The long-awaited federal study on the quality of audits performed under Office of Management and Budget (OMB) Circular A-133, Audits of States, Local Governments, and Non-Profit Organizations, was issued early today, June 22, 2007. The report titled, Report on National Single Audit Sampling Project (the PCIE report), was issued by the President's Council on Integrity and Efficiency (PCIE) and addressed to the OMB. It can be accessed in its entirety by clicking here.
The overall mission of the Governmental Audit Quality Center (GAQC) is to improve governmental audit quality, including the quality of single audits. Therefore, we take the results of the PCIE report very seriously. The purpose of this Alert is to make you aware, at a high-level, the results of the study and the related findings.
The remainder of this Alert provides you with some background on the study, a summary of the findings, a listing of some of the deficiencies noted, the report recommendations, and GAQC next steps.
Background
Several years ago, a group of federal agency Offices of Inspector General (OIGs), along with three state auditor's offices, decided to work together to develop a statistically based measure of single audit quality (the Project). The U.S. Department of Education was the Project leader. Overall, the Project had two goals:
1) Determine the quality of single audits and establish a statistically based measure of audit quality, and
2) Recommend changes in single audit requirements, standards and procedures to improve the quality of single audits.
To accomplish these goals, the OIGs conducted quality control reviews (QCRs) of a statistical sample of 208 audits randomly selected from approximately 38,000 audits submitted to and accepted by the Federal Audit Clearinghouse between April 1, 2003 and March 31, 2004. Generally, the audits reviewed were from the 2002-2003 timeframe and in some cases earlier. The sample was split into two strata. Stratum I included audits of entities that expended $50 million or more of total federal expenditures. Stratum II included audits of entities that expended at least $500,000 but less than $50 million of total federal expenditures.
The scope of the Project covered portions of the single audit relating to the planning, conduct, and reporting of audit work related to the review and testing of internal controls and compliance testing pertaining to compliance requirements for selected major federal programs. Documentation of audit work for up to three major programs for each audit was reviewed. Further, the review included audit work performed on the Schedule of Expenditure of Federal Awards (SEFA) and the content of all of the auditors' reports on the federal programs. The scope did not include a review of the content of, or the audit work performed, related to the general-purpose financial statements, the auditor's opinion on those statements, or the auditors' review of internal control over financial reporting.
Categorized Groupings of Reviewed Audits
The issues and deficiencies identified in each QCR were compiled and each engagement was then classified into one of three groupings. The groupings are defined as follows:
Acceptable: No deficiencies were noted or one or two insignificant deficiencies were noted. In some cases, the acceptable audits had deficiencies with applicable auditing criteria noted which did not require corrective action but should be corrected going forward.
Limited Reliability: Significant deficiencies with applicable auditing criteria were noted and require corrective action to afford unquestioned reliance upon the entire audit.
Unacceptable: Deficiencies were so serious that the auditor's opinion on at least one major program cannot be relied upon and/or a material reporting error was noted requiring that the report be reissued in order to be relied upon by users.
Results
The PCIE report clearly shows that improvements are needed in many areas. The results are presented in varying ways and using different breakdowns and tables. We have included several tables below that summarize the overall results and results by stratum. In addition to providing the results by the number of audits looked at, the OIGs also analyzed the results in relation to the dollar amounts of federal awards reported in the audits reviewed. You will see that the results in relation to dollar amounts reported in the audits reviewed show a much higher percentage of acceptability. The following tables show the results for both strata combined and then the results of Stratum I and Stratum II individually.
|
TOTAL SAMPLE (STRATA I & II) |
|
|
Acceptable |
Limited Reliability |
Unacceptable |
Total |
|
Sampled Audits |
115 |
30 |
63 |
208 |
|
% of Audits |
49% |
16% |
35% |
100% |
|
% of Federal $ |
93% |
2% |
5% |
100% |
|
STRATUM I (>$50 M in Federal Expenditures) |
|
|
Acceptable |
Limited Reliability |
Unacceptable |
Total |
|
Sampled Audits |
61 |
12 |
23 |
96 |
|
% of Audits |
64% |
12% |
24% |
100% |
|
% of Federal $ |
93% |
2% |
5% |
100% |
|
|
|
STRATUM II ($500K - $50 M in Federal Expenditures) |
|
|
Acceptable |
Limited Reliability |
Unacceptable |
Total |
|
Sampled Audits |
54 |
18 |
40 |
112 |
|
% of Audits |
48% |
16% |
36% |
100% |
|
% of Federal $ |
56% |
10% |
34% |
100% |
Types of Deficiencies Noted
The PCIE report goes into detail regarding the deficiencies noted on the audits reviewed. The following presents a brief summary of deficiencies identified:
· Misreporting of audit coverage of major federal programs.
· Unreported audit findings.
· Compliance testing not documented as performed or not applicable.
· Deficiencies in understanding and testing of internal control over compliance.
· Deficiencies in risk assessments as part of major program determination.
· Missing audit finding information.
· Deficiencies in presentation and auditing of the Schedule of Expenditures of Federal Awards.
· Management representations related to federal awards missing or misdated.
· Consideration of audit materiality at the major federal program level not documented.
· Other kinds of deficiencies (described in Appendix A of the report).
Project Recommendations
The PCIE report provides a three-pronged approach to reducing the deficiencies noted and to improve the quality of single audits. The recommendations in the report are directed to various organizations including the OMB and other federal agencies, the AICPA, and other single audit stakeholders. A summary of the recommendations are as follows:
· Revise and improve single audit criteria, standards, and guidance to address deficiencies noted in the report. Specific recommendations are described throughout Part II and the "Other Matters" sections of the PCIE report and include recommendations for revisions to Circular A-133 and, in some cases, additions or clarifications to AICPA auditing standards and related Audit Guides.
· Establish minimum requirements for completing comprehensive single audit training as a prerequisite for conducting such audits (the report suggests at least 16-24 hours) and thereafter, require single audit update training for continued performance of single audits.
· Review and enhance processes to address unacceptable audits and not meeting established training and continuing professional education requirements. This includes (a) reviewing the process of suspension and debarment; (b) identifying ways that the AICPA and State Boards of Accountancy can further the quality of single audits and address due professional care issues; and (c) identifying, reviewing, and evaluating the potential effectiveness of other ways to address unacceptable audits (these other ways could include sanctions to be applied to auditors and/or fines).
Next Steps
The AICPA and the GAQC share the commitment of the federal agencies involved in the Project to improving the quality of single audits. Because many of the audits that were reviewed were performed 4-5 years ago, we are confident that many of our endeavors over the last several years (for example, the launch of the GAQC) have already begun to address some of the issues raised in the PCIE report.
With that said, as the designated audit quality partner for your firm, we strongly encourage you to take this report very seriously. We further suggest that you read the PCIE report in its entirety to determine if the audit quality deficiencies cited in the report may impact the planning of your future engagements or your current audit methodologies and documentation practices.
The GAQC Executive Committee and GAQC staff will be working closely with the federal government on a go-forward basis to address the PCIE report recommendations. You can also be assured that many future Center activities will be undertaken in response to the PCIE report and to help your firm avoid having similar problems in your single audits. We will be communicating with you on an ongoing basis regarding our efforts in response to the PCIE report, as well as any new developments from OMB or other federal agencies.
As always, thank you for joining the GAQC and for your continued commitment to governmental audit quality. Working together, we have a much better likelihood of effectively improving audit quality