Responses to Posthearing Questions Related to Improving Single
Audit Quality (07-DEC-07, GAO-08-318R).
On October 25, 2007, GAO testified before a congressional
subcommittee at a hearing entitled, "Single Audits: Are They
Helping to Safeguard Federal Funds?" At the hearing, we provided
(1) GAO's perspective on the history and importance of the Single
Audit Act, as amended (Single Audit Act), and the principles
behind the act, (2) our preliminary analysis of the
recommendations made by the President's Council on Integrity and
Efficiency (PCIE) for improving audit quality, and (3) additional
factors to consider for improving the quality of single audits.
-------------------------Indexing Terms-------------------------
REPORTNUM: GAO-08-318R
ACCNO: A78771
TITLE: Responses to Posthearing Questions Related to Improving
Single Audit Quality
DATE: 12/07/2007
SUBJECT: Accountability
Audit oversight
Audit reports
Audits
Federal agencies
Federal funds
Federal grants
Program management
Standards
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO Product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
******************************************************************
GAO-08-318R
* [1]end of correspond & Test.pdf
* [2]PDF6-Ordering Information.pdf
* [3]Order by Mail or Phone
* [4]PDF6-Ordering Information-Young-10-25-07.pdf
* [5]GAO's Mission
* [6]Obtaining Copies of GAO Reports and Testimony
* [7]Order by Mail or Phone
* [8]To Report Fraud, Waste, and Abuse in Federal Programs
* [9]Congressional Relations
* [10]Public Affairs
December 7, 2007
The Honorable Tom Carper
Chairman
Subcommittee on Federal Financial Management, Government Information,
Federal Services, and International Security
Committee on Homeland Security and Governmental Affairs
United States Senate
Subject: Responses to Posthearing Questions Related to Improving Single
Audit Quality
Dear Mr. Chairman:
On October 25, 2007, GAO testified^1 before your subcommittee at a hearing
entitled, "Single Audits: Are They Helping to Safeguard Federal Funds?" At
the hearing, we provided (1) GAO's perspective on the history and
importance of the Single Audit Act, as amended (Single Audit Act), and the
principles behind the act, (2) our preliminary analysis of the
recommendations made by the President's Council on Integrity and
Efficiency (PCIE) for improving audit quality, and (3) additional factors
to consider for improving the quality of single audits.
This letter responds to your November 5, 2007, request for responses to
follow-up questions for the record related to our October 25, 2007,
testimony. Your questions, along with our responses, follow.
Question 1. Ms. Franzel mentioned in her statement that a separate effort
considering the overall framework for single audits is warranted,
including analyzing whether the current federal oversight structure for
single audits is adequate. Please elaborate on the type of analysis
suggested to be done.
Given the increase in federal grant awards in recent years and the many
different federal entities involved in overseeing the single audit
process, two aspects of the single audit framework warrant further
analysis to determine whether changes are needed to improve single audit
quality and overall accountability for the use of federal grant funds: (1)
the roles and responsibilities of the various parties in the federal
oversight structure for single audits, and (2) the current risk-based
approach to conducting single audits.
^1GAO, Single Audit Quality: Actions Needed to Address Persistent Audit
Quality Problems, GAO-08-213T (October 25, 2007).
Roles and Responsibilities within the Federal Oversight Structure
Federal oversight responsibility for implementation of the Single Audit
Act is currently shared among various entities--the Office of Management
and Budget (OMB), federal agencies, and their respective Offices of
Inspector General (OIG). The Single Audit Act assigned to OMB the
responsibility of prescribing guidance to implement the uniform audit
requirements and required each federal agency to amend its regulations to
conform to the requirements of the act and OMB's guidance. OMB issued
Circular No. A-133, Audits of States, Local Governments, and Non-Profit
Organizations, which sets implementing guidelines for the audit
requirements and defines roles and responsibilities related to the
implementation of the Single Audit Act. The federal agency that awards a
grant to a recipient is responsible for ensuring recipient compliance with
federal laws, regulations, and the provisions of the grant agreements. The
awarding agency is also responsible for overseeing whether the single
audits are completed in a timely manner in accordance with OMB Circular
No. A-133 and for providing annual updates of the Compliance Supplement^2
to OMB. Some federal agencies rely on the OIG to perform quality control
reviews (QCR) to assess whether single audit work performed complies with
OMB Circular No. A-133 and auditing standards.
Many grantees receive federal funding from several federal agencies and
programs. Therefore, a specific federal agency is generally given
oversight responsibilities for a particular grantee, either as a cognizant
or oversight agency for audit. Recipients expending more than $50 million
in federal funding are required to have a cognizant agency for audit.
Recipients that do not have a cognizant agency are assigned a specific
oversight agency to provide technical audit advice. If necessary, this
agency may perform the full duties of a cognizant agency.
An analysis of the roles and responsibilities within the federal oversight
structure for single audits to identify possible improvements should
consider the following questions:
o Is single audit oversight consistent and effective across
federal agencies (Are there any particularly effective models that
are currently employed by specific agencies)?
o What alternative federal oversight structures could improve
overall accountability and oversight of the single audit process?
o Are sufficient federal resources being dedicated to oversight of
single audits, in relation to the current dollar amounts of grants
and the nature of current grant programs?
o Should the oversight role of the cognizant agency for audit of
larger grantees--those expending $50 million or more in federal
awards--be strengthened?
o Is the current overall federal oversight structure adequate to
achieve useful and effective accountability over federal grant
funds? If not, where are improvements needed?
^2The Compliance Supplement is based on the requirements of the 1997
revisions to OMB Circular No. A-133, which provide for the issuance of a
compliance supplement to assist auditors in performing the required
audits. It provides a source of information for auditors to understand the
federal program's objectives, procedures, and compliance requirements
relevant to the audit as well as audit objectives and suggested audit
procedures for determining compliance with these requirements.
Current Risk-Based Approach to Single Audits
The current risk-based approach to conducting single audits considers both
dollar amounts and other aspects of risk to identify which "major"
programs to include in the scope of compliance testing in a single audit.
The Single Audit Act of 1984 focused attention on dollar coverage of
federal financial assistance to achieve approximately 95 percent audit
coverage. The 1996 amendments to the act expanded the criteria to include
risk-based criteria for the compliance testing component of the audit in
addition to dollar amounts. This gave auditors greater freedom in
targeting risky programs by, for example, allowing them to eliminate
low-risk large dollar programs from testing and include high-risk small
dollar programs in their place. OMB Circular No. A-133's current
methodology for selecting major programs for compliance testing is based
on a combination of dollar amounts, past audit findings, length of time
since the program was last audited, and total coverage of federal dollars.
This methodology, however, continues to rely heavily on the relative size
of the grant expenditures for programs within a grantee to determine which
programs are audited for compliance.
An analysis of the current risk-based approach to conducting single audit
compliance testing could be focused on determining whether there are other
risk-based factors that may be cost-beneficial to consider in approaching
single audits in today's environment. This analysis could also determine
whether the current single audit approach adequately targets areas of risk
and contributes to improvements where needed. Other types of risk-based
factors that could be considered include organizational governance,
internal control environment, risks associated with internal controls and
financial systems, and risk of improper payments and noncompliance with
federal programs. The single audit scope and specific audit procedures
could then be adjusted by incorporating these types of factors.
Question 2. OMB pointed out in its statement and during the hearing that
it plans to consider how to leverage single audits to improve improper
payment estimates. Is GAO concerned that the audit quality problems cited
in the PCIE study might be either masking or leading to improper payments
in some of these programs? Does GAO believe that OMB's plan has merit?
The current design of the single audit is not intended to provide
sufficient information for assessing and reporting on improper payments.
There is currently no direct link between the assessment of susceptibility
to improper payments and the level and scope of work performed in a single
audit. For instance, the current risk-based approach for determining major
programs to audit for compliance under the single audit focuses heavily on
programs with the largest dollar amounts in a grantee's portfolio. Thus,
programs identified as susceptible to improper payments at the federal
level may not be audited for compliance under a single audit, depending on
the portfolio of a grantee's federal grants. Consequently, the current
design of the single audit process and the related results are generally
insufficient to identify improper payments and systematically estimate the
extent of improper payments for susceptible programs.
Many grant programs could be susceptible to improper payments by their
very nature. Improper payments are payments that should not have been made
or that were made in an incorrect amount under applicable requirements.
Improper payments also include payments to ineligible recipients, payments
for ineligible service, duplicate payments, and payments for services not
received. Federal agencies are required to follow four basic steps under
the Improper Payments Information Act (IPIA)^3 and related OMB guidance:
(1) assess risk of improper payments in all programs,
(2) estimate improper payments for programs susceptible to
significant improper payments (defined by OMB as exceeding both
2.5 percent of program payments and $10 million annually),
(3) annually report on estimates of improper payments, and
(4) for programs with over $10 million in improper payments,
implement a plan to reduce improper payments and report on actions
to reduce them.
To the extent that single audits are not providing reliable information
about internal control and compliance with program requirements, agencies
may not be receiving the information needed to fulfill their
responsibilities under IPIA.
In its statement,^4 OMB pointed out that it is exploring longer-term
reforms to the single audit process that will help achieve successful
results in the implementation of IPIA. OMB plans to evaluate how single
audits can be expanded beyond federal program compliance to assess the
risk of improper payments and the extent to which improper payments are
systemic throughout a program. OMB's plan to evaluate how the single audit
can be expanded for this purpose has merit, and we support this
initiative.
Question 3. During the hearing, Ms. Franzel mentioned several issues that
need to be resolved before implementing the proposed training
recommendations in the PCIE study. Who should resolve these issues and
what is the need to deal with these issues considering the impact on the
timing of correcting the current audit quality problems?
Since OMB would ultimately be responsible for putting a training
requirement in place, it should also be responsible for resolving any
related implementation issues involved, with input from key stakeholders.
However, there are several interrelated factors at play here that would
impact the timing of implementing proposed training requirements. The
universe of completed single audits in the Federal Audit Clearinghouse
database for a given year is over 35,000. According to AICPA,
approximately 7,000 firms perform governmental audits which include single
audits. Those firms are located across the U.S., in large cities, small
towns, and rural areas. Because of the large number of auditors to be
trained and their dispersion across the country, there are clearly
efficiency and cost-benefit aspects that need to be considered. In
addition, effective and efficient training delivery mechanisms would need
to be identified and put in place. Resolving these substantial
implementation issues could take some time. Further, cost-benefit
considerations may be significantly affected if the current single audit
approach and universe of audits were to change significantly in the
near-term. If an effort is undertaken in the near-term to revisit the
approach to single audits, it may be advantageous to wait until any new
approaches resulting from this effort are established to implement
training requirements.
^3 Pub L. No. 107-300, 116 Stat. 2350 (November 26, 2002).
^4Office of Management and Budget, Statement of the Honorable Daniel I.
Werfel, Acting Controller, Office of Federal Financial Management, Office
of Management and Budget before the Senate Subcommittee on Federal
Financial Management, Government Information, Federal Services, and
International Security (October 25, 2007).
Question 4. What type of accountability mechanisms and oversight would be
helpful to oversee the various parties' implementation of the PCIE
recommendations? Is there anything the Congress can do to address these
problems?
Because of OMB's statutory responsibilities related to single audits, we
believe that OMB should be the party responsible for tracking the status
of implementing the PCIE recommendations. However, OMB could delegate that
responsibility to another federal agency or to the PCIE. As mentioned in
our testimony, we believe that a number of issues need to be resolved
before specific actions are taken to implement some of the
recommendations. Also, as discussed in our response to question 1, a
separate effort taking into account the overall framework for single
audits may be warranted. In our testimony, we also highlighted two other
critical factors that need to be considered when determining actions to
improve audit quality: (1) audit quality problems associated with the size
of audit, and (2) the distribution of size in the universe of single
audits. GAO could monitor the results of any changes in this area as part
of our expanded review of the single audit process.
The hearing also brought to light other key issues that affect the
usefulness of single audits and the effectiveness of federal oversight
over grant funds that require immediate attention. We would be pleased to
continue to keep the Congress informed on the extent of any progress made
in evaluating issues surrounding single audits, implementing the PCIE
recommendations, and improving the accountability and oversight structure
for federal grant funds.
In addition, GAO currently has a request from this subcommittee to
identify further actions to improve federal oversight and accountability
for grant funds. We will continue to keep the subcommittee informed about
our progress and any suggested actions for improving the single audit
process developed as a result of this work.
Question 5. In your role as the standards-setting organization for
Government Auditing Standards, what part does GAO plan to play in helping
to improve single audit quality?
The Single Audit Act requires that audits be done in accordance with
generally accepted government auditing standards (GAGAS). In our role as
standards setter, we will continue our regular activities to promote
high-quality auditing under GAGAS. GAO recently issued a modernized
version of GAGAS. ^5 Also, GAO's Comptroller General chairs the National
Intergovernmental Audit Forum that monitors the standards setting bodies,
and advances the audit standards within the government and the audit
profession. Through these processes, we have had, and continue to have,
extensive interaction with the audit community, including state and local
government auditors, and CPA firms of all sizes across the country.
^5GAO, Government Auditing Standards: July 2007 Revision, GAO-07-731G
(July 2007).
GAO provides technical assistance to auditors from public accounting firms
and government audit organizations to assist them in conducting quality
audits. Each year, GAO receives thousands of telephone and e-mail
inquiries, and we generally respond to most inquiries within 24 hours.
This interaction also alerts GAO to emerging issues and problem areas for
auditors. In addition, GAO maintains a Yellow Book web page which provides
various technical resources for auditors conducting government audits.
We are sending a copy of our responses to the posthearing questions to
Senators Coburn and McCaskill who also attended the hearing. Should you
have any questions on matters discussed in this response or need
additional information, please contact me at (202) 512-9471 or at
[11][email protected] or Sabrina Springfield at (202) 512-9328 or at
[12][email protected] . Contact points for our Office of Congressional
Relations and Public Affairs may be found on the last page of this report.
Major contributors to this report include Emily Clancy and David Merrill.
Sincerely yours,
Jeanette Franzel
Director
Financial Management and Assurance
(194748)
This is a work of the U.S. government and is not subject to copyright
protection in the United States. The published product may be reproduced
and distributed in its entirety without further permission from GAO.
However, because this work may contain copyrighted images or other
material, permission from the copyright holder may be necessary if you
wish to reproduce this material separately.
GAO's Mission
The Government Accountability Office, the audit, evaluation, and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony
The fastest and easiest way to obtain copies of GAO documents at no cost
is through GAO's Web site ( [13]www.gao.gov ). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site. To
have GAO e-mail you a list of newly posted products every afternoon, go to
[14]www.gao.gov and select "E-mail Updates."
Order by Mail or Phone
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to:
U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
DC 20548
To order by Phone:
Voice: (202) 512-6000
TDD: (202) 512-2537
Fax: (202) 512-6061
To Report Fraud, Waste, and Abuse in Federal Programs
Contact:
Web site: [15]www.gao.gov/fraudnet/fraudnet.htm
E-mail: [16][email protected]
Automated answering system: (800) 424-5454 or (202) 512-7470
Congressional Relations
Gloria Jarmon, Managing Director, [17][email protected] , (202) 512-4400
U.S. Government Accountability Office, 441 G Street NW, Room 7125
Washington, DC 20548
Public Affairs
Chuck Young, Managing Director, [18][email protected] , (202) 512-4800 U.S.
Government Accountability Office, 441 G Street NW, Room 7149 Washington,
DC 20548
References
Visible links
11. mailto:[email protected]
12. mailto:[email protected]
13. http://www.gao.gov/
14. http://www.gao.gov/
15. http://www.gao.gov/fraudnet/fraudnet.htm
16. mailto:[email protected]
17. mailto:[email protected]
18. mailto:[email protected]
*** End of document. ***