Single Audit Quality

Actions Needed to Address Persistent Audit Quality Problems Gao ID: GAO-08-213T October 25, 2007

Federal government grants to state and local governments have risen substantially, from $7 billion in 1960 to almost $450 billion budgeted in 2007. The single audit is an important mechanism of accountability for the use of federal grants by nonprofit organizations as well as state and local governments. However, the quality of single audits conducted under the Single Audit Act, as amended, has been a longstanding area of concern since the passage of the act in 1984. The President's Council on Integrity and Efficiency (PCIE) recently issued its Report on National Single Audit Sampling Project, which raises concerns about the quality of single audits and makes recommendations aimed at improving the effectiveness and efficiency of those audits. This testimony provides (1) GAO's perspective on the history and importance of the Single Audit Act and the principles behind the act, (2) a preliminary analysis of the recommendations made by the PCIE for improving audit quality, and (3) additional considerations for improving the quality of single audits.

In the early 1980s, Congress had concerns about a lack of adequate oversight and accountability for federal assistance provided to state and local governments. In response to concerns that large amounts of federal financial assistance were not subject to audit and that agencies sometimes overlapped on oversight activities, Congress passed the Single Audit Act of 1984. The act adopted the single audit concept to help meet the needs of federal agencies for grantee oversight as well as grantees' needs for single, uniformly structured audits. GAO supported the passage of the Single Audit Act, and continues to support the single audit concept and principles behind the act as a key accountability mechanism for federal grant awards. However, the quality of single audits has been a longstanding area of concern since the passage of the act in 1984. In its June 2007 Report on National Single Audit Sampling Project, the PCIE found that, overall, approximately 49 percent of single audits fell into the acceptable group, with the remaining 51 percent having deficiencies severe enough to classify the audits as limited in reliability or unacceptable. PCIE found a significant difference in results by audit size. Specifically, 63.5 percent of the large audits (with $50 million or more in federal award expenditures) were deemed acceptable compared with only 48.2 percent of the smaller audits (with at least $500,000 but less than $50 million in federal award expenditures). The PCIE report presents compelling evidence that a serious problem with single audit quality continues to exist. GAO is concerned that audits are not being conducted in accordance with professional standards and requirements. These audits may provide a false sense of assurance and could mislead users of the single audit reports. The PCIE report recommended a three-pronged approach to reduce the types of deficiencies found and to improve the quality of single audits: (1) revise and improve single audit standards, criteria, and guidance; (2) establish minimum continuing professional education (CPE) as a prerequisite for auditors to be eligible to be able to conduct and continue to perform single audits; and (3) review and enhance the disciplinary processes to address unacceptable audits and for not meeting training and CPE requirements. In this testimony, GAO supports PCIE's recommendations and points out issues that need to be resolved regarding the proposed training and other factors that merit consideration when determining actions to improve audit quality. GAO believes that there may be opportunities for considering size when implementing future actions to improve the effectiveness and quality of single audits. In addition, a separate effort considering the overall framework for single audits could answer such questions as whether simplified alternatives can achieve cost-effective accountability in the smallest audits; whether current federal oversight processes for single audits are adequate; and what role the auditing profession can play in increasing single audit quality.

GAO-08-213T, Single Audit Quality: Actions Needed to Address Persistent Audit Quality Problems This is the accessible text file for GAO report number GAO-08-213T entitled 'Single Audit Quality: Actions Needed to Address Persistent Audit Quality Problems' which was released on October 26, 2007. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Testimony: Before the Senate Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security, Committee on Homeland Security and Governmental Affairs, U.S. Senate: United States Government Accountability Office: GAO: For Release on Delivery Expected at 2:30 p.m. EDT: Thursday, October 25, 2007: Single Audit Quality: Actions Needed to Address Persistent Audit Quality Problems: Statement of Jeanette M. Franzel Director, Financial Management and Assurance: GAO-08-213T: GAO Highlights: Highlights of GAO-08-213T, a testimony before the Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security, Committee on Homeland Security and Governmental Affairs, U.S. Senate. Why GAO Did This Study: Federal government grants to state and local governments have risen substantially, from $7 billion in 1960 to almost $450 billion budgeted in 2007. The single audit is an important mechanism of accountability for the use of federal grants by nonprofit organizations as well as state and local governments. However, the quality of single audits conducted under the Single Audit Act, as amended, has been a longstanding area of concern since the passage of the act in 1984. The President‘s Council on Integrity and Efficiency (PCIE) recently issued its Report on National Single Audit Sampling Project, which raises concerns about the quality of single audits and makes recommendations aimed at improving the effectiveness and efficiency of those audits. This testimony provides (1) GAO‘s perspective on the history and importance of the Single Audit Act and the principles behind the act, (2) a preliminary analysis of the recommendations made by the PCIE for improving audit quality, and (3) additional considerations for improving the quality of single audits. What GAO Found: In the early 1980s, Congress had concerns about a lack of adequate oversight and accountability for federal assistance provided to state and local governments. In response to concerns that large amounts of federal financial assistance were not subject to audit and that agencies sometimes overlapped on oversight activities, Congress passed the Single Audit Act of 1984. The act adopted the single audit concept to help meet the needs of federal agencies for grantee oversight as well as grantees‘ needs for single, uniformly structured audits. GAO supported the passage of the Single Audit Act, and continues to support the single audit concept and principles behind the act as a key accountability mechanism for federal grant awards. However, the quality of single audits has been a longstanding area of concern since the passage of the act in 1984. In its June 2007 Report on National Single Audit Sampling Project, the PCIE found that, overall, approximately 49 percent of single audits fell into the acceptable group, with the remaining 51 percent having deficiencies severe enough to classify the audits as limited in reliability or unacceptable. PCIE found a significant difference in results by audit size. Specifically, 63.5 percent of the large audits (with $50 million or more in federal award expenditures) were deemed acceptable compared with only 48.2 percent of the smaller audits (with at least $500,000 but less than $50 million in federal award expenditures). The PCIE report presents compelling evidence that a serious problem with single audit quality continues to exist. GAO is concerned that audits are not being conducted in accordance with professional standards and requirements. These audits may provide a false sense of assurance and could mislead users of the single audit reports. The PCIE report recommended a three-pronged approach to reduce the types of deficiencies found and to improve the quality of single audits: (1) revise and improve single audit standards, criteria, and guidance; (2) establish minimum continuing professional education (CPE) as a prerequisite for auditors to be eligible to be able to conduct and continue to perform single audits; and (3) review and enhance the disciplinary processes to address unacceptable audits and for not meeting training and CPE requirements. In this testimony, GAO supports PCIE‘s recommendations and points out issues that need to be resolved regarding the proposed training and other factors that merit consideration when determining actions to improve audit quality. GAO believes that there may be opportunities for considering size when implementing future actions to improve the effectiveness and quality of single audits. In addition, a separate effort considering the overall framework for single audits could answer such questions as whether simplified alternatives can achieve cost- effective accountability in the smallest audits; whether current federal oversight processes for single audits are adequate; and what role the auditing profession can play in increasing single audit quality. What GAO Recommends: GAO supports PCIE‘s recommendations and points out factors for consideration in determining actions, including (1) audit quality problems by size of audit and (2) the distribution of audits by size. GAO also suggests a separate effort to evaluate the framework for single audits. To view the full product, including the scope and methodology, click on GAO-08-213T. For more information, contact Jeanette Franzel at (202) 512-9471 or franzelj@gao.gov. [End of section] Mr. Chairman and Members of the Subcommittee: I am pleased to be here today to discuss GAO's analysis of the results of the Report on National Single Audit Sampling Project[Footnote 1] recently issued by the President's Council on Integrity and Efficiency (PCIE) under the direction of the Office of Management and Budget (OMB). First, I would like to commend the PCIE for conducting this comprehensive and important study dealing with the quality of single audits. The single audit is a key accountability mechanism over the use of federal grants and other awards. In fiscal year 2007, $449 billion in federal grants was budgeted to state and local governments. The PCIE report raises significant concerns about the quality of single audits, and makes recommendations aimed at improving the effectiveness and efficiency of those audits. Today, I will provide (1) GAO's perspective on the history and importance of the Single Audit Act and the principles behind the act, (2) our preliminary analysis of the recommendations made by the PCIE for improving audit quality, and (3) additional factors for consideration for improving the quality of single audits. My statement today is based on our continuing work as the standards setter for generally accepted government auditing standards (GAGAS) and our related work in the area of single audits, including ongoing interaction with key stakeholders in the single audit process and members of the auditing profession providing single audit services to recipients of federal awards. In addition, this statement is based on our analysis of the PCIE report, and our discussions with the PCIE project team, the American Institute of Certified Public Accountants (AICPA), and OMB. Evolution of the Single Audit Act and Its Underlying Principles: In the early 1980s, Congress had concerns about a lack of adequate oversight and accountability for federal assistance[Footnote 2] provided to state and local governments. Before passage of the Single Audit Act in 1984 (the act), the federal government relied on audits of individual grants to help gain assurance that state and local governments were properly spending federal assistance. Those audits focused on whether the transactions of specific grants complied with program requirements. The audits usually did not address financial controls and were, therefore, unlikely to find systemic problems with an entity's fund management. Further, individual grant audits were conducted on a haphazard schedule, which resulted in large portions of federal funds being unaudited each year. In addition, the auditors conducting the individual grant audits did not coordinate their work with the auditors of other programs. As a result, some entities were subject to numerous grant audits each year, while others were not audited for long periods. In response to concerns that large amounts of federal financial assistance were not subject to audit and that agencies sometimes overlapped on oversight activities, Congress passed the Single Audit Act of 1984.[Footnote 3] The act stipulated that state and local governments that received at least $100,000 in federal financial assistance in a fiscal year have a single audit conducted for that year. The concept of a single audit was created to replace multiple grant audits with one audit of an entity as a whole. State and local governments which received between $25,000 and $100,000 in federal financial assistance had the option of complying with audit requirements of the act or the audit requirements of the federal program(s) that provided the assistance. The objectives of the Single Audit Act, as amended, are to: * promote sound financial management, including effective internal control, with respect to federal awards administered by nonfederal entities; * establish uniform requirements for audits of federal awards administered by nonfederal entities; * promote the efficient and effective use of audit resources; * reduce burdens on state and local governments, Indian tribes, and nonprofit organizations; and: * ensure that federal departments and agencies, to the maximum extent practicable, rely upon and use audit work done pursuant to the act. The Single Audit Act adopted the single audit concept to help meet the needs of federal agencies for grantee oversight as well as grantees' needs for single, uniformly structured audits. Rather than being a detailed review of individual grants or programs, the single audit is an organizationwide financial statement audit that includes the audit of the Schedule of Expenditures of Federal Awards (SEFA)[Footnote 4] and also focuses on internal control and the recipient's compliance with laws and regulations governing the federal financial assistance received. The act also required that grantees address material noncompliance and internal control weaknesses in a corrective action plan, which is to be submitted to appropriate federal officials. The act further required that single audits be performed in accordance with GAGAS issued by GAO. These standards provide a framework for conducting high-quality financial audits[Footnote 5] with competence, integrity, objectivity, and independence. The Single Audit Act Amendments of 1996[Footnote 6] refined the Single Audit Act of 1984 and established uniform requirements for all federal grant recipients. The refinements cover a range of fundamental areas affecting the single audit process and single audit reporting, including provisions to: * extend the law to cover all recipients of federal financial assistance, including, in particular, nonprofit organizations, hospitals, and universities; * ensure a more cost-beneficial threshold for requiring single audits; * more broadly focus audit work on the programs that present the greatest financial risk to the federal government; * provide for timely reporting of audit results; * provide for summary reporting of audit results; * promote better analyses of audit results through establishment of a federal clearinghouse and an automated database; and: * authorize pilot projects to further streamline the audit process and make it more useful. The 1996 amendments required the Director of OMB to designate a Federal Audit Clearinghouse (FAC) as the single audit repository,[Footnote 7] required the recipient entity to submit financial reports and related audit reports to the clearinghouse no later than 9 months after the recipient's year-end, and increased the audit threshold to $300,000. The criteria for determining which entities are required to have a single audit are based on the total amount of federal awards[Footnote 8] expended by the entity. The initial dollar thresholds were designed to provide adequate audit coverage of federal funds without placing an undue administrative burden on entities receiving smaller amounts of federal assistance. When the act was passed, the dollar threshold criteria for the audit requirement were targeted toward achieving audit coverage for 95 percent of direct federal assistance to local governments. As part of OMB's biennial threshold review required by the 1996 amendments, OMB increased the dollar threshold for requirement of a single audit to $500,000 in 2003 for fiscal years ending after December 31, 2003. Federal oversight responsibility for implementation of the Single Audit Act is currently shared among various entities--OMB, federal agencies, and their respective Offices of Inspector General (OIG). The Single Audit Act assigned OMB the responsibility of prescribing policies, procedures, and guidelines to implement the uniform audit requirements and required each federal agency to amend its regulations to conform to the requirements of the act and OMB's policies, procedures, and guidelines. OMB issued Circular No. A-133, Audits of States, Local Governments, and Non-Profit Organizations, which sets implementing guidelines for the audit requirements and defines roles and responsibilities related to the implementation of the Single Audit Act.[Footnote 9] The federal agency that awards a grant to a recipient is responsible for ensuring recipient compliance with federal laws, regulations, and the provisions of the grant agreements. The awarding agency is also responsible for overseeing whether the single audits are completed in a timely manner in accordance with OMB Circular No. A-133 and for providing annual updates of the Compliance Supplement[Footnote 10] to OMB. Some federal agencies rely on the OIG to perform quality control reviews (QCR) to assess whether single audit work performed complies with OMB Circular No. A-133 and auditing standards. The grant recipient (auditee) is responsible for ensuring that a single audit is performed and submitted when due, and for following up and taking corrective action on any audit findings. The auditor of the grant recipient is required to perform the audit in accordance with GAGAS. A single audit consists of (1) an audit and opinions on the fair presentation of the financial statements and the SEFA; (2) gaining an understanding of internal control over federal programs and testing internal control over major programs; and (3) an audit and an opinion on compliance with legal, regulatory, and contractual requirements for major programs. The audit also includes the auditor's schedule of findings and questioned costs, and the auditee's corrective action plans and a summary of prior audit findings that includes planned and completed corrective actions. Under GAGAS, auditors are required to report on significant deficiencies in internal control and on compliance associated with the audit of the financial statements. Recipients expending more than $50 million in federal funding ($25 million prior to December 31, 2003) are required to have a cognizant federal agency for audit in accordance with OMB Circular No. A-133. The cognizant agency for audit is the federal awarding agency that provides the predominant amount of direct funding to a recipient unless OMB otherwise makes a specific cognizant agency assignment. The cognizant agency for audit provides technical audit advice, considers requests for extensions to the submission due date for the recipient's reports, obtains or conducts QCRs, coordinates management decisions for audit findings, and conducts other activities required by OMB Circular No. A- 133. According to OMB officials, the FAC single audit database generates a listing of those agencies that should be designated cognizant agencies for audit based on information on recipients expending more than $50 million. The officials also stated that OMB is responsible for notifying both the recipient and cognizant agency for audit of the assignment. Federal award recipients that do not have a cognizant agency for audit are assigned an oversight agency for audit, which provides technical advice and may assume some or all of the responsibilities normally performed by a cognizant agency for audit. Federal grant awards to state and local governments have increased significantly since the Single Audit Act was passed in 1984. Because single audits represent the federal government's primary accountability tool over billions of dollars each year in federal funds provided to state and local governments and nonprofit organizations, it is important that these audits are carried out efficiently and effectively. As shown in figure 1, the federal government's use of grants to state and local governments has risen substantially, from $7 billion in 1960 to almost $450 billion budgeted in 2007. Figure 1: Increase in Federal Grant Awards to State and Local Governments between 1960 and 2007: This figure is a bar chart showing the increase in federal grant awards to state and local governments between 1960 and 2007. [See PDF for image] Source: OMB. Notes: Data from the Budget for Fiscal Year 2008, Historical Tables. The above figures do not include grants made directly by federal agencies to nongovernmental organizations. [A] The Single Audit Act was enacted in 1984. [End of figure] GAO supported the passage of the Single Audit Act, and we continue to support the single audit concept and principles behind the act as a key accountability mechanism over federal grant awards. However, the quality of single audits conducted under this legislation has been a longstanding area of concern since the passage of the Single Audit Act in 1984. During the 1980s, GAO issued reports[Footnote 11] that identified concerns with single audit quality, including issues with insufficient evidence related to audit planning, internal control and compliance testing, and the auditors' adherence to GAGAS. The federal Inspectors General as well have found similar problems with single audit quality. The deficiencies we cited during the 1980s were similar in nature to those identified in the recent PCIE report. Results of PCIE Report Identify Serious Single Audit Quality Issues: In June 2002, GAO and OMB testified at a House of Representatives hearing about the importance of single audits and their quality.[Footnote 12] In its testimony,[Footnote 13] OMB identified reviews of single audit quality performed by several federal agencies that disclosed deficiencies. However, OMB emphasized that an accurate statistically based measure of audit quality was needed, and should include both a baseline of the current status and the means to monitor quality in the future. We also recognized in our testimony the need for a solution or approach to evaluate the overall quality of single audits. To gain a better understanding of the extent of single audit quality deficiencies, OMB and several federal OIGs decided to work together to develop a statistically based measure of audit quality, known as the National Single Audit Sampling Project. The work was conducted by a committee of representatives from the PCIE, the Executive Council on Integrity and Efficiency (ECIE), and three State Auditors, with the work effort coordinated by the U.S. Department of Education OIG. The Project had two primary objectives: * to determine the quality of single audits by performing QCRs of a statistical sample of single audits, and: * to make recommendations to address any audit quality issues noted. The project conducted QCRs of a statistical sample of 208 audits randomly selected from a universe of over 38,000 audits submitted and accepted for the period April 1, 2003, through March 31, 2004. The sample was split into two strata: * Stratum 1: entities with $50 million or more in federal award expenditures, and: * Stratum 2: entities with less than $50 million in federal award expenditures (with at least $500,000). The above split in the sample strata corresponds with the current threshold for designating a cognizant agency, which is for entities that expend more than $50 million in a year in federal awards. Table 1 shows the universe and strata used in the analysis and the reviews completed in the National Single Audit Sampling Project. Table 1: Sample Universe for National Single Audit Sampling Project: Stratum 1[A]; Sample size: 96; Universe: 852; Total federal awards for audits in universe (dollars in billions): 737.2. Stratum 2[B]; Sample size: 112; Universe: 37,671; Total federal awards for audits in universe (dollars in billions): 143.1. Total; Sample size: 208; Universe: 38,523; Total federal awards for audits in universe (dollars in billions): 880.2. Source: President's Council on Integrity and Efficiency and Executive Council on Integrity and Efficiency. Notes: Data from Report on National Single Audit Sampling Project (June 21, 2007). The $880.2 billion differs from the federal grant funding for the audit period covered in the PCIE report due to the double counting associated with pass-through entities that provide federal awards to a subrecipient to carry out a federal program. [A] Entities with $50 million in federal award expenditures. [B] Entities with