases described in stages 1 and

2, because untimely responses lead to audit recommendations in the final report.

Remember the

Big Picture

When going through an audit, it is easy to forget the big picture. Therefore, while going through an OIG

audit, remember who is impacted (program beneficiaries), think about how findings will affect the current

and future use of funds, and consider how the audit could impact the working relationship with HUD.

Audit Guide and Available Resources

24

• Forthcoming CPD Program Participant Guide to OIG Audits

• HUD-OIG Integrity Bulletins

– Procurement and Contracting

– Sub-recipient Oversight

– Conflicts of Interest

– Internal Controls

– Documentation and Reporting

– Financial Management

• HUD Exchange

– HUD Program webpages

– Financial Management Curriculum

– Schedule of HUD trainings and archive of past training

Applying What We Have Learned (Health Check)

25

A Program Participant’s main goals when managing a HUD award are to implement a great program and comply with the applicable rules and requirements.

OIG Audit

An OIG audit assesses a program participant’s program implementation and compliance with rules and requirements. The results of an OIG audit can be devastating if a program is improperly managed or implemented.

SO, what can we do to get ready for an audit (or

program review or monitoring

1. Review organizational structure and staffing

2. Regularly review and update policies and

procedures

3. Assess systems and record management

4. Prioritize self assessment and innovation

5. Review recent OIG audits

25

Applying What We Have Learned:Review Organizational Structure and Staffing

Questions to Consider• Is the organization adequately staffed to

implement the Federal funds?

• Has there been recent turnover?

• Are individuals serving multiple roles? Does this create an internal controls risk?

• Are staff adequately qualified or trained on programmatic rules or Federal requirements?

• Are staff knowledgeable and trained on the organization’s policies and procedures?

Program participants

need to properly

structure and staff

their organizations

to ensure eligible and

allowable use of

Federal funds.

Applying What We Have Learned:Regularly review and update policies and procedures

Questions to Consider• Are P&Ps developed for all relevant topic

areas?

• When were P&Ps last reviewed and updated?

• Were P&Ps reviewed and updated in line with programmatic changes or new funding awards?

• Are staff knowledgeable and trained on the organization’s policies and procedures?

• Who reviews and approves new P&Ps and P&P revisions

Program delivery should be driven by P&Ps. P&P documents need to be up to date and personnel need to know the current P&Ps.

Applying What We Have Learned:Assess Systems and Records Management

Questions to Consider

• Do you know the applicable rules and requirements for your Federal funding?

• Have your systems and records been tested for Federal compliance?

• Have often do you self evaluate your systems and records?

• Do you make updates for 2 CFR 200?

• Is staff assigned to track ongoing compliance with system and record standards?

Federal requirements outline system specifications and record management standards, your organization needs to meet or exceed these standards.

Applying What We Have Learned:Prioritize Self Assessment and Innovation

Questions to Consider

• Do you have P&Ps in place to prioritize self assessment and innovation?

• How do you apply the results of your self assessment?

• Do you have a risk management strategy?

Federal staff work diligently to evaluate and innovate programs. Is your organization prioritizing self assessment and innovation.

Applying What We Have Learned:Review recent OIG Audits

Common Areas of Non-Compliance in Recent OIG Audits• Procurement

• Contract structure and components

• Sub-recipient, consultant, and/or contractor management and oversight

• Appraisals and subsequent property acquisition

• Timekeeping

• Maintaining supporting docucments for expenditures

Reviewing recent

OIG audits for your

programs can help to

illuminate common

areas of non-

compliance or

mismanagement.

QUESTIONS

31