The Office of Management and Budget (OMB) recently released the final and stand-alone 2019 Compliance Supplement which identifies federal program objectives, suggested procedures, and compliance requirements. One significant change in this year’s Compliance Supplement is that auditors are only required to test up to six compliance requirements as determined by the federal agencies. The only exception is related to the Research and Development Cluster, which is permitted to have seven requirements. Requirement A – Activities Allowed or Unallowed and Requirement B – Allowable Costs/Cost Principles are treated as one requirement. The Matrix of Compliance Requirements, found in Part 2 of the Compliance Supplement, contains either a “Y” which means “Yes” the requirement is subject to audit for the program or an “N” which means “No” the requirement is not subject to audit.
Auditors will still assess if all the requirements subject to audit are direct and material and should exercise professional judgment in determining which requirements need to be tested. If the requirement is subject to audit but not material, auditors are required to document and explain the rationale. For example, even though Equipment and Real Property Management is subject to audit for a particular program, it would not apply to a non-Federal entity that did not acquire or dispose of equipment or real property or have equipment that required an inventory based on auditor’s inquiry and review of the grant application and the general ledger.
Auditors are not expected to test requirements that are marked “N.” However, while a requirement may not be subject to the audit for compliance audit purposes, auditors have a responsibility under Generally Accepted Auditing Standards (GAAS) and Generally Accepted Government Auditing Standards (GAGAS or Yellow Book) related to noncompliance with provisions of laws, regulations, contracts, and grant agreements that may have a material effect on the financial statements and with requirements related to the auditor’s consideration of fraud and abuse.
The 6-requirement mandate does not apply to programs that are not in the Compliance Supplement. Auditors will continue to use Part 7, Guidance for Auditing Programs Not Included in This Supplement, to identify the compliance requirements to be tested for those programs.
Other Key Changes
The AICPA Government Audit Quality Center’s (GAQC) Alert No. 384, as well as Appendix VII, Audit Advisories of the Compliance Supplement, include critical information related to the increased procurement thresholds. Section 3.2.I on procurement in Part 3, Compliance Requirements, has been updated to discuss the effect of the 2017 and 2018 National Defense Authorization Acts (NDAA) and OMB Memorandum M-18-18, Implementing Statutory Changes to the Micro-Purchase and Simplified Acquisition Thresholds for Financial Assistance, on the simplified acquisition and micro-purchase thresholds. Auditors are not expected to develop audit findings for grant recipients that have implemented the increased thresholds included in the 2017 NDAA after December 23, 2016, and the 2018 NDAA after June 20, 2018, as long as the entity documented the decision in their internal procurement policies.
Other notable changes cited by GAQC Alert No. 384 include the following:
- Many programs for which L. Reporting is subject to audit have added new sections to Part 4 to add requirements relating to performance reports and special reports.
- The Student Financial Aid cluster has undergone many changes, including a new objective and suggested audit procedures relating to institutions complying with provisions of the Gramm-Leach-Bliley Act regarding securing student information.
- The new Part 6 includes a summary of the Uniform Guidance requirements for internal control, a background discussion on important internal control concepts, and appendices that include illustrations of entity-wide internal controls over federal awards and internal controls specific to each type of compliance requirement.
- Due to many changes compared to previous years, it is imperative for auditors to review carefully all parts of the compliance supplement paying closer attention to Part 1, Background, Purpose, and Applicability, and Part 2, Matrix of Compliance Requirements.
Whitley Penn continues to be one of the region’s most distinguished public accounting firms. With a strong base in Texas and a worldwide network affiliation via Nexia International, the firm is strategically positioned for continued growth both locally and internationally. Whitley Penn has been consistently recognized as “One of the Top 100 Firms in the U.S.” and “Best of the Best” by INSIDE Public Accounting. For more information on Whitley Penn, please visit whitleypenn.com.