Comptroller letterhead

 

To:         Legislative Leadership, Judicial Branch Administrators, Elected Officials, Secretariats, Department Heads, Chief Fiscal Officers and Single Audit Liaisons

From:     Thomas G. Shack III, Comptroller

Date:      June 16, 2016

Re:         Preparation for 2016 – New Audit Requirements and Recurring Issues from the 2015 Single Audit                     

                                                                                                                                                             Comptroller Memo FY#2016-25            
 


Executive Summary

The Commonwealth’s FY2015 Single Audit  has been completed.  This year we have noted some recurring themes to the findings prepared by KPMG LLP, the independent audit firm.  These are described below to allow departments to consider whether changes are needed in preparation for the FY2016 Single Audit, which is currently underway.
 


Important for 2016: Office of Management and Budget’s (OMB’s) Uniform Guidance Requirements

New federal awards (awarded after 12/26/2014) will be audited under OMB’s Title 2 CFR Subtitle A, Chapter II, Part 200 guidance (Uniform Guidance).  Funds awarded prior to 12/26/14, including amendments, will be audited under the applicable OMB Circulars listed below.  Documentation of new and continuing awards must be received from the appropriate federal awarding agency and be on file at each department for the fiscal 2016 audit.

Uniform Guidance Application to Funds Awarded after 12/26/2014

The U.S. Office of Management and Budget (OMB) released new uniform administrative requirements, cost principles, and audit requirements for federal awards (also referred to as “Uniform Guidance” and “Title 2”).  Effective December 27, 2014, agencies must comply with these new rules.  This final guidance supersedes and streamlines requirements from eight OMB Circulars A–21, A–87, A–110, and A–122 (which have been placed in OMB guidances); Circulars A–89, A–102, and A–133; and the guidance in Circular A–50 on Single Audit Act follow-up.  The Uniform Guidance provides a government-wide framework for grants management which will be complemented by additional efforts to strengthen program outcomes through innovative and effective use of grant-making models, performance metrics, and evaluation.  This reform of OMB guidance will reduce administrative burden for non-Federal entities receiving Federal awards while reducing the risk of waste, fraud and abuse.  The new guidance can be found at Title 2 CFR Subtitle A, Chapter II, Part 200.

Sub-Recipient Reporting

Under Uniform Guidance requirements, the auditors will be verifying the “total amount provided to sub-recipients” as reported in the Schedule of Expenditures of Federal Awards (SEFA) {see Section 200.510 (b) of Title 2}.

For instructions on how to determine which expenditures are classified as “sub-recipient”, refer to the Sub-recipient Monitoring Policy.
 

Issues from the FY 2015 Single Audit

The auditors reported the following issues as part of the FY2015 Single Audit.  Some resulted in audit findings and others in management letter comments.  The topics below are not specific to any one finding or department.  The complete audit results can be found at http://www.mass.gov/comptroller/publications-and-reports/financial-reports/single-audits.html.

Information Technology System Issues and Data Security

Data in department-managed systems must be protected, especially systems containing personally identifiable information and those that interface with the financial systems, MMARS and HR/CMS.  Data should be backed up at least daily and a copy stored at an off-site location.  Restoration processes should be tested at least annually to assure that data can be restored from backup media.  Departments need to assure that all new hires have the proper security to their systems (no more than is needed to complete their duties) and that they are monitored.  Personnel who terminate service with the department should have security access and functions cancelled immediately.

In addition, the single audit continues to reveal instances of passwords that are not complex, logical access that is too broad, a lack of segregation of duties in change management controls and user access that is not revoked in a timely manner.

The Enterprise Security Policy requires that departments monitor access to statewide systems (MMARS, HR/CMS, and CIW) on a regular basis to ensure that levels of access are appropriate and proper segregation of duties is in place.  Such monitoring must also be in place for department-managed systems.  

Allowable Costs/ Cost Principles

Departments must focus on the accuracy of Federal Financial Participation claim reimbursements, as well as support for administrative costs and cost allocation plans.  All cost allocation plans must be filed on a regular schedule in accordance with federal law or the grant agreement.  These plans must first be approved by the Comptroller’s Federal Grant and Cost Allocation Bureau prior to filing with the Federal Government.

Eligibility Determination for Grant Programs

Nearly every grant requires some form of eligibility for a recipient to receive funds.  For example, credentialing criteria, income eligibility, or professional licensing may need to be established and verified for vendors or others who receive grant awards.  Human service case records must have full documentation in accordance with the grant.  Departments must also substantiate this eligibility process.  All eligibility determinations must be made in accordance with either a state plan filed with the Federal government, the grant award itself, or General Laws.  Evidence must be readily available to prove eligibility.

 

 

 

cc:           MMARS Liaisons, Payroll Directors, General Counsels, Internal Control Officers, Internal Distribution