Audit Handbook for EPA Managers : A Guide to Better audit Management and Effective Audit Resolution


Audit Handbook
for EPA Managers
A guide to better audit management
and effective audit resolution

-------
Table of Contents

    Introduction    	   1
    Audits and the Audit Process   	   2
    How to Prepare for the Arrival of an Auditor   	   6
    Do's and Don'ts when Interacting with Auditors	   9
    Questions to Ask Before, During, and After an Audit	.  .  .  .  .  11
    How to Respond to Audit Findings	14
    Appendix A—Benchmark Questionnaire—Audit Preparedness   	A-l
    Appendix B—Audit Engagement Checklist	   B-l
    Appendix C—Standards for Audit	   C-l
    Appendix D—Definitions of Terms  	D-l
    AppendixE—Summary of Inspector General Act Amendments of 1988  .  .  . E-l

-------
Introduction
1
0
The audit process is viewed as a valuable
management tool in EPA. Audits are fully
supported by EPA management and should receive
your cooperation and attention. To obtain the
maximum benefit that you and the Agency can
receive from the audit, you should have some
knowledge of the audit process.
This handbook has been designed to help
introduce you to the audit process. It has been
written with the assumption that you will have had
little, if any, previous expenence with an audit.
However, even if you have had previous
experience with audits, this handbook should help
you to “refresh” your audit management skills.
This handbook approaches the audit “process”
as a generic set of steps that are followed
Inspector General Act
Amendments of 1988
The Inspector General Act Amendments of
1988 made significant changes to the audit
resolution, followup and reporting process.
For the first time, management is required to
report directly to the Congress, semiannually, on
audit resolution and followup activities. The
report must contain a table showing the dollar
value of “disallowed costs,” and a table showing
the value of ‘recommendations that funds be put
to better use,” agreed to in a “management
decision.” Management must also explain why
“final action” remains incomplete on any audit
eport one year following a management decision.
regardless of the organization that is performing
the audit The terms and concepts presented in
the handbook are meant to be general; therefore,
not every approach will be applicable to every
audit you may encounter. The appendix to this
handbook contains a list of definitions of terms
that may be new to you. It may be useful to
refer to the appendix from time to time to clarify
the terms that are used in the handbook.
This presentation is intended to be non.
technical and will not contain all the information
that you would need to become an “expert” in
audit management. Your audit follow-up
coordinator will have received the training
necessary to coordinate the audit process and
should be able to provide you with additional
guidance.
The Amendments contain new definitions of
terms, which are included in Appendix D of this
handbook. An executive summary of the
Amendments appears in Appendix E.
At the time of this writing, the Resource
Management Division of the Office of the
Comptroller is coordinating the development of a
new audit follow up tracking system to meet the
requirements imposed by the Amendments to the
Inspector General Act.
1

-------
Audits and the Audit Process
I. H:.:H
Types of Audits
While the majority of audits conducted are exter-
nal audits of grant recipients, they affect only a few
managers. On the other hand, the relatively few
GAO and OIG internal audits affect and will involve
nearly every manager at one time or another.
Audits can be further classified by audit phase:
EPA managers will most likely face audits per-
formed by the EPA Office of Inspector General
(OIG) or the U.S. General Accounting Office (GAO).
The GAO primarily conducts eipanded scope
audits. These audits can cover the financial opera-
tions of your organization, the economy and efficien-
cy with which your organization is managed, and the
program results achieved by your organization.
The OIG conducts audits that may cover any of
the areas of the expended scope audit. There are two
general categories of OIG audits:
• Internal audits are performance audits which test
program effectiveness, compliance with program
laws and regulations, and program results. They may
include economy and efficiency tests — in some
cases the reviews will be extended to state or other
agencies that have been delegated operational respon-
sibility for the program being reviewed.
• External audits are financial audits, usually of
EPA assistance recipients’ financial statements or
financial related systems, controls and funds. They
include tests of specific financial compliance with es-
tablished rules, regulations and agreements. They
also may include economy and efficiency tests —
these could be reviews before, during or after comple-
tion of the assistance agreement.
• Survey—Data gathenng to gain background infor-
mation on a program, activity, or function. The pur-
pose is to assess whether there appear to be any
vulnerable areas which should be reviewed in greater
detail.
• Audit—An evaluation of a program, activity, or
function in accordance with GAO standards.
• PilotAudit — The pilot audit is normally a
detailed audit of the areas identified in the survey as
worthy of additional effort. The term “pilot” is used
when it is expected that a follow-on audit will occur.
• Follow-on Audit — Audits conducted in cases
where issues are being evaluated in which there are
indications that similar conditions exist within a func-
tion or activity at more than one location.
• Nationwide Report—Consolidation of the results
of work at several locations around the country into a
national report.
2

-------
The audit process
I H. .H I
013 AudIt Ph es
Follow-On AudIt
Conducted wf ere nationwide Isaues are being e mIuated
orwtiere there are k dIcallona that ekiillar condliona
m t e .
The OIG and GAO have established procedures
for conducting audits of EPA programs. No one
regulation or manual discusses the process for con-
ducting an audit; however, audit procedures exist in
both the 010 and GAO. This section discusses the
audit process that is typically followed.
U SelettzngtheaudiL Auditareasareselectedac-
cording to several faciora. The 010 determines the
areas to audit based on input from EPA AM arK!
RAs, other Agency officials, and OIG management
a ix! staff. In addition, the OIG may audit areas iden-
tilled through its “Hotline” or based upon input from
other sources. The areas selected for audit are then
iix orporated into an annual audit pian. The annual
audit plan is updated quarterly. Your audit follow-up
coordinator sheuld have a copy of the audit plan and
inform you if your area is identified for an audit.
Both the 010 and GAO may perform audits that
axe mandated by statute or regulation, or that are re-
quested by Congress. The GAO identifies audit areas
based on input from Congress EPA officials and
GAO management and staff. However, m t of the
audits performed by GAO are either legislatively
mandated or requested by a member of Congress or a
Congressional committee.
Survey
ther b mund Infofmstlon to datere*w whether theta
eppeetto be y w tnetable aia M 1th ebould be roviowed
Ei greater detelL Beaed on aw y meu . deciol n Is made
wiietherto petforn a pact audL
I
Pilot Audit
h lI& audit alter completion ci the su y.
Oetaiod audi of wese identified I the aur y se woithy
c i addilonal elicit. Pkt audit tepoit Issued to manspement
lo t formal m 4e ommenL
Nationwide Repoil
ied to top management at Agency headquadere witen
muilpic audb were performed and revealed eimlsr condilons
at several Icoatlona w$ ldi have e nlflcasd poky knpflcatlona or
require tcp4ewel management afleutlon to eliect io provement,
Tec ve on.
3

-------
I. 1H.H ..I 1
What Starts the Audit Process?
The advisement of findings allows the Agency
managers to address misunrlerstaixlings and factual
inaccwacies. If, during the audit process, you feel
that the auditors are m sinterpTeling information or
are developing findings that you feel — based on the
facts — are incorrect, you should immediately dis-
cirss your concerns with the lead auditor and explain
your interpretation of the situation. In addition, for
those preliminary findings that you feel are accurate,
you should immediately begin to take corrective an-
lions to address weakuesses that are identified.
U Draft reporL A draft report is usually issued
shortly after the audit is completed. The report con-
tains the auditors’ findings and supponing evidence
for those findings.
• FMtrance confe -e,we. Both the OIG and GAO
conduci entrance conferences. At the entrance con-
ference, the auditors explain the purpose and scope
of the audit and receive comments from Agency per-
sonncl regarding areas that could be included in the
audil Logistical issues are addressed, such as access
to records, working space requirements, and inter-
view lists.
The personnel attending the entrance conference
should include the senior managers responsible for
the areas being audited, those with technical exper-
tise or extensive knowledge of the area being
audited, and tlx e who have experience with the
audit process.
• Advzsement of findings. As the audit is con-
ducted, the auditors should provide Agency manage-
ment with feedback about preliminary findings and
developing audit issues. This can best be done
through written “position papers.”
Agency management is expected to provide a wri
ten response to the audit findings contained in the
draft report. either concurring with the findings or
providing explanations for any disagreements with
the findings. In addition, any corrective actions that
have been planned or implemented should be
described in the response. The written response
should be provided within 30 days of receipt of the
draft report.
Your goal should be to resolve the findings iden-
tified during the audit and within the audit report.
You should ix n concentrate solely on writing a
response to the report findings. As socvi as a
problem is idernzfie4 it L v important to start correc-
twe acaons. By starting corrective actions im-
mediately, you will place yourself in a better position
to resolve the audit findings before the final audit
report is issued.
4

-------
I
M it8emerdcIf 1dI1 J

I
aftre odj
T
I
n j
T
I
—I
Audi resoiitSon
The response should address the audit recommen-
dations, either concurring with the auditors’ opinions
or providing alternative corrective actions to address
the problems that were identified.
• Audi: resolution. Audit resolution occurs when
a “final determination” is made for the findings in an
external audit, or when a “final response” to the audit
findings is issued for an internal audit. Audit resolu-
tion requires the timely and appropriate response to
an audit report by the Action Official (the Action Of-
ficial for internal audits is usually the Regional Ad-
ministrator or Assistant Administrator, for external
audits, the Action Official is usually a designee of
the RA0TAA).
For OIG audits containing significant findings, the
Action Official must obtain the concurrence of the
OIG on proposed corrective actions. The audit will
be considered resolved when the OIG and Action Of-
ficial agree upon the proposed corrective actions.
• Erii Conference. An exit conference is held to
discuss the audit findings and clarify questions the
auditors or Agency management may have regarding
the audit. Information should be exchanged between
the auditors and Agency management in order to
reach agreement on the audit results.
• Final report The final audit report contains the
auditors’ findings and recommendations. It should
reflect the pertinent information obtained from the
audit and from the discussions with Agency manage-
n nt througlxrnt the audit process.
• Resolving disagree..vnents. If the Action Official
and OIG do not reach agreement on an audit, the
OIG may refer the case to the Audit Review Group
(ARG) arK! Audit Resolution Board (ARB). In addi-
tion, the Agency Follow-Up Official may select for
review an audit for which resolution is overdue. The
Agency Follow-Up Official will attempt to facilitate
a resolution to the audit. If unsuccessful, the ARG
will review the case and issue a recommendation.
The ARB will consider this recommendation and
issue a final decision that will be binding upon the
Action Qfficial and the 01G.
The Audit Process
5

-------
How to Prepare for the Arrival of an
Auditor
EPA
‘ I ’
Introduction
Preparing for the audit
A few hours spent preparing for an audit before
iI audit starts can save the expenditure of many
staff hours during the audit—responding to auditors’
requests for information—and after the audit—resolv-
ing audit findings. The following Items are provided
as suggestions to assist you in preparing for an audit.
Proper planning and preparation should result In an
audit that progresses smoothly and minimizes the Im-
pact on your staff and your ability to complete day-to-
day work during the audiL
The GAO or OIG normally will contact your audit
follow-up coordinator at least two weeks prior to the
start of an audit or review to arrange for an entrance
conference with appropriate officials. At this time
the auditors will also ually identify any special
needs they have or information tbey will require.
The audit follow-up coordinator will be responsible
for much of the logistical arrangements prior to tha
audit.
• Designate an audit contact point. After you are
notified by your audit follow-up coordinator that an
audit will be performed, you should designate an
audit contact point within your immediate organiza-
tion. This contact point should be responsible for
managing logistical issues, responding to auditor in-
quiries, and tracking the progress of the audit. In ad-
dition, Agency staff state program officials, and
private individuals that will be affected by the audit
should be informed. These individuals should, in
turn, prepare tbeir respective organizations for the
audit process.
• Prepare for the entrance conference. Ensure that
appropriate personnel who are to attend the entrance
conference are briefed on any information that is
available regarding the audit. Appoint someone to
lake notes at the entrance conference. Make copies
of those notes for your records and send to members
of your organization who participated in the entrance
conference and were involved with the audit. The
audit follow-up coordinator will take notes and will
copy you. The coordinator will also be responsible
for following up on additional administrative needs
of the auditors.
b

-------
• Ide uify individuaLs who will be participating in
the audiL The audit follow-up coordinator may ask
for a listing of Agency personnel the auditors should
contact. Ask for a list of the audit personnel and the
auditor-in-charge. Exchange these lists with the
auditors and those involved with the audit. Contacts
the auditors have within your organization should be
coordinated through the audit contact point.
• Detennine the scope of the audit. The audit fol-
low-up coordinator will brief you and will provide
any available information and materials concerning
the planned audit’s scope of review. There will be an
entrance conference during which you should ensure
that you fully understand the scope of the audit.
Determine if your audit follow-up coordinator or the
Agency Audit Follow-up Coordinator knows of
similar audits that have been performed in the past on
other similar oiSanizatio irs (e.g. in other regions or in
other agencies). Review the results of the audits with
these organizations if possible.
• Plan the logistics of the audit. During the initial
contacts with the audit organization, the audit follow-
up coordinator will ask the auditor-in-charge about
the number of personnel that will participate in the
audit and space aix! furniture requirements. The
audit follow-up coordinator will ask for your assis-
tance to locate açpropriate space inor near your or-
gani7ation. Determine bow long the auditors plan to
remain on-site so that the space can be reserved for
them. Also, determine if the auditors will need space
to conduct private interviews.
• Det mine what documents materiaLs are
needed. Provide the individuals who will be in-
volved with the audit with the documents they will
need to prepare for the audit. ManuaIs regulations
orders aix! other documents pertinent to the audit
should be collected. Those involved with the audit
should be informed of what documents they may
need to provide to the auditors. Each should
familiarize themselves with the content of these docu-
n nts before the audit begins. It is often useful to
keep a central list of copes of documents provided to
the auditors since these may be needed to respond to
the audit report.
During the audit
During the audit most of the burden for cooldina-
tion and communication is your responsibility or as
you delegate to your contact person. You must as-
sure that your staff and delegated state staff are avail-
able to the auditors and axe fully cooperative. The
audit follow-up coordinator will be available to assist
you with logistical or administrative problems and in
clearing the auditors into other organizations, as the
need arises.
7

-------
• Fstablssh a centralized audit information file. To
the extent possible, the audit contact point should
maintain a listing of documents provided to the
auditors both voluntarily or at their request. The file
should also include all relevant and substantive cor-
respondence and notes from meetings with the
auditors. This information can be used to prepare for
the exit conference arK! help you formulate responses
to the thafi and final reports.
• Meet periodkal y with the auditors. You or your
audit contact point should meet periodically with the
auditors to track the progress of the audit aix! ensure
that information requested by the auditors is provided
to them in a timely manner. The audit Ibilow-up
coordinator should attend all progress meetings. In
cases where multiple organizations are involved, the
audit follow-up coordinator will arrange joint meet-
ings. You should also ask the auditors to brief you
on any preliminary findings they may have. Any
problems that arise with regard to the audit process
should be addressed in these meetings as expeditious-
ly as possible.
• Look for weakneswes and start corrective actions.
When problems are identified — either by you, your
staff, or the auditors — start corrective actions as
soon as possible. It is important to begin corrective
actions quickly since the goal of an audit is to iden-
tify and correct weaknesses. By taking corrective ac-
tion early, you can place yourself and the Agency in
a positive position aixi demonstrate that audit find-
ings are being resolved before the final audit report is
issued. When the problem is identified by the
auditors, provide the background information on the
problem, explain why the problem exists and
describe the corrective actions that are being taken,
as appiopriate.
U Prepare for the exit conference. audit follow-
up coordinator is responsible for arranging the exit
conference and ensuring each affbcted organization
is represented. You should ensure that the ap-
pupriate personnel—for instance, those who can
respond to the audit findings—attend the exit con-
ference. Use the information obtained from your
meetings with the auditors to prepare responses to
preliminary findings. Clarify questions you or the
auditors may have concerning the facts in the case.
As with the entrance conference, appoint someone to
take ixtes. The audit follow-up coordinator will
send a follow up memo to the attendees of the exit
conference on any agreements reached in the meet-
ing.
EPA
.
8

-------
Do’s and Don’ts when Interacting with
Auditors
NJ®
Introduction
What to DO when interacting with
auditors
EPA management emphasizes the importance of
timeliness and quality in audit resolution. The goal
of management in EPA and the Office of the Inspec-
r General is to reach an appropriate and agreeable
resolution to audits in a timely manner. One of the
keys to resolving audits in a timely marn r is the es-
tablishment of a constructive working relationship
with the auditors.
To help you as an EPA manager in working with
auditors from either the EPA Office of the Inspector
General auditors or the General Accounting Office, a
list of “do’s and don’ts” is presented in this section.
The fo lowing listing should be used as a guide to
help you when working with auditors.
V Be cooperative—provide all documents or infor-
mation requested by the auditors in a timely man-
ner.
V Be responsive—if you cannot provide the infor-
mation by the time the auditor requests, indicate
when the information can be made available.
V Prepare for an audit—review the audit direc-
tives to determine what the auditors will be look-
ing for and the information you will be expected
to provide.
V Organize your records so pertinent docu-
ments wifi be available upon request—keep all
pertinent regulations, manuals, ordeis operating
pecedures, and desk procedures current.
V File all documents relevant to the audit— every-
thing in the official file is subject to review in-
cluding memoa for record, notes, telephone
messages, and other form of documentation.
V Communicate to the auditors the actions you
have undertaken to improve problem areas and
resolve outstanding issues.
9

-------
V Scheduletlmestomeetwlthtbeauditorsona
periodic basis thmughout the audit p oc ss.
V Volunteer to have follow-up meetings with the
auditois if there are any questions.
What NOT to do when interacting
with auditors
0 Do not delay or hold up the audit—schedule
your time to complete your own work but leave
adequate time for the auditors.
0 Do not let potential audit findings get between
you and the auditors—cooperate and
demonstrate step already taken to resolve the is-
sues or agree to begin to take corrective action if
warrante
0 Donotgetupsetwlththeprospectotbelng
audited—you know more about your program
than anyone else; demonstrate your knowledge.
0 Do not withhold Information from an
auditor—They can examine almost anything
they want within your organization. Attempting
to withhold Information will only complicate the
audit.
0 Do not take an audit personally—it is a tool to
help you identify where weakness exist, if any,
and help you resolve them.
0 Donotlieorbeevaslve—donotUytohide
xxblems or cloud the issues. Provide the
auditois with data that they request or data that
they need to understand the issues, but do not
overwhelm them with information they do not
0 Do not treat an audit as a “one time” problem
to get over with as soon as possible—audits are
ongoing management tools that should be under
stood and used to the Agency’s advantage.
€) Do not get defensive with an auditor—your
goal should be to make all Interactions with the
auditors constructive.
0 Donotlookatanaudltwltha”themvs.us”
mentality—work together as a team and com-
municate with people in other regions or states
to obtain information..
10

-------
Questions to Ask Before, During, and
After an Audit
Introduction
Before the audit
This section deals with questions you should ad-
dress before the audit starts and Issues that may arise
during the course of the audit. Many problema as-
sociated with audits can be mitigated by effective
ç annlng before and during the course of the audit.
f lie following list of questions and answers should
help you prepare for an audit and Identify the proce-
dusts you should understand and follow during the
audit.
• JThatis the best way to prepare for an audit?
When you am notified of an audit, you should
designate individuals within your orgzrni7ntlon that
win be responsible to gather information and respond
to the auditors’ requests for Information. These in-
dividuals should consist of key personnel who have
technical or programmatic knowledge that would be
valuable within the audit, senior managers that can
respond to policy questions raised by the audltois
and state program officials, If a ropiate.
• JThat Lc the best way to compile information to
prepare for an audit?
The key individuals Involved with the audit
should collect the necessary documentation required
for the audit. Other organizations similar to yours—
both within the region and in other regions—who
have been audited In the past should be contacted, if
possible, to gather Information about their audit cx-
perlences. Within the organization being audited, a
contact point should be designated through which the
auditors can request Information and set up appoint-
n nts to interview personnel. The contact point
should keep a record of all requests for information
and the date the response was provided.
11

-------
• Onee the momeniwn is started how should it be
maintained?
Frequent meetings should be held with the in-
dividuals involved with the audit to exchange infor-
mation. Relevant information that is collected from
other organizations should be communicated to per-
sonuel who will be directly affected by the audit. Ad-
ditional requirements for data can be assigned and
discussed in subeequent meetings. At this early stage
pacedures should be established to manage the
audit—i.e., progress meetings, points of contact, who
attends the entrance conference, etc.
The early warning system is inter%ied to keep
xnanagemenl apprised of developing audit issues aixi
to ensure that corrective actions are begun early in
the audit process. Any audit issues raised by the
auditors that cannot be addressed by you or your staff
should be referred immediately to senior EPA
management for resolution.
• Will I know thee are findings in my area bef e
the audit report is published?
You should work out anangements with the
auditors to receive position papers to insure that you
axe kept informed of findings as they are developed.
Ax the entrance conference, you may want to discuss
with the auditors what arrangements they have to
jxesent position papers. At a minimum the position
papers should help you to confinn the information oh-
tamed by the auditors and allow you to begin correc-
tive actions before the draft report is issued.
• What should Ido if a sign ant problem is
brought to my attention by an auditor?
After the audit
Senior EPA management should be advised im-
mediately of any significant or sensitive audit finding
that is brought to your attention during the course of
the audit. The Agency has established an “early
warning system” in which you have the respon-
sibility to notify senior management about all sig-
nificant or sensitive audit findings and any corrective
actions that are planned or have been taken to ad-
dress the findings.
• What infcrma&v is required for the audit follow-
up process?
Responses to draft audit reports should be
developed and presented in written form and at the
exit conference (if the exit conference is held after
the draft report is issued). Each finding contained in
the draft report should be addressed in your response.
Supporting evidei e for disagreements with the
report should be povided in your response.
During the audit
lz

-------
Responses to final audit reports should address the
recommendations contained in thcae reports. Alter-
native solutions should be presented, If ap iatc.
010 concurrence should be obtained on any sensitive
or significant issues.
• How soon can corrective actioro be implemented?
Corrective actions should be implemented as soon
as a weakness is identified. in addition, any correc-
tive actions begun during the audit should be brought
to the attention of the audito!s and included In respon-
ses to the draft and final reports. Once the audit is
resolved, the ogress of corrective actions will be
tracked by your audit follow-up coordinator and
reported to the Agency Audit Follow-Up Coordinator.
13

-------
How to Respond to Audit Findings
Introduction
• The Action Official is the person responsible for
ensuring that responses to audit findings are com-
pleted in a timely and appropriate manner. In addi-
iron, theAciron Official mwt ensure that necessary
corrective actions are unpieniorted in response to
audit findings.
This section discusses how you should respond to
findings in various types of audits and what you need
to be aware of when wnting a response to the draft
and final audit report. The responses to audit find-
ings will differ with every audit; however, there are
common issues that should be addressed En order to
tisfactorily respond to audit findings.
• You should have as a goal the early resolution of
audit findings. To accomplish this goa you should
respond to audit findings as s n as they we coni-
mwiicated to you, preferably while the audit is being
The position papers presented to you during the
course of the audit are intended to allow you to sian
to resolve findings before the issuanee of the draft
report By responding to the position papers positive-
ly and quickly, you will give yourself and the Agen-
cy the opportunity to resolve the audit findings
before the audit report is issued in final form.
The Action Official is either your Regional M-
ministrator or Assistant Mniinistrator, or individuals
designated by them. Frequently, the action official
who must provide the Agency response to the audit
report is identified in the OIG cover letter transmitted
with the draft audit report. You may be asked to help
develop the response to the audit report. The audit
follow-up coordinator will help coordinate this
process and ensure that the deadlines for constructing
responses are met.
• Thne and attention should be devoted to respond-
ing to the draft repor4 even though less tune is al-
lo d to review and respond to draft reports than to
final reports. The primary purpose of responding to
the draft is to clarify facts and to respond to the
auditors’ findings.
The comments provided on the draft report may
be appended to or incorporated in the final report and
addressed by the auditors in the final report Thus,
the manager should take the time to make an articu-
late presentation on the findings contained within the
draft report and propose alternative approaches to the
report’s content and presentation, where appropriate.
• Responses to the final audit report should focus
an the recommendations or an internal audit) or
provide a final decision on each cost questioned or
set aside (for an erternal audis).
14

-------
References to the findings in a final report should
only be made where necessary to explain the reason
fbr a particular decision or action.
As a manager responsible for an audit, your
response to findings and recommendations can differ
significantly depending on the type of audit with
which you are dealing. The following discussion
deals with two types of audits and the requirements
to respond to findings and recommendations con-
tamed within the audit reports.
As soon as the draft report is published the audit
follow-up coordinator should help you establish dead-
lines that must be observed to resolve the audit in a
timely manner. You should distribute the report to
the staff who were involved with the audit and enlist
their support to develop responses to audit findings
and recommendations. Where the audit included an
evaluation of program results of delegated states, en-
sure that your response includes their input
The audit report should be read carefully and
checked for its accuracy. Any fuctual inaccuracies
should be noted and clarified in your response.
Internal audits
Beginning corrective action as soon as a problem
Is identified is a very important step In responding to
findings in the draft internal audit report The earlier
you begin corrective actions, the more quickly the
audit issues can be resolved.
You and everyone involved with the audit should
communicate with each other before and during the
audit to identify potential audit findings and begin ac-
tion to correct existing weaknesses. Periodic meet-
ings between you (or the audit contact point) and the
auditors can help you to identify potential findings—
if the auditors provide position papers—and help you
to begin corrective actions immediately.
• Any findings contained w7thin the draft report
must be addressed in yo& response. If you disagree
with any findings, you should explain why you dis-
agree and provide support for your argument. If you
have begun to take corrective actions and these are
not described in the report, you should include a
description of these actions in your response. Taking
corrective actions—and providing details about these
actions—ls one of the best methods available to mini-
mize the negative impacts that an audit could other-
wise produce.
• JThen the final audit report is recewe4 any recom-
mendations contained in the report nuts: be ad-
€fressed You should state whether or not you concur
with the recommendations. If you disagree with a
recommendation, you must explain why and, if pos-
sible, pmvide an alternative solution. If you have an
alternative recommendation to propose to fix the
cause of a problem, you should include this informa-
tion in your response.
All responses to draft (and final) audit reports
must be for the signature of the action official. The
audit follow-up coordinator is available to assist in
developing responses; in many organizations the
coordinator is responsible for reviewing all responses
for completeness and responsiveness to all findings
and recommendations.
15

-------
/
External audits
Any disagreements with the findings and
recommendations should be noted in a response to
the auditors and supporting evidence for an
alternative position should be supplied to the
auditors.
Audits of this nature may involve cooperative
agreements, grants or contracts. As such, they
may involve personnel such as slate officials,
contractors, municipalities, and organizations
outside the direct control ot the EPA.
• External audits may require the recovery of fwuts
from grant recipients. As such, recoveries increase
the potential for the expression of outrage from the
grant recipient, inquiries from Co, gress, and the
fthng of a dispute for resolution by the Regional
Adnii nisi razor.
Large disatlowances of cost or recoveries of
funds will also likely be reported in the 010’s
semiannual report to Congress. For these reasons,
program managers as well as ARAs and RAs need
to pay attention to what is happening in external
audits. Managers need to be aware of sensitive
and significant audit findings or cases where large
recoveries may be involved.
The Action Official is responsible for making
final dispute decisions on audit findings and
recommendations for all audits of cooperative
agreements or grants, or of contractors under such
agreements. In some regional offices, the audit
follow-up coordinator may serve in this role. The
appropriate contracting officer is the action official
responsible for making final decisions on audit
findings and recommendations of direct EPA
contractors. In all cases, the Action Official or
audit follow-up coordinator will keep you apprised
of the status of the audit report response and will
often seek your technical or programmatic input to
resolve audit findings.
• External audits which contain $100,000 or more
of Federal questioned costs require the con-
currence of the OIG before the audit is closed.
If there arc any sensitive or significant issues
involved in the audit, you need to be aware of
and agree with the conclusions and
recommendations that are associated with the
sensitive or significant findings before the
determination is sent to the 0 10.
An inability to reach agreement with the 010 on
an external audit may result in a referral of the
audit issue to the Agency Follow-up Official for
possible review by the Audit Review Group or
Audit Resolution Board.
U The grant recipient has the right to formally
dispute an audit determination to the Regional
Administrator and, ultimately, to the program
Assistant Administrator. Disputes can be very
resource intensive and will bring the audit
decision-making process under scrutiny within the
region. Managers and audit follow-up coordinators
should look for trends in disputes as an indicator
of how well the audit resolution process is
working.
16

-------
/
Elements of a response
— Oral instructions.
— Managerial expertise.
— Unwritten overall objectives as explained
by management officials.
Them is no easy definition of what constitutes an
effective response to an audit finding. You must
respond to each finding, whether or not you concur
with the finding. If there are disagreements, discuss
tl issues fact by fact. Section 2. Chapter 109 of the
OIG Manual discusses the elements of an audit find-
jug. These elements are discussed here to assist you
in pre nng an effective response.
Audit findings, regardless of the subject matter,
have four common elements. These include a corn-
perison of “what slxndd be” (criteria) with “what is”
(statement of condition) and an answer to the ques-
tion “what does this mean?” (effect). Further, if an
audit report is to be constructive, the masons “why”
(cause) there is a difference between “what is” and
“what stxuld be” must be identified and explained.
Once the cause is identified, the next logical step is
to make a recommendation that will help prevent a
reoccurrence of the problem. These terms axe dis-
cussed below in more detail.
• Critoia. Qiteria are the standards against which
an auditee is measured for a questionable condition
or performance. Published cnteria may be directly
quoted, summarized, or peraphrased. Some ex-
amples of criteria are:
— Written requirements (laws, regulations,
directives, etc.)
— Common sense.
— Independent opinion of experts outside the
Agency.
— Prudent business practice.
• Condition. An overail statement of the situation
that exists in the program or activity under review. It
relates to the extent that goals or objectives of a
program are being achieved. Some examples of con-
dition axe:
— The procedures that arc being followed or
not being followed.
— The controls that are in place or not in
place.
— A description of how the program or ac-
tivity was implemented or not implemented.
— A description of how the program or ac-
tivity worha or does not work.
U Cause. ( use is the underlying reason why the
questionable performance or condition occurred—the
reasons for the questionable action, lack of action,
weakness, deficiency, or inadequacy. Why did it hap-
pen? Why was them noncompliance? Some ex-
amples of cause:
— Lack of training.
— Lack of communication.
— Unfamiliarity with requirements.
— Negligence or carelessness.
— Guidelines or slandaids are inadequate or
not provided.
— Lack of resources (fundi or staft).
— Failure to use good judgment or common
sense.
— Unwillingness to change.
17

-------
/
— Lack of adequate on1m1 mechanisms or — Information or recorde which are not useful
devices, or meaningful or which are ina uiate.
• Effect. Effect Is the actual or potential result of — Inadecluate control or lo&s of contml over
resources or actions.
the condition being questioned, In dollar or other
terms which may not be as readily measurable. — Lowered morale.
Some examples of effect are:
By understanding the common elements of an
— Uflecofl(MniCal or iI ffiCiCflt f audit finding you should be able to respond to find-
ces (tlme money, po ings more effectively. Your responses to audit find-
— Violation of law. logs will differ depending upon the nature of the
finding; however, by ensuring that the common ele-
— Funds lnl rOpetiY Pe 1t. rents of every finding are addressed, your responses
will be more complete.
18

-------
Appendix A

-------
V
Benchmark Questionnaire
—Audit Preparedness
Introduction
The following questions are provided as a benchmark for EPA
managers to use to check the capability of their organizations to
deal with an audit. The managers can use this questionnaire to as-
sess their own knowledge of the audit management process. The
questionnaire Is not intended as a substitute for managers to
mlllarize themselves with the agency’s audit regulations and proce-
dures. The questionnaire Is Intended to be used as a tool to allow
managers to quickly assess their organizations’ readiness to deal
with an audit. As managers gain more experience with the audit
process, they may want to add to this list the unique aspects of the
audits they encounter.
The “Audit Handbook for EPA Managers” is designed to answer
these and other questions EPA managers may have concerning the
audit process. Additionally, each headquarters office and regional
office has a designated audit follow-up coordinator who serves as a
focal point for communication with the GAO and EPA’S Office of
Inspector General. As such, the audit follow-up coordinators are
responsible for overall audit management for their organizations.
You should determine who is vur audit follow-up coordinator and
use that person as a resource as you become Involved in audits of
your program.
Determine the extent to which you can answer each of the following
questions. If you do not know the answer, you should seek addition-
al gu1d nce from vur audit follow-up coordinator.
A-i

-------
V
Prior to the audit
I know the I need addi-
answer tional infer-
mation
Are the procedures and controls within my organization logical and docu-
mented?
— Are they being fbllowed?
Is my organization operating economically and efficiently?
— What can be done to improve our economy and efficiency?
Are procedures established to inform me of potential problems in my
programs?
— When were the areas of potential weaknesses last addressed?
What are the outst4nding policy issues in the programs and organizations,
and what additional information is required to properly respond to an audit?
— What actions have to be taken to resolve the policy issues, and
the timing of such resolution?
How does the agency notify managers of pending audits? Are the audit plans
communicated to the managers regularly, are they available?
— How much time will I have to brief my personnel or other or-
ganizations with which we work?
A-2

-------
V
I know the I need addi-
answer tional infor-
mation
Has my program been audited before?
— Where are the reports of previous audits maintained?
What are the results of previous audits?
— Ha the corrective actions been implemented properly?
Have audits been performed in other EPA organizations similar to mine?
— Could the findings, conclusions, and recommended actions also
apply to my program?
Who is the audit follow-up coordinator in my organization?
— What information might the audit follow-up coordinator have
that may apply to my program?
A-3

-------
After the audit is announced
I know the I need addi-
answer tional infor-
mation
Who is conducting the audit (OIG, GAO)?
— Do I understand the audit process?
When will the entrance conference be held?
— Who should attend the entrance conference?
Who should be in vhed with the audit—collecting and providing information
and maintaining a copy of all documents provided to the auditors?
— Who should be the contact point in my program area to work
with the auditors, to manage logistics, and to set up interviews?
At the entrance conference
What type of audit will it be (Survey, Pilot Audit, Follow-on Audit)?
— What prompted this audit?
Is this a region-specific audit?
— Will there be a region-specific draft report?
A-4

-------
V
I know the I need addi-
answer tional infor-
mation
What are the audit scope and objectives?
— What umque preparation is required for the audit?
Who is the auditor-in-charge?
— Who will be working on the audit?
Will the auditors want to interview personnel in state or local agencies or
other EPA organizations?
— Who will be involved at the state or local level and who will make
the arrangements? Will an exit conference be conducted at the
state or local agency before the draft report is issued?
Will the auditors provide position papers before the draft report is
published?
— If not, how can information on potential findings be provided to
me so I can start corrective actions at the earliest possible date?
Will I be provided with flash reports?
— How do I cominumcate significant and sensitive audit findings to
upper management?
To what extent are the auditors familiar with the area they are auditing?
— What information could prove helpful to the auditors to prepare
them for their assignment?
A-5

-------
Appendix B

-------
Audit Engagement Checklist
U This “Audit Engagement Checklist” was dewloped byan EPA regional of-
fice to identify the inthrmation that should be obtained from the auditors
before the audit is started. You can use this as it is presented or modify it
to help vu gather the infbrmation that will help vu better manage the
audit process.
1. Notification
Date: _____________
Name/Organization: _________________________________________
Telephone Number: __________________________________________
Who is conducting the audit:
OIG Office: ____________________________
GAO Office: __________________________
Other Identify _________________________________________
2. Description of the audit
Title: _________________________________________________________
Audit scope and objectives:
B-i

-------
Audit period: _________________________________________________
Financial and Compliance: — Sur y:
Economy and Efficiency: — Pilot:
Program Results: Follow-on:
Previous audits: ________________________________________________
Audit report number: _________________________________________
3. Audit management group
Audit Focal Point: ________________________________________
Area Contact Point: ____________________________________________
Others: _____________________________________________________________
4. Entrance conference
Date: ___________________
Time: ______________
Location: ________________________________________________
B-2

-------
5. Logistics
Field work (start/stop): _______________________________________
Number of auditors on site: ____________________________________
Space: ___________________________________________________________
Phone: ___________________________________________________
File storage: _______________________________________________________
Other: ___________________________________________________________
6. Briefings (status reports)
Weekly: ______________________________________________
Bi-weekly: ________________________________
As requested: ____________________________________________
7. Reporting procedures
Preliminary findings: — ______________________________________
Draft report: — _______________________________________
Final report: __________________________________________
8. Information requested prior to the entrance conference
B-3

-------
Appendix C

-------
Standards for Audit
Introduction
Types of audits
The “Standards for Audit of Governmental Or-
ganizations, Programs, Activities, and Functions” are
issued by the Comptroller General of the United
States. The standards are published in what is com-
monly referred to as the GAO “Yellow Book.” The
yellow Book was revised in 1988; therefore, this
ummary is based on the 1988 edition.
The standards are to be followed by all Federal
auditors and all non-Federal auditors who perform
audits of Federal organizations. The standards in-
clude those established by the Amencan Institute of
Certified Public Accountants (AICPA) for financial
audits and establish additional guidance for non-
financial audits.
• In your position as an EPA managa you should
be aware of the audit standards, in order to help you
understand how auditors perform their work, what
they look for during an audi4 and how audit informa-
non will be conveyed to you and the public.
In rare ciltumstances,.an understanding of the
audit standards may also help you idenuES ’ situations
in which an auditor may be acting in a manner that
does not meet the standards. If such a situation oc-
curs, you should raise your concern with the auditor
and, if necessary, discuss the issue with the auditor-
in-charge and your audit follow-up coordinator.
Government and nongovernnient auditors conduct
audits of government organizations, programs, ac-
tivities, functions, and funds. This description is not
intended to limit or require the types of audits that
may be conducted but give an understanding of the
types of audits that may be conducted. In conducting
these types of audits, the Yellow Book sets ap-
plicable standards that auditors should follow.
All audits begin with objectives and those objec-
tives determine the type of audit to be conducted and
the audit standards to be followed. The types of
government audits are classified as financial audits or
performance audits. The Yellow Book lists detailed
descriptions of the two types of audits:
Financial audits - include financial statement
and financial related audits.
1. Financial statement audits determine (a)
whether the financial statements of an audited
entity present f irly the financial position,
results of operations, and cash flows or chan-
ges in financial position in accordance with
generally accepted accounting principles, and
(b) whether the entity has complied with laws
and regulations for those transactions and
events that may have a matenal effect on the
financial statements.
c-i

-------
Objectives of Financial Audits Objectives of Performance Audits
Economy and Efficiency
Determine whether the entity
I Is following sound procurement practices.
2 Is acquiring the eppropnate type, quality, and amount of
resources when needed at the lowest coa
3 Is property protecting and maintaining its resources
4 Is avoiding duplication of effort by employees and
work that serves little or no purpose
5 Ia avoiding idleness and overstaffing
6 Uses efficient operating procedures
_______________________________________________ 7 is using the minimum amount of resources in
_______________________________________________ producing or dehvenng the appropnate quantity
or quality of goods or services In a timely manner
8 Is complying with requirements of laws and regulations
that could significantly affect the acquelbon, protection.
and use of the entity’s resources
9 Has an adequate system for measuring and reporting
performance on economy and efficiency
2. Financial related audits include determining
(a) whether financial reports and related
items, such as elements, accounts, or funds
are fairly presented, (b) whether financial tn-
formation is presented in accordance with es-
tablished or stated crttena, and (c) whether
the enttty has adhered to specific financtal
compliance reqturements.
Performance audils include economy and ef-
ficiency and program audtts.
Financial Audits
Determine whether
1 The financial statements present faidy the financial
position and the results of Imanclat operations, and
cash flows or thangesin financial position
2 The sntitiy Is complying with laws and regulations for
those transactions and events that may have a materIal
effect on the financial statements
Financial Related Audits
May Include the loflowing
1 Segments of financial statements
2 Financial intonnation
3 Reports and schedules on financial matters
4 Contracts
5 Grants
$ Internal control systems and structure
7 Computer-based systems
8 Financial systems te g . payroll systems)
9 Fraud
Program Audits
DetermIne whether the entity
I Assess whether the objectives of a proposed, new, or
ongoing program are proper, suitable, or relevant
2 Determine the e ent to which a program achieves a
desired level of program results
3 Assess the effectrvenesa of the program and/or
mdMdual program components
4 identify tactom inhibiting salisfactoiy performance
5 Determine whether management has considered
alternatives for carrying out the program that might yield
desired results more effectively or at e lower cost
6 Detennrne whether the program complements duplicates,
overlaps or conflicts with other related programs
7 Identify ways to make the program work better
8 Assess compliance with laws and regulations
9 Assess the adequacy of manegement’s system for
msasunng and reporting effectiveness
C-2

-------
1. Economy and efficiency audits include deter-
mining (a) whether the entity is acquiring,
protecting, and using its resources (such as
personnel, property,m and space) economical-
ly and efficiently, (b) the causes of inefficien-
cies or uneconomical practices, and (c)
whether the entity has complied with laws
and regulations concerning matters of
economy and efficiency.
2. Program audits include determining (1) the ex-
tent to which the desired results or benefits es-
tablished by the legislature or other
authonzing body are being achieved, (2) the
effectiveness of organizations, programs, ac-
tivities, or functions, and (3) whether the en-
tity has complied with laws and regulations
applicable to the program.
Goals of the audit
• In most instances, the audit is being conducted be-
cause the auditors (or Con8ress, or EPA senior offi-
ciaL ) either suspect that some weaknesses may exist
within your organization or they are simply auditing
selected areas to ensure that there are no weaknesses
or problems.
Weaknesses could, for instance, stem from Incon-
sistent policy guidance, inadequate internal control
systems, or, in rare situations, inefficient or
fraudulent behavior by Agency employees, grant
recipients, or contractors. The audit is intended as a
tool to help you, the EPA manager, understand where
such weaki1esses may exist and help you resolve
them.
Depending upon the elements covered in the audit
(financial and compliance, economy and efficiency,
or program results), several different objectives may
exist. Some of these general objectives are listed in
the Yellow Book.
Knowing that auditors may examine most any
aspect of operations, finances, or management within
your organization can help you understand the power
of the audit. However, this knowledge does not
provide you with a clear picture of the types of infor-
mation for which the auditors wilt be searching.
If you know the scope of the audit that you will be
facing, you should be able to identify the general ob-
jectives of the audit. With an understanding of these
objectives, you can begin to assess your organization
and try to identify where weaknesses may exist. If
you can identify weaknesses, you should begin to for-
mulate plans to address those weaknesses and, where
possible, begin to take corrective actions, as soon as
feasible.
C-3

-------
Standards for audit
Test of Compliance Wkh Applicable
Laws and Regulations
The Yellow Book lists a number of standards for
audit that must be followed by all Federal auditors
and any auditors who perform audits of Federal or-
ganizalions. Some of these standards cover internal
audit management issues that should be of little con-
cern for you since you will not be directly af [ cted
by them. However, other standards serve to guide
the way auditors interact with you during the audit
and to outline the format in which audit findings and
recommendations are presented to you.
• You should be aware of key standards that are dLi-
cussed here and understand the ways in which the
audit in which you are involved meets these stand-
ards. The purpose of this is to ensure that the audit
will be beneficial to you and your organization.
The audit will be mcnt beneficial if it is conducted
according to the audit standards: the audit should
describe the fads accurately, identify both strengths
and weaknesses in your organization, present clearly
the supporting evidence and arguments for findings
and recommendatiom and allow you an opportunity
to review and comment on the audit report.
The following is a general list of audit standards
that all audi lots should follow:
• The organization should be examined to determine
whether it complies with la and regulations.
Whenever a problem or issue is discussed during an
audit or within an audit report, the auditors should
cite the applicable laws and regulations—and any
other criteria—they are using for their evaluation.
The Yellow Book lists the potential sources of
legal and regulatory requirements that auditors may
use. These sources include laws, legislation, ad-
niinistrative orders, and contracts.
a In financial audits and performance audits, she
auditors should provide “sufficien4 competen4 and
relevant” evidence to support their judgmen t s and
conclusions.
The Yellow Book provides definitions of what
constitutes ‘ sufflcient, com tent, and relevant”
evidence. If your judgment of the evidence differs
from the auditors’ you should raise your concern
with the auditors as early as possible in the audit
process.
Legal and Regulatory Requirements
1. Ident Ify the patlinant laws and regulations WhiCh
could have a direct and mateiial atteci on the financial
tements or the results of a financial related audit
2. Assess the naiw that material noncompliance could occijr
3. DesIgn steps and procedures to test comptance
with laws and regulations topro Me reasonable
assurance ci deteding noncompliance
C-4

-------
Standards for Reporting
Audit Information
• The standards for reporting audit information are
specific and clear’y presented in the Yellow Book.
When you receive an audit report, you should ob-
serve no: only what is said but also how it is said.
According to the Yellow Book, all reports shouki
1 Present factual data accurately and fairly
2 Present findings and conclusions in a convmculg manner
3 Be objective
4 BewnttentnlanguageasdearampIeea
subject matter permits
5 Be con se but, at the same time, dear enough to
be understood by users
8 Present factual data completely to fully unions the users
7 Place pnmaly emphasm on improvement rather than on
cntjasm of the past
Definitions of reporting standards are provided by
the Yellow Book and descnbed in the paragraphs
that follow.
• “Accuracy” is stressed as an important charac-
t&ristic of the audit report. To be considered ac-
curate, the audit report should include “objective
evidence” to support any findings and conclusions
presented by the auditors.
I To be “convincing, “findings should be supported
by sufficient information and “conclusions and
recommendations must follow logkally from the
facts presented.”
• Written audit reports should be provided by the
audit organization.
With economy and efficiency audits and program
results audits, audit reports are also to be issued in a
timely manner. Speci c items that should be in-
cluded in economy and efficiency audits and
program results audits are listed in the Yellow Book.
• The audit report should be “objective.” As
described in the Yellow Book, this means: “The audit
report should be fair and not misleading and should
place primary emphasis on matters needing atten-
tion.”
• The tone of the audit report should be of concern
to both you and the auditors. The auditors should
write the audit report in a tone that will lead the
reader to respond positively to the conclusions and
recommendations. If you have concerns about the
tone and balance used by the auditors you should
raise your concerns as early as possible in the audit
process.
c-s

-------
Appendix D

-------
Definitions of Tenns
U
• The definitions presented in this section were com-
piled from the following sources: Govaizmen:Audit-
ing Siandardr (the GAO Yellow Book); EPA O do
2750; 010 representatives; and the OIG Manual.
Adequate response — A response that addresses
each finding or recommendation in an audit report
and sets forth all appropriate corrective actions. An
adequate response includes references to supporting
documentation, legal basis, or precedent where a
final decision differs from the auditors’s findings and
recommendations.
Audit — An assignment that is conducted in ac-
cordance with GAO standards, or parts thereof. In
addition, for EPA Order 2750 purposes, an audit in-
cludes all special assignments or their resulting spe-
cial reports.
Audit finding — A written explanation of an area
audited, arriving at a conclusion(s) on the basis of the
sum of available information gathered together.
Fully developed findings include a discussion of Con-
dition, Criteria, Cause, Effect, and Recommendation.
Audit follow-up — For 010 audits, the activity
that occurs between the issuance of an audit report
and the closing of the report in ATCS.
Audit report — A written report that states the
scope of the audit and includes all pertinent findings.
Audit resolution — For OIG audits, the point
when the OIG closes the audit report in ATCS.
Audit Tracking and Control System (ATCS) —
The OIG’s management information system, which
is being replaced by the Pnme Audit Tracking Sys-
tem (PATS).
Auditing computer-based systems — Generally,
audit work coveis reviewing the adequacy of manage-
ment policies — examining approvals, documenta-
tion, test results, cost studies, and other data to see
whether management policies are followed and legal
requirements met — and determining whether the
systems/applications have the necessaiy controls and
audit trails.
Compliance — A determination of whether (1)
there is compliance with laws and regulations that
could materially affect the entity’s financial position
and statements, (2) there is compliance with laws and
regulations that could significantly affect the acquisi-
non, management, and utilization of the entity’s
resources, and (3) programs are being carried out in
conformity with laws and regulations.
Comprehensive grant audit — An audit of an in-
dividual grant made in accordance with an individual
Federal grant audit guide.
Disallowed Cost — A questioned cost that
management, in a management decision, has sus-
tained or agreed should not be charged to the
Government.
D-1

-------
U
External audits — External audils are mdc-
dependent reviews of the records and performance
of individual assistance recipients and contractors.
External audits generally follow the GAO financial
and compliance standards, however, if the scope
of work is sufficiently limited, a special report—
not an audit report—may be issued. The following
are examples of external audits:
Pre-award audits — A review and
evaluation conducted to determine whether
prospective cost or pricing data submitted
were current, accurate, and complete. The
review may include an assessment of the
assistance recipient’s or contractor’s
accounting, procurement, and property
management systems
Interim and final cost audits — A review
and evaluation conducted to assess, at a
minimum, the allowability of costs claimed
or reported under the assistance agreement
or contract and to ensure compliance with
applicable statutes, regulations, and terms
and conditions of the award. These audits
may include a review of incurred direct
costs and the assistance recipient’s or
contractor’s policies, procedures, and
practices that influence and control grant
contract costs.
Indirect cost audits — A review and
evaluation conducted to determine whether
an assistance recipient’s or contractor’s
prospective or incurred indirect cost rate
properly allocates costs allowable under
Federal cost principles.
Single audit — An audit performed in
accordance with the Single Audit Act
(Public Law 98-502) and 0MB Circular
A-128.
Final Action — (a) The completion of all actions
that management has concluded, in its management
decision, are necessary with respect to the findings
and recommendations included in an audit report,
and (b) in the event that management concludes
no action is necessary, final action occurs when a
management decision has been made.
Final determination — The Action Official or
Contracting Officer’s statement to the auditee
detailing the final decision on the audit findings
and recommendations.
Findings/results — The result of information
development; a logical pulling together of
information arid arriving at conclusions on the
basis of the sum of the information about an
organiiation, program, activity, function, condition,
or other matter which was analyzed or evaluated
and considered to be of interest, concern, or use to
the entity. It need not be critical or concerned
only with deficiencies or weaknesses. Purely
informational Findings need not include
conclusions. A finding could be the basis for
recommendations for action by the entity, but a
recommendation is not part of a finding.
Flash report — Early notification by the OIG
and EPA top management of significant problems
found during the course of an internal or external
audit so that top management has maximum
opportunity to address the problems.
Grantee — A recipient of grant funds.
incomplete response — “Incomplete” implies the
absence of necessary information in the response
or the response contains errors.
D-2

-------
U
Internal (Internal and Management — I&M)
audit — An independent review of Agency
programs and operations conducted by the OIG
generally in accordance with at least one of the
three elements (financial and compliance,
economy and efficiency, or program results) of the
GAO standards. The audit is designed to deter-
mine whether: (a) desired results and objectives
are being achieved effectively, (b) resources are
managed and used economically and efficiently, (c)
operating procedures are effective and being car-
ried out, (d) applicable laws and regulations have
been complied with, (e) financial operations are
conducted properly, and ( [ ) financial reports are
presented fairly.
Management decision —The evaluation by
nanagement of the findings and recommendations
included in an audit report and the issuance of a
final decision by management concerning its
response to such findings and recommendations,
including actions concluded to be necessary.
Materiality — The concept which refers to the
significance of an item of information which could
appear, does appear, or does not appear in a finan-
cial statement.
Minor (immaterial) audit finding — An audit
finding in olving a relatively small amount of
money or the benefits to management seem e eed-
mgly small compared to the time and effort which
would be needed to develop all elements of the
finding in detail. Such a finding may or may not re-
quire OIG and/or action official follow-up.
Pilot audit — An initial internal audit con-
ducted in a limited area usually following a survey.
This audit would provide the basis for a decision to
conduct similar audit work in additional areas.
Position paper — A statement of fact repre-
senting an OIG area of concern which is circulated
prior to a draft report to allow reviewee input
before publication of a draft report.
Questioned costs — A cost that is questioned
by the OIG because of: (a) an alleged violation of a
provision of a law, regulation, contract, grant,
cooperative agreement or other agreement or
document governing the expenditure of funds; (b)
a finding that, at the time of the audit, the cost is
not supported by adequate documentation; or (c) a
finding that the expenditure of funds for the in-
tended purpose is unnecessary or unreasonable.
Recommendation that funds be put to better
use — A recommendation by the OIG that funds
could be used more efficiently if management took
actions to implement and complete the recommen-
dations, including:
a. reductions in outlays,
b. deobligation of funds from programs or
operations,
c. withdrawal of interest subsidy costs on loans
or loan guarantees,
d. costs not incurred by implementing recom-
mended improvements related to the opera-
tions of the establishment, a contractor or
grantee,
e. a’ oidance of unnecessary expenditures
noted in preaward reviews of contract or
grant agreements, or
L any other savings which are specifically iden-
tified.
D-3

-------
Reinstated costs — Costs questioned or set aside
by the auditor and sustained by the Action Official or
Contracting Officer but were subsequently deter-
mined acceptable or waived after an assistance
project review decision, contract appeal decision, or
compromise of debt.
Set aside costs — A proposed or claimed amount
which the auditor has not questioned but which the
auditor cannot accept without additional information
or evaluations and approvals by responsible Agency
program officials.
Special reports — Any assignment, other than
an audit conducted in accordance with audit stand-
ards, that seeks to promote economy and efficiency
or prevent or detect fraud and abuse results in a spe-
cial report. The following are examples of special
reports:
Allegation review — Review of allegations
received through the hotline, correspondence,
personal visits, etc., concerning an activity or
audiiable function.
Desk review/agreed upon procedures review
— A review performed by the 010 with
limited analysis of a claim (in contrast to an
audit).
Early warning system review — The analysis
of information for projects with potential
problems at an early stage to limit the potential
severity of the problem.
Special review — A review that responds to
the OIG need for a quick turn-around analyses
of significant issues facing the Agency. Spe-
cial reviews are meant to be quick studies
rather than detailed audits. Reports are general-
ly provided to senior executives and identify is-
sues and obtain corrective action in less time
arid with fewer resources than an audit would
take.
Special Reports are conducted under the
authority of sections 4(aX3), 6(a)(2), and 7(a)
of the 10 Act. For purposes of follow-up, desk
reviews and early warning system reviews are
handled as if they were assistance project-type
external audits under EPA Order 2750. Allega-
tion reviews and special reviews may either be
handled as assistance project-type external
audits oras internal audits under EPA Order
2150.
Sustained costs — Proposed or incurred costs
that were questioned or set aside by the auditor and
that the Action Official or contracting officer disal-
lowed in the final determination. These sustained
costs represent the governments “cost benefits”
achieved either through costs avoided or peyments to
be recovered through collection or offiset.
Unsupported cost —A cost that is questioned by
the OIG because the 010 found that, at the time of
the audit, the cost was not supported by adequate
documentation.
D-4

-------
Appendix E

-------
Resource Management Division
March 6, 1989
Executive Summary
REQUIREMENTS OF
INSPECTOR GENERAL ACT AMENDMENTS OF 1988
P.L. 100-504, October 18, 1988
o Amendments to the Inspector General Act were enacted last October.
o The amendments affect all Federal agencies by mandaung new semiannual reporung requirements for
agency management as well as the 16.
o Starting in October, 1989, we will be tracking management’s response to audits and reporting the
results to the Congress semiannually. The report covering the first six-month period will be made in
May, 1990.
o The reports must include
- A table showing the dollar value of disallowed costs;
• A table showing the value of recommendations that funds be put to better use, agreed to
in a management decision; and
- Explanations of why any final actions are not complete a year after a management
decision was made.
A detailed executive summary of the reporting requirements and new definitions of terms begins on she
next page
o We are working to develop the simplest possible system for meeting the requirements of the
amendments. We will work with ARAs and SBOs in developing the system, and will provide
policies, guidance and training material for implementing it.
E-1

-------
Resource Management Division
March 6, 1989
Executive Summary
ANALYSIS OF REPORTING REQUIREMENTS
Inspector General Act Amendments of 1988
P.L. 100-504, October 18, 1988
MANAGEMENT’S SEMIANNUAL REPORTING REQUIREMENTS
ADDITIONAL REQUIREMENTS PREVIOUS REQUIREMENTS
1. Any comments (on the Inspector Generals report) 1 Any comments (on the Inspector General’s report)
determined appropriate deemed appropnate
2 A table showing number of audit reports, and dollar
value of disallowed costs, for audit reports--•
o Where final action was not taken by the
start of the reporting penod,
o Where management decisions were made
during the reporting penod,
o Where final action was taken during the
reporting penod, including---
- Dollar value of disallowed costs
recovered by management;
- Dollar value of disallowed costs
written off by management,
and
o Where no final action has been taken by
the end of the reporlrng penod.
3 A table showing number of audit reports and dollar
value of recommendations that funds be put to
better use, agreed to in a management
decision, for audit reports---
o Where final action was not taken by the
start of the reporting penod,
o Where management decisions were made
during the reporting penod;

-------
o Where final action was taken during the
reporting penod, including---
- Dollar value of recommendations
that were completed,
- Dollar value of recommendations
that management subse-
quenfly concluded should
not or could not be
Implemented or completed,
and
o Where no final action has been taken by
the end of the reporting penod
4 Statement on audit reports where management
decisions were made but final action not
taken,
other than audit reports where a
management decision was made
within the preceding year,
containing---
- List of such reports and the dates issued,
- Dollar value of disallowed costs for each
report,
- Dollar value of recommendations that funds
be put to better use agreed to by
management for each report, and
• Explanation of why final action was not
taken with respect to each such
report, except---
where formal administrative
or judicial appeal is under
way or where management
has agreed to pursue a
legislative solution,
but shall identify the number in each
category excluded
THE IC ’S SEMIANNUAL REPORTING REQUIREMENTS
ADDITIONAL REQUIREMENTS PREVIOUS REQUIREMENTS
A listing, subdivided by subject matter, of each audit 1 Descnption of significant problems, abuses, and
report issued during the reporting period and deficiencies disclosed by the activities of the
for each audit report, where applicable, the--- OIG dunng the reporting penod
E-3

-------
o Total dollar value of questioned costs---
including a separate category for the
dollar value of unsupported costs
and
o Dollar value of recommendations that funds
be put to better use
o Where no management decision was
made by the start of the reporting
penod,
o Which were issued during the period,
o Where a management decision was made
dunng the period, including---
• Dollar value of disallowed costs,
and
- Dollar value of costs
disallowed, and
Dollar value of
not agreed
management, and
2 Summary ot each particularly significant report
3 Tables showing number of audit reports and total
dollar value of quesUoned costs---
including a separate category for the
value of unsupported costs,
for audit reports---
2 Recommendations for corrective action made by the
OIG during the penod with respect to item
identified pursuant to paragraph 1
3 Identification of each significant recommendation in
previous semiannual reports where corrective
action has not been completed
4 Summary of actions referred to prosecutive
authorities and the prosecutions and con-
victions which have resulted
5 Summary of each report made to the agency head
dunng the reporting period about information
or assistance requested from the agency or
any Federal, State or local governmental
agency, that is unreasonably refused or not
provided
not
o Where no management decision has been
made by the end of the penod
4 Tables showing number of audit reports and the
dollar value of recommendations that funds be
put to better use, for audit reports---
o Where no management decision was
made by the start of the reporting
penod,
o Which were issued during the period,
o Where a management decision was made
dunng the period, including---
Dollar value of recommendations
agreed to by management,
and
to by

-------
o Where no management decision has been
made by the end of the penod
5 Summary of each audit report issued before the start
of the penod where---
no management decision was made
by the end of the penod---
o Including the---
date and title
of each such report,
o An explanation of the reasons that such
management decision has not been
made, and
o A statement about the desired timetable
for getflng a management decision on
each such report
6 A description and explanaflon of the reasons for any
revised management decision made dunng the
penod
7 Informabon on any significant management decision
with which the Inspector General is in
disagreement
TERMS DEFINED IN THE IG ACT AMENDMENTS
NEW DEFiNITiONS
Questioned cost A cost queshoned by the OIG
because of---
o An alleged vioiation of law, regulation,
contract, grant, agreement or
document governing the expenditure
of funds,
o A finding that such cost is not supported by
adequate documentation;
o A hnding that the expenditure for the
intended purpose is unnecessary or
unreasonabie.
E-5

-------
2 Unsupported cost A cost questioned by the OIG
because it is not supported by adequate
justtf lcatlon
3 Disal)owed cost A questioned cost that
management, in a management decision, has
sustained or agreed should not be charged to
the Government
4 Recommendation that funds be -put to bette, use A
recommendation by the OIG that funds could
be used more efficienfly it management
implemented and completed the
recommendation by---
o Reductions in outlays,
o Deobllgatlon of funds,
o Withdrawal of Interest subsidy costs on
loans, guarantees, insurance, or
bonds,
o Cosis not incurred by implementing
recommendations (elated to the
operation, of the agency, contractor
or grantee,
o Avoidance of unnecessary expenditures
noted in preaward reviews of
contract or grant agreements, or
o Any other savings specifically identified
5 Management decision The evaluation by
management of the findings and
recommendations in an audit report arid the
issuance of a final decision by management
on its response, including actions concluded to
be necessary
6 Final action
o Completion of all actions that management
concluded, in its management
decision, are necessary, and
o In the event that management concludes
no action is necessary, final action
occurs when a management
decision has been made
E-u
U S Co ’ rnr , ri Printing O(fice 1959 - 617’O93 104587

-------