oversight

Audit Followup Process for External Audits in the Office of the Chief Financial Officer.

Published by the Department of Education, Office of Inspector General on 2004-09-23.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                          UNITED STATES DEPARTMENT OF EDUCATION

                                          OFFICE OF INSPECTOR GENERAL



                                                 September 23, 2004

                                                                                       CONTROL NUMBERS
                                                                                         ED-OIG/A19-E0003
                                                                                         ED-OIG/A19-E0005

Jack Martin
Chief Financial Officer
Office of the Chief Financial Officer
U.S. Department of Education
400 Maryland Avenue, SW, Room 4E313
Washington, DC 20202

Dear Mr. Martin:

This Final Audit Report (Control Numbers ED-OIG/A19-E0003 and ED-OIG/A19-E0005)
presents the results of our audits of the audit followup process for external audits of discretionary
grant audits resolved by the Post Audit Group (PAG) in the Office of the Chief Financial Officer
(OCFO), and for external audits of contracts resolved by the Contracts and Purchasing
Operations (CPO) group in OCFO.1 These audits were part of a review of the audit followup
process for Office of Inspector General (OIG) external audits being performed in several
principal offices. Since audit resolution and followup activities by both PAG and CPO staff
come under the responsibility of OCFO, we have combined the results into one audit report. As
the Department of Education’s audit followup official, you will also receive a summary report
upon completion of the audits in the individual principal offices.

                                            BACKGROUND

Office of Management and Budget (OMB) Circular A-50, entitled “Audit Followup,” provides
the requirements for establishing systems to assure prompt and proper resolution and
implementation of audit recommendations. The Circular states:

        Audit followup is an integral part of good management, and is a shared
        responsibility of agency management officials and auditors. Corrective action
        taken by management on resolved findings and recommendations is essential to
        improving the effectiveness and efficiency of Government operations. Each
        agency shall establish systems to assure the prompt and proper resolution and
        implementation of audit recommendations. These systems shall provide for a

1
  Effective August 11, 2004, CPO was renamed Contracts and Acquisitions Management (CAM). This report uses
the former name to be consistent with references to CPO made in the Department’s response.


                                400 MARYLAND AVE., S.W. WASHINGTON, D.C. 20202-1510

                 Our mission is to ensure equal access to education and to promote educational excellence
   Mr. Martin                                                                         Page 2 of 10



       complete record of action taken on both monetary and non- monetary findings and
       recommendations.

The Department has established a Post Audit User Guide to provide policy and procedures for
the audit resolution and followup process. This guide provides that, “[E]ach Assistant Secretary
(or equivalent office head) with cooperative audit resolution or related responsibilities must
ensure that the overall cooperative audit resolution process operates efficiently and consistently.”
As an Action Official (AO), the Chief Financial Officer’s responsibilities include:

   •   Determining the action to be taken and the financial adjustments to be made in resolving
       findings in audit reports concerning respective program areas of responsibility,
   •   Monitoring auditee actions in order to ensure implementation of recommendations
       sustained in program determinations, and
   •   Maintaining formal, documented systems of cooperative audit resolution and followup.


                                      AUDIT RESULTS

We found that improvements were needed in OCFO’s audit followup process. Our audit
revealed that PAG and CPO staff did not always follow up to obtain assurance that corrective
actions were completed. This occurred because coordination on followup activities needed to be
improved between PAG staff resolving audits and program staff responsible for grant oversight,
and because CPO staff did not obtain documentation from a contractor to support
implementation of corrective actions. As a result, the Department does not have assurance that
corrective actions have been implemented.

We also noted that corrective actions were still in process for three audits that were reported as
“closed” in the audit resolution system. This issue is addressed in the OTHER MATTERS
section of this report.

OCFO responded to our draft report and concurred with recommendation 1.1 and with the intent
of recommendation 1.2. OCFO did not agree with the suggestions presented in the OTHER
MATTERS section of the report. The full text of the OCFO response is included as Attachment
2 to this audit report.


Finding 1       Corrective Action Followup and Documentation Needs
                Improvement

Audit resolution staff did not adequately follow up to ensure corrective actions were
implemented. We found that PAG or program office staff did not obtain evidence that supported
implementation of corrective actions for 3 of the 48 recommendations (6 percent) in
discretionary grant audits reviewed. We also found that CPO staff did not follow up on 1 of 13
recommendations (8 percent) in contract audits reviewed.


                              ED-OIG/A19-E0003 and ED-OIG/A19-E0005
    Mr. Martin                                                                                 Page 3 of 10




Audit Followup Requirements

OMB Circular A-50, “Audit Followup,” Section 5, states:

        Audit followup is an integral part of good management, and is a shared responsibility of
        agency management officials and auditors. Corrective action taken by management on
        resolved findings and recommendations is essential to improving the effectiveness and
        efficiency of Government operations. Each agency shall establish systems to assure the
        prompt resolution and implementation of audit recommendations. These systems shall
        provide for a complete record of action taken on both monetary and non- monetary
        findings and recommendations.

The Department’s Post Audit User Guide (Draft Version as of January 2, 2001, in effect during
our audit scope) 2 , Section III, Chapter 5, Part B, states:

        Primary responsibility for following up on nonmonetary determinations rests with
        AOs, who must have systems in place to ensure that recommended corrective
        actions are implemented by auditees. The OCFO has responsibility for verifying
        that AOs have systems in place to followup on corrective actions and ensuring
        overall effectiveness of ED’s [Department of Education’s] audit resolution
        followup system.

Part B of the guide further states, “Accurate records must be kept of all audit followup activities
including all correspondence, documentation and analysis of documentation.”

Subsequent to the resolution of the audits we reviewed, the Department established additional
guidelines that expand upon the documentation requirements for audit resolution files. The
Department’s “Guidelines for Establishing File Folders and Maintaining Documentation For
External Audits,” were effective as of September 1, 2002, and state that audit resolution files
should contain “...All documentation pertaining to audit follow-up activities, e.g., documentation
from the auditee substantiating the corrective action taken….” The guidelines are provided as
Attachment 1 to this report.


PAG and Program Offices Need to Coordinate Followup Activities

We found that PAG or program offices did not completely follow up on corrective actions for the
following recommendations:




2
 The Post Audit User Guide was revised and updated as of March 31, 2003. The statements quoted are also in the
current version of the guide.

                                 ED-OIG/A19-E0003 and ED-OIG/A19-E0005
   Mr. Martin                                                                      Page 4 of 10




Audit Control Number (ACN) A05-90045: “Audit of the Student Support Services Proje ct
Administered by Marian College, Fond Du Lac, Wisconsin,” issued March 27, 2000

   1.1      Instruct Marian to refund $39,531 (9 percent) of the salaries and fringe
            benefits charged to the grant during the period September 1, 1994, through
            August 31, 1999,

   2.1      Instruct Marian to refund $34,142, and

   3.1      Instruct Marian to refund $4,286.

These recommendations represented a total monetary recovery of $77,959. The Program
Determination Letter (PDL) stated that PAG determined through correspondence with Marian
that the program office had resolved the audit issues. In relation to these recommendations, the
PDL requested that the institution refund the amount to the project from institutional funds. It
indicated that the Grant Award for Project Year 2000-2001 would be reduced by $77,959 and the
College would use institutional funds in the amount of $77,959 to support the program on its
campus for the 2000-2001 academic year. We reviewed grant documentation and verified that
the school’s funding for the budget period had been reduced by $77,959.

The PDL stated that Marian would establish a budget account with institutional funds in the
amount of $77,959, effective June 2000, to support the program. However, we found no
documentation in PAG files, or in files maintained by the program office – the Office of
Postsecondary Education (OPE) – that showed Department staff verified that Marian used
institutional funds to maintain the project budget.

PAG stated that since program staff are responsible for monitoring the grants, communication is
critical between PAG and the program office on audit issues. In a later discussion regarding the
results of our review, PAG staff stated that it was their understanding that once the PDL was
issued, the program office, through its monitoring role, would have followed up by reviewing
subsequent project status reports from the school or contacting them in some manner.

OPE officials stated that they were aware that the institution’s award had been reduced, but
added they had not obtained documentation from the College that showed how Marian
contributed or expended the funds to maintain the originally proposed level of service. PAG and
OPE did not effectively coordinate followup activities to ensure the College had taken corrective
action.


CPO Staff Need to Pursue Followup Activities

We also found that CPO staff did not completely follow up on corrective actions for the
following recommendation:


                             ED-OIG/A19-E0003 and ED-OIG/A19-E0005
   Mr. Martin                                                                        Page 5 of 10



Audit Control Number (ACN) A02-80002, “Recipient Financial Management System
[RFMS] Contract, Computer Data Systems, Incorporated [CDSI], Rockville, Maryland,”
issued September 22, 2000

       2.    The Contracting Officer for the RFMS contract should ensure that CDSI
             adheres to the terms of the contract requiring that managers and supervisors
             be assigned to the contract full time and not be assigned any other duties.

In a letter to the contractor, the Contracting Officer reminded the contractor to adhere to this
requirement for all managers and supervisors. However, contract files did not include any
documentation to support that CPO staff had followed up to ensure this corrective action was
implemented.

CPO staff stated that the only way CPO could have followed up on the contract audit
recommendation would have been to conduct another audit. However, CPO could have obtained
copies of timesheets or other documentation from the contractor to verify that managers and
supervisors were assigned to the contract full time.


Without complete followup on corrective actions, the Department does not have assurance that
the identified deficiencies are corrected.


Recommendations

We recommend that the Chief Financial Officer ensure that:

       1.1      The responsibility for followup on discretionary grant audits is clarified and
                coordinated between PAG and the program offices.
       1.2      For all future audits, followup is appropriately pursued and adequate
                documentation is maintained to support the completion of all corrective actions, in
                accordance with OMB requirements and the Departme nt’s external audit
                documentation and file guidelines.


OCFO Response: OCFO concurred with Recommendation 1.1, and concurred with the intent of
Recommendation 1.2. However, OCFO stated it did not concur with the part of the finding
regarding the need for CPO to pursue followup activities. The response specifically stated,
“…OCFO believes that the actions taken at the time of the audit referenced in the audit finding
were appropriate.” OCFO added it was deferring to corrective actions that will be taken in
response to the Department-wide summary report that OIG will issue upon completion of the
audits in the individual principal offices.

OIG Response: We disagree with management’s assertion that actions taken in response to
ACN A02-80002 were appropriate. During our review of contract files we found no

                              ED-OIG/A19-E0003 and ED-OIG/A19-E0005
   Mr. Martin                                                                        Page 6 of 10



documentation to show CPO staff followed up on the letter to the contractor. The reminder
provided in the letter to the contractor does not provide assurance that the contractor complied
with the contract’s requirements, and does not meet the requirements in OMB Circular A-50 or
requirements in the Department’s Post Audit User Guide to ensure that corrective actions are
taken.


                                    OTHER MATTERS

Corrective Actions Are Still Underway for Three Audits Reported as Closed

At the time of our review, PAG was actively working to ensure corrective actions were
completed for an audit that had been reported as closed. In addition, recommendations for two
CPO audits were currently in litigation and corrective actions had not been completed. These
audits had also been reported as closed. Although the separate reporting of audits as resolved or
closed was limited under the Department’s prior tracking system, the current system does allow
audits to be separately reported as resolved or closed. Specifically, we found that corrective
action was still in process for the following three audits and eight recommendations:

   •   ACN A05-A0004 “Title VII System-Wide Improvement Grant Administered by
       Community School District 300, Carpentersville, Illinois,” Recommendations 1 and 2 –
       Collection of funds for these recommendations was scheduled to be completed in August
       2004. This audit was closed in the prior tracking system as of September 30, 2002.

   •   ACN A07-80018, “Audit of Title IV Wide Area Network Contract, National Computer
       Systems, Iowa City, IA,” Recommendations 2, 3, and 4 – The Department is currently in
       litigation with the contractor on these recommendations. This audit was closed in the
       prior tracking system as of September 30, 2001.

   •   ACN A07-90003, “Audit of the Central Processing System Contract,” Recommendations
       2, 3, and 4 – The Department is currently in litigation with the contractor on these
       recommendations. The audit was closed in the prior tracking system as of September 30,
       2001.

PAG staff are implementing enhancements to the Audit Accountability and Resolution Tracking
System (AARTS) that will allow a change in the status of an audit after it is closed. If corrective
actions for these audits are still ongoing once these enhancements are complete, we suggest that
OCFO reopen these audits in AARTS to correctly reflect the status as resolved, but not closed.
Until the enhancements are completed, OCFO should ensure that these audits are appropriately
reported as resolved, but with corrective action still in process, in Department management
reports and in the Semiannual Report to Congress.

OCFO Response: While a response to the OTHER MATTERS section is not required, OCFO
provided a response regarding two of the three audits discussed in this section. In its response
OCFO stated:


                             ED-OIG/A19-E0003 and ED-OIG/A19-E0005
   Mr. Martin                                                                        Page 7 of 10




       CPO does not agree with the draft report that states that the audits should have
       reflected “resolved” rather than “closed” in AARTS because of the ongoing
       litigation. The OIG concurred with CPO's requests for closure and justification
       based on its commitment to do follow-up. In addition, OIG often closes action
       items on audits that relate to future events when there is evidence and assurance
       that action is taking place or policy has been implemented.

OCFO also referred to a separate informal response provided regarding issues presented at the
exit conference for the Department-wide summary report. This informal response is noted as
addressing management views on audits in collection or under appeal, as well as issues
pertaining to the definitions of the terms “resolved” and “closed.”

OIG Response: We disagree with management’s position that audits subject to ongoing
litigation can be reported as “closed.” When requested corrective actions are disputed, the final
corrective actions that will be required cannot be determined until that dispute is settled. The
outcome of the appeal or dispute may result in different corrective actions being taken, or some
corrective actions no longer being required. A revised audit determination letter may be issued.
As such, the corrective actions required in the initial audit determination cannot be considered
completed until the dispute is resolved.

We also requested additional documentation to support OCFO’s last two statements above – (1)
OIG concurred with request for closure of these audits based on OCFO’s commitment to do
followup, and (2) OIG closes action items on audits that relate to future events when there is
evidence and assurance that action is taking place. There was no documentation supporting
these statements in the files reviewed. CPO staff could provide no additional documentation to
support these statements. Additionally, PAG staff responded to our inquiries about these
statements by stating that OIG is not involved in the closure of action items for external audits.

With regard to the response to the Department-wide exit conference point sheets noted by
OCFO, we did not consider it in finalizing this audit report, as it was not a formal response from
the Action Official. However, the issues presented in the OTHER MATTERS section of this
report will be included in the Department-wide summary report and applicable comments will be
addressed, accordingly, in that report.


                   OBJECTIVE, SCOPE, AND METHODOLOGY

The objective of our audit was to evaluate the effectiveness of the Department’s process to ensure
that external auditees implement corrective action. To accomplish our objective, we reviewed
applicable laws and regulations, and Department policies and procedures. We conducted
interviews with OCFO and program staff responsible for resolving and following up on
corrective actions for the audits selected. We also reviewed documentation provided by OCFO
and program staff to support the corrective actions taken for the recommendations included in our
review.

                             ED-OIG/A19-E0003 and ED-OIG/A19-E0005
   Mr. Martin                                                                      Page 8 of 10




The scope of our audit included OIG audits of discretionary grant audits resolved by PAG and
audits of CPO contracts issued during the period October 1, 1997, through September 30, 2002.
The audits in the scope were reported by the Department’s audit resolution system as having been
“closed” on or prior to September 30, 2002. A total of 15 audits, representing 70
recommendations, met these criteria.

To select the audits to review, we evaluated the status of the recommendations and the corrective
actions required by the Department. We judgmentally selected all audits with monetary
recommendations, resulting in the selection of 8 of the 10 OPE audits in our scope. The 8 OPE
audits contained a total of 46 recommendations. As there was only one Office of English
Language Acquisition audit in our scope, we selected it for review. The audit contained a total of
two recommendations.

There were a total of 4 audits, containing a total of 17 recommendations in our scope for CPO.
We selected the three audits with monetary recommendations. These audits contained a total of
13 recommendations.

The nine discretionary grant audits selected were as follows:

   •   ACN A05-A0004, “Title VII System-wide Improvement Grant Administered by
       Community School District 300, Carpentersville, Illinois,” issued December 6, 2000,

   •   ACN A07-80027, “Creighton University’s Administration of Its Federal TRIO Projects,”
       issued March 31, 2000,

   •   ACN A05-80005, “Central State University (CSU) Student Support Services Program,”
       issued April 10, 1998,

   •   ACN A05-90045, “Audit of the Student Support Services Project Administered by
       Marian College, Fond Du Lac, Wisconsin,” issued March 27, 2000,

   •   ACN A05-A0003, “Audit of the Student Support Services Project Administered by
       Mount Senario College, Ladysmith, Wisconsin,” issued September 28, 2000,

   •   ACN A07-A0006, “Audit of Independence Community College’s Administration of its
       Federal TRIO Projects,” issued October 15, 2001,

   •   ACN A05-A0022, “Audit of Selected Aspects of the Talent Search Grant (Project)
       Administered by South Suburban College, South Holland, Illinois,” issued January 22,
       2001,

   •   ACN A04-A0009, “Higher Education Act Title III Part A Grant at Mars Hill College,”
       issued September 29, 2000, and


                             ED-OIG/A19-E0003 and ED-OIG/A19-E0005
   Mr. Martin                                                                       Page 9 of 10



   •   ACN A03-A0019, “Audit of Lincoln University’s Administration of the Title III Grant,”
       issued July 27, 2001.

The three OCFO audits selected were as follows:

   •   ACN A02-80002, “Recipient Financial Management System Contract, Computer Data
       Systems, Incorporated, Rockville, Maryland,” issued September 22, 2000,

   •   ACN A07-80018, “Audit of Title IV Wide Area Network Contract, National Computer
       Systems, Iowa City, IA,” issued May 16, 1999, and

   •   ACN A07-90003, “Audit of the Central Processing System Contract,” issued May 15,
       2000.

We relied on computer-processed data initially obtained from the OIG’s Audit Tracking System
to identify OIG audits issued during the scope period. We reconciled this data to the
Department’s Common Audit Resolution System (CARS), and to audits reported in the
Semiannual Reports to Congress to ensure that we had captured all audits issued during the
period. We also reviewed copies of the audit reports to determine that the audits met the scope
period under review. We confirmed data in the audit reports to data in the Department’s AARTS,
which replaced CARS in July 2003. Based on these tests and assessments, we determined that
the computer-processed data was reliable for meeting our audit objective.

We conducted fieldwork at Department offices in Washington, DC, during the period November
2003 through April 2004. We held an exit conference with OCFO staff on April 28, 2004. Our
audit was performed in accordance with government auditing standards appropriate to the scope
of the review described above.


                 STATEMENT ON MANAGEMENT CONTROLS

As part of our review, we assessed the system of management controls, policies, procedures, and
practices applicable to the audit followup process for OIG external audits of discretionary grants
resolved by PAG and of CPO contracts. Our assessment was performed to review the level of
control risk and determine the nature, extent, and timing of our substantive tests to accomplish
the audit objective.

Because of inherent limitations, a study and evaluation made for the limited purpose described
above would not necessarily disclose all material weaknesses in the management controls.
However, our assessment disclosed management control weaknesses that adversely affected
OCFO’s ability to ensure corrective actions were taken by external entities in response to audits
of discretionary grant programs resolved by PAG and of CPO contracts. These weaknesses and
their effects are fully discussed in the AUDIT RESULTS section of this report.



                             ED-OIG/A19-E0003 and ED-OIG/A19-E0005
   Mr. Martin                                                                      Page 10 of 10



                            ADMINISTRATIVE MATTERS

Corrective actions proposed (resolution phase) and implemented (closure phase) by your office
will be monitored and tracked through the Department’s Audit Accountability and Resolution
Tracking System (AARTS). Department policy requires that you develop a final corrective
action plan (CAP) for our review in the automated system within 30 days of the issuance of this
report. The CAP should set forth the specific action items, and targeted completion dates,
necessary to implement final corrective actions on the finding and recommendations contained in
this final audit report.

In accordance with the Inspector General Act of 1978, as amended, the Office of Inspector
General is required to report to Congress twice a year on the audits that remain unresolved after
six months from the date of issuance.

Statements that managerial practices need improvements, as well as other conclusions and
recommendations in this report represent the opinions of the Office of the Inspector General.
Determinations of corrective action to be taken will be made by the appropriate Department of
Education officials.

In accordance with the Freedom of Information Act (5 U.S.C. § 522), reports issued by the Office
of Inspector General are available to members of the press and general public to the extent
information contained therein is not subject to exemptions in the Act.

We appreciate the cooperation provided to us during this review. Should you have any questions
concerning this report, please call Michele Weaver-Dugan at (202) 245-6941. Please refer to the
control numbers in all correspondence related to the report.


                                        Sincerely,



                                        Helen Lew /s/
                                        Assistant Inspector General for Audit Services




                             ED-OIG/A19-E0003 and ED-OIG/A19-E0005
                                                                                       Attachment 1
                                                                                         Page 1 of 1

       Guidelines for Establishing File Folders & Maintaining Documentation
                                 For External Audits
                           (Effective September 1, 2002)

The following procedures are set forth as guidelines for establishing file folders and
maintaining accurate and complete documentation on all actions taken to resolve findings of
external audits of ED programs.

   1. An official audit resolution file folder should be established for each audit report.

   2. Each file folder should contain, at a minimum, the following documents:

           •   The Federal Audit Clearinghouse’s audit cover sheet titled “Audit Description
               Data”
           •   Copy of the CARS generated “Summary of Findings Requiring Resolution”
           •   Copy of the audit report or pages of the audit report that provide relevant
               information to the resolution of the audit findings, including the findings, the
               auditee’s corrective action plan or response to the findings, the section on the
               status of prior year findings, and the ED portion of the Schedule of Expenditures
               of Federal Awards
           •   A listing of the triage decisions for each audit finding
           •   Documentation of all correspondence and communication with the auditee, the
               auditor, and other appropriate individuals, including corrective action plans and
               necessary work papers
           •   Copy of the PDL
           •   Copy of the Audit Clearance Document (ACD)
           •   All documentation pertaining to audit follow-up activities, e.g., documentation
               from the auditee substantiating the corrective action taken, results of any
               monitoring visits, relevant information from the next year’s audit that reports
               whether appropriate corrective action was taken on a prior year finding.
           •   Documented evaluations or conclusions of the PO [Principal Office] that support
               the adequacy of the corrective actions taken by the auditee, if not included in the
               PDL and/or occurring after the PDL is issued

   3. Each official file folder should also contain, as appropriate, the following documents:

           •   Documented evidence of technical assistance provided
           •   OGC [Office of General Counsel] and ED-OIG comments
           •   ED-OIG concurrence/non-concurrence of PDLs for all audits issued by ED-OIG
               or in which the audit has questioned costs of $500,000 or more
           •   In the event an Administrative Stay has been requested and approved, all
               documents pertaining to the request for an Administrative Stay, e.g., the request
               and approval memoranda
           •   In the event an auditee requests a grantback, all documentation pertaining to the
               grantback
Attachment 2