office of inspectorcoscda.org/wp-content/uploads/2019/03/oig-audit-process... · 2020-02-21 ·...
TRANSCRIPT
OFFICE OF INSPECTOR GENERAL (OIG) AUDIT PROCESS FOR HUD GRANTEES
COSCDA Conference
February 26, 2019 – 8:30 – 10:00 AM
1
PresenterAnalyst working on OIG audit
resolution in HUD’s Office of
Community Planning and
Development (CPD):
• Aaron Taylor
2
Overview• OIG Role and Office of Audit
• OIG Audit Process – Four Stages
• Audit Recommendation Examples
• Lessons Learned from Audit Process Discussion
• Audit Guide and Available Resources
• Applying What We have Learned
3
HUD’s Office of Inspector General (OIG):Mission and Office of Audit
Mission
The OIG is statutorily mandated to detect and prevent fraud, waste, and abuse and promote the effectiveness and efficiency of government operations. The OIG executes its mission by auditing, investigating, and evaluating HUD, its partners, and its program participants.
Organizational Design
The HUD OIG has five
functional offices:
• AUDIT
• Investigation
• Evaluation
• Mgmt and Technology
• Legal Counsel
External Audits
Audits of program participants (i.e., grantees, contractors, subrecipients, project partners, etc.).
Internal Audits
Audits of HUD’s administration
and implementation of Federal
funds and programs. Also includes
State DR grantee audits since
grant awards are HQ managed.
4
The Office
of Audit
performs:
HUD’s Office of Inspector General:Auditee Selection
Audits are most often started due to one of the following reasons:
• congressional or legislative mandate,
• identification through OIG risk analysis,
• HUD recommendation, or
• OIG hotline tip.5
HUD’s Office of Inspector General:Regional Offices
8 Regional Offices
Within each region, the
OIG has multiple offices,
providing the OIG a local
presence to cover all the
places where HUD
programs and funds are
used.6
OIG Audit Process – Four Stages
Stage 1: Survey
Notification
Entrance conference
Survey
Stage 2: Audit
Interview
Record review
Finding outline
Stage 3: Report Issuance
Draft report
Exit conference
Draft report comments
Final report
Stage 4: Audit Resolution
Corrective action plan
Plan approval
Plan implementation
Recommendation closure
7
OIG Audit Process – Stage 1
TIMING CONSIDERATION: Prepping for the Entrance Conference
Distribute the notification letter around your
organization and share with applicable program
partners. Have a pre-meeting to discuss the
logistics of file, data, and staff availability and
write out any questions you have for the OIG.
8
Stage 1: Survey
Notification
Entrance conference
Survey
Notification
OIG will email the authorized representative with a
notification letter announcing the start of an audit or
survey. The notification letter will provide the entrance
conference information, summarize the audit purpose
and scope, and outline the audit timeframe.
OIG Audit Process – Stage 1Stage 1: Survey
Notification
Entrance conference
Survey
Entrance Conference
On-site or remote meeting to discuss the audit scope and
implementation. Program participant is expected to
provide a summary of its program and a summary of its
file structure and organization.
BEST PRACTICES: Goals for the Entrance Conference
1. Clarify any areas of confusion about the audit scope
or process.
2. Make sure HUD is aware of the audit and participates
in the entrance conference.
3. Establish pathways for communication with the OIG.9
A survey is a limited
review of a program
to assess the need
for a full audit. OIG
will share results
before moving to
Stage 2.
OIG Audit Process – Stage 2Stage 2: Audit
Interview
Record review
Finding outline
10
Interviews Record Review
Management and Staff
Contractors
Consultants
Subrecipients
Clients
Policies and Procedures
Financial Documents
Timesheets and Payroll
Procurement Files
Contracts and Subagreements
Learn organizational structure
Learn staff and management and qualifications and duties
Review program implementation
Review controls
Federal fund usage (activities)
Compliance with organizational P&Ps and Federal rules
Sound financial management and internal controls
Supporting documentation for program activities and
transactions
Two Primary Methods of Assessment:
OIG’s Assessment Focus Areas
OIG Audit Process – Stage 2 (cont.)Stage 2: Audit
Interview
Record review
Finding outline
11
BEST PRACTICES: Responding to the Finding Outline
1. Setup a time to discuss the document.
2. Read through the document thoroughly.
3. Identify questions and concerns.
4. Provide missing documents ASAP.
TIMING CONSIDERATION: Resolving Confusion or Disagreement
Ask questions early and often. Once the
audit moves into Stage 3, it is very difficult
to reconcile confusion or disagreements.
Finding Outline
Preliminary outline of audit
conclusions. Delivered upon
completion of the
interviews and record
review. Precursor to the
draft report.
TIMING CONSIDERATION: Draft to Final Report Timeline
The timeline for the draft release to final report issuance can be as short as a few weeks, therefore diligently work to get issues resolved before Stage 3, because there is a small window to make last minute changes.
OIG Audit Process – Stage 3Stage 3: Report
Issuance
Draft report
Exit conference
Draft report comments
Final report
12
Draft Report
Draft report of audit
conclusions including a
summary of the review,
findings and
recommendations, and
questioned costs.
Approx. 1 week later
Exit Conference
OIG led meeting to discuss
draft report. Come
prepared with questions
and if prepared, discuss
issues that will be included
in the official comments.
OIG Audit Process – Stage 3 (cont.)Stage 3: Report Issuance
Draft report
Exit conference
Draft report comments
Final report
13
• Organize narrative response by finding and recommendation.
• Provide a clear explanation for any disagreement(s) and include supporting documentation.
• Leave out PII.
• Maintain level tone and diction.
• Response is made public.
TIMING CONSIDERATION: Draft Report Comments
Report comments are due 10-15 days after the draft
issuance, therefore have a plan in place to get this
work done and promptly notify all individuals who
will review and sign off on the final comments.
Draft Report Comments
Official letter from authorized representative to the OIG Lead detailing the auditee’s feedback on to the audit conclusions. This letter is included as an attachment in the publicly released report.
OIG Audit Process – Stage 3 (cont.)Stage 3: Report Issuance
Draft report
Exit conference
Draft report comments
Final report
14
Final Report
Publicly issued report by the OIG summarizing the audit conclusions. Report is assigned an official report number and is issued to the authorized HUD official responsible for the program and/or audited entity.
Clean Report
CONGRATULATIONS! A clean report has no findings or recommendations. No further work is required.
Proceed to Stage 4
Final report has at least
one finding and one
recommendation.
Auditee will work with
HUD to resolve the
recommendation(s).
OIG Audit Process – Stage 4Stage 4: Audit Resolution
Corrective action plan
Plan approval
Plan implementation
Recommendation closure
15
Auditee
• Propose draft
corrective action plan
with actions and
timelines addressing
each recommendation
in response to HUD’s
letter of request
• Address any HUD
concerns with the plan
and submit final draft
to HUD.
120 days following report issuance, there will be a
HUD and OIG approved corrective action plan:
HUD
• Request corrective
action plan from
auditee
• Review corrective
action plan and request
corrections as
necessary
• Submit high-level
corrective action plan
summary to OIG for
approval
OIG
• Approve or reject
HUD submitted
corrective action plan
OIG Audit Process – Stage 4 (cont.)Stage 4: Audit Resolution
Corrective action plan
Plan approval
Plan implementation
Recommendation closure
16
Auditee
• Implement corrective
actions from the
approved plan.
• Submit documentation
to HUD for review and
closure.
• Revise/update
documentation as
needed.
• Make repayment.
Auditee will work to complete corrective actions
based on the target dates in the approved plan:
HUD
• Track plan
implementation.
• Review documentation
submission.
• Submit documents to
OIG for
recommendation
closure.
• Process repayments.
OIG
• Approve or reject
submitted
documentation.
• Reconcile cost
balances.
• Close
recommendations.
Audit
OIG Audit Process – Stage 4 (cont.)Stage 4: Audit Resolution
Corrective action plan
Plan approval
Plan implementation
Recommendation closure
17
BEST PRACTICES: Getting to Recommendation Closure
1. Do not push the report aside, stay focused – THIS IS SERIOUS!
2. Assign staff to audit resolution and start developing your corrective action plan as soon as possible.
3. Ensure there is clear understanding amongst you, HUD, and the OIG on what documentation will satisfy audit findings.
4. Submit documentation to close recommendations with your draft corrective action plan to HUD.
5. Choose achievable resolution target dates (implementation timelines).
6. Once the plan is approved, start implementing it right away.
7. If implementation obstacles arise contact HUD immediately.
OIG Audit Recommendations
Recommendation Definition
The auditor’s written suggestions for specific action to correct a deficient condition, prevent a recurrence
of the condition, or alleviate the adverse effects of a condition
18
2 Primary Types of Recommendations
Policy and Grant Admin
• Policy and procedures
• Training
• Contract revisions
• Project or subrecipient monitoring
Questioned Costs
• Ineligible costs
• Unsupported costs
• Funds to Be Put to Better Use
OIG Audit Recommendation:Policy and Grant Admin Example 1
Recommendation – Policy and Grant Admin Example 1
Implement adequate policies and procedures to ensure that future projects will
meet all Community Development Block Grant requirements before approval.
19
Things to Consider
• Partial or full P&P update
• Are there corresponding recs
• What resources are required
• Implementation timeline
• Who needs to sign off
Common Pitfalls
• Prioritization of questioned cost based recs
• Overcomplicating and overpromising
• Obtaining approval for final document
OIG Audit Recommendation:Policy and Grant Admin Example 2
Recommendation – Policy and Grant Admin Example 2
Ensure that each subrecipient understands procurement requirements by continuing to require training
for all new subrecipients and for those that do not understand the requirements.
20
Things to Consider
• Who needs training
• When and how can training be delivered
• Are there corresponding recs
• How to track implementation of new skills/knowledge
Common Pitfalls
• Training does not cover the
appropriate subject matter
• Fail to document training
OIG Audit Recommendation:Questioned Costs Example 1
Recommendation – Questioned Costs Example 1
• Reimburse from non-Federal funds the $105,514 spent on ineligible costs.
21
Things to Consider
• Do you concur, if yes then repay, if no – what is the plan
• What is the eligibility issue and what is the accepted documentation standard
• Can you produce the documentation
• Who is going to do the work and how long will it take
Common Pitfalls
• Documentation does not address the relevant issue
• Documentation does not meet accepted standards
• Workload is not properly assessed or staffed
• No funds to repay
Ineligible means a
violation of Federal
rules or regulations,
therefore the burden to
overturn is high.
OIG Audit Recommendation:Questioned Costs Example 2
Recommendation – Questioned Costs Example 2
• Provide supporting documentation to show that nine tenants were income eligible for assistance
under activity 001 or reimburse its program $220,589 from non-Federal funds.
22
Things to Consider
• Do you concur, if yes then repay, if no –what is the plan
• What documentation was missing
• Can the documentation be obtained or legally created
• Who is going to do the work and how long will it take
Common Pitfalls
• Documentation does not address the relevant issue
• Documentation does not meet accepted standards
• Workload is not properly assessed or staffed
• Documentation provides partial support
• No funds to repay
Unsupported means that there was inadequate documentation to substantiate the use of funds. Unsupported does not imply ineligible, but a failure to produce supporting documentation will lead to repayment.
Lessons Learned from Audit Process Discussion
23
Policies and
procedures
Regularly review organization policies and procedures to ensure program compliance. Ensure that staff
members are properly trained on the policies and procedures and that they are correctly implementing them
on active projects.
Program records
and archives
Have protocol in place to manage program records and to properly archive records once an award or project
is complete. The OIG audit process will be much smoother if a program participant has definitive policies in
place to manage records and has taken the time to properly ensure that all records are collected and stored
in compliance with its policies.
Ask questions Do not hesitate to ask HUD or OIG if you have questions about the scope or process of an audit. It has been
all too common for unasked questions to result in audit findings that can take hundreds of hours to resolve.
Prompt response If OIG or HUD asks for responses with respect to an audit, program participants should place a priority on
responding in a timely manner. This is especially important during the audit phases described in stages 1 and
2, because untimely responses lead to audit recommendations in the final report.
Remember the
Big Picture
When going through an audit, it is easy to forget the big picture. Therefore, while going through an OIG
audit, remember who is impacted (program beneficiaries), think about how findings will affect the current
and future use of funds, and consider how the audit could impact the working relationship with HUD.
Audit Guide and Available Resources
24
• Forthcoming CPD Program Participant Guide to OIG Audits
• HUD-OIG Integrity Bulletins
– Procurement and Contracting
– Sub-recipient Oversight
– Conflicts of Interest
– Internal Controls
– Documentation and Reporting
– Financial Management
• HUD Exchange
– HUD Program webpages
– Financial Management Curriculum
– Schedule of HUD trainings and archive of past training
Applying What We Have Learned (Health Check)
25
A Program Participant’s main goals when managing a HUD award are to implement a great program and comply with the applicable rules and requirements.
OIG Audit
An OIG audit assesses a program participant’s program implementation and compliance with rules and requirements. The results of an OIG audit can be devastating if a program is improperly managed or implemented.
SO, what can we do to get ready for an audit (or
program review or monitoring
1. Review organizational structure and staffing
2. Regularly review and update policies and
procedures
3. Assess systems and record management
4. Prioritize self assessment and innovation
5. Review recent OIG audits
25
Applying What We Have Learned:Review Organizational Structure and Staffing
Questions to Consider• Is the organization adequately staffed to
implement the Federal funds?
• Has there been recent turnover?
• Are individuals serving multiple roles? Does this create an internal controls risk?
• Are staff adequately qualified or trained on programmatic rules or Federal requirements?
• Are staff knowledgeable and trained on the organization’s policies and procedures?
Program participants
need to properly
structure and staff
their organizations
to ensure eligible and
allowable use of
Federal funds.
Applying What We Have Learned:Regularly review and update policies and procedures
Questions to Consider• Are P&Ps developed for all relevant topic
areas?
• When were P&Ps last reviewed and updated?
• Were P&Ps reviewed and updated in line with programmatic changes or new funding awards?
• Are staff knowledgeable and trained on the organization’s policies and procedures?
• Who reviews and approves new P&Ps and P&P revisions
Program delivery should be driven by P&Ps. P&P documents need to be up to date and personnel need to know the current P&Ps.
Applying What We Have Learned:Assess Systems and Records Management
Questions to Consider
• Do you know the applicable rules and requirements for your Federal funding?
• Have your systems and records been tested for Federal compliance?
• Have often do you self evaluate your systems and records?
• Do you make updates for 2 CFR 200?
• Is staff assigned to track ongoing compliance with system and record standards?
Federal requirements outline system specifications and record management standards, your organization needs to meet or exceed these standards.
Applying What We Have Learned:Prioritize Self Assessment and Innovation
Questions to Consider
• Do you have P&Ps in place to prioritize self assessment and innovation?
• How do you apply the results of your self assessment?
• Do you have a risk management strategy?
Federal staff work diligently to evaluate and innovate programs. Is your organization prioritizing self assessment and innovation.
Applying What We Have Learned:Review recent OIG Audits
Common Areas of Non-Compliance in Recent OIG Audits• Procurement
• Contract structure and components
• Sub-recipient, consultant, and/or contractor management and oversight
• Appraisals and subsequent property acquisition
• Timekeeping
• Maintaining supporting docucments for expenditures
Reviewing recent
OIG audits for your
programs can help to
illuminate common
areas of non-
compliance or
mismanagement.
QUESTIONS
31