Skip to main content

Single Audits: Improvements Needed in Selected Agencies' Oversight of Federal Awards

GAO-17-159 Published: Feb 16, 2017. Publicly Released: Feb 16, 2017.
Jump To:
Skip to Highlights

Highlights

What GAO Found

Federal agencies have oversight responsibilities for the funds that they award to nonfederal entities and can assign these responsibilities to their subagencies (i.e., operating units or divisions). Nonfederal entities are required to undergo a single audit if their expenditures of federal awards in a fiscal year exceed a certain threshold. A single audit is an audit of the award recipient's expenditure of federal awards and of its financial statements and can identify deficiencies in the award recipient's compliance with the provisions of laws, regulations, contracts, or grant agreements and in its financial management and internal control systems. Correcting such deficiencies can help reasonably assure the effective use of federal funds and reduce federal improper payments.

Of the five agencies in GAO's study—the Departments of Agriculture, Education, Health and Human Services (HHS), Housing and Urban Development (HUD), and Transportation—some of the agencies' subagencies that GAO reviewed did not effectively design policies and procedures to reasonably assure the timely submission of single audit reports by award recipients. The Office of Management and Budget's (OMB) guidance requires that federal awarding agencies ensure that award recipients submit single audit reports within certain time frames. This can help assure that single audit findings are timely corrected.

Most of the selected subagencies in GAO's review did not effectively design policies and procedures to reasonably assure that they issued timely management decisions containing the information required by OMB guidance. This guidance requires agencies to evaluate each award recipient's audit findings and corrective action plans and issue a management decision within 6 months of receipt of the single audit report as to the actions award recipients must take to correct each single audit finding. Such decisions may add clarity about the agency's position on the single audit finding and the corrective action.

Assessment of Selected Subagencies' Policies and Procedures for Single Audit Oversight

Assessment of Selected Subagencies' Policies and Procedures for Single Audit Oversight

Only the two selected subagencies in Education had policies and procedures for using risk-based approaches to manage high-risk and recurring single audit findings. High-risk single audit findings may be seriously detrimental to federal programs and could result in improper payments. Recurring single audit findings have persisted for more than one audit period and may need more attention or resources to correct. With over 30,000 single audit reports submitted for fiscal year 2015 and constraints in resources for conducting federal oversight, managing single audit findings using a risk-based approach can assist in identifying and prioritizing problem areas.

Why GAO Did This Study

In fiscal year 2015, federal agencies outlaid over $600 billion in federal awards to state and local governments, according to OMB. The Single Audit Act of 1984, as amended, requires that federal agencies oversee their awards to nonfederal entities. OMB Circular No. A-133 provided guidance for implementing the act during GAO's audit.

GAO was asked to examine federal agency oversight of single audits. This report examines whether selected agencies effectively designed policies and procedures to reasonably assure that (1) recipients submit timely single audit reports and (2) award recipients take action on single audit findings by issuing timely management decisions. GAO also examined whether selected agencies had policies and procedures for managing high-risk and recurring audit findings. GAO selected the five agencies with the largest dollar amounts of reported outlays for grants to state and local governments in fiscal year 2013. For each agency, GAO reviewed its two subagencies accounting for over 80 percent of outlays, reviewed written policies and procedures, and interviewed the respective officials.

Recommendations

GAO is making 21 recommendations. One Agriculture subagency agreed with the recommendations and the other did not comment. HHS and Transportation concurred. HUD commented that one subagency had taken actions to address the recommendations, while the other subagency disagreed with the recommendations directed to it. GAO believes that the recommendations are valid as discussed in the report.

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Agriculture
Priority Rec.
The Secretary of Agriculture should direct the Under Secretary for Food, Nutrition, and Consumer Services to design policies and procedures to reasonably assure that all award recipients required to submit single audit reports do so in accordance with OMB guidance.
Closed – Implemented
U.S. Department of Agriculture's (USDA) Food and Nutrition Service (FNS) neither agreed nor disagreed with our recommendation. We issued this recommendation to USDA because FNS's policies and procedures were not adequately designed to (1) identify award recipients that should have submitted single audit reports; (2) verify that award recipients that were required to submit single audit reports did so; (3) determine whether award recipients that were required to submit single audit reports did so within the required time frames; and (4) take action to obtain single audit reports when award recipients did not submit the reports within the required time frames. In April 2022, FNS provided us its Single Audit Standard Operating Procedure (SOP) dated April 2022 to show the corrective actions taken to date to address this recommendation. In its SOP, FNS indicated that it developed a process to ensure that audits are completed and reports are received in a timely manner. This process includes FNS Regional Offices checking on a regular basis (i.e., at least every two weeks) to identify Single Audit reports that have been uploaded and accepted into the Federal Audit Clearinghouse and to notify the Office of Internal Controls, Audits, and Investigations if issues are identified regarding receipt of required audit reports. We believe that FNS's April 2022 SOP demonstrates that FNS has designed policies and procedures that address the recommendation. Therefore, we consider this recommendation to be closed-implemented.
Department of Agriculture
Priority Rec.
The Secretary of Agriculture should direct the Under Secretary for Food, Nutrition, and Consumer Services to revise policies and procedures to reasonably assure that management decisions contain the required elements and are issued timely in accordance with OMB guidance.
Closed – Implemented
U.S. Department of Agriculture's (USDA) Food and Nutrition Service (FNS) neither agreed nor disagreed with this recommendation. We issued this recommendation to USDA because FNS did not adequately design policies and procedures to reasonably assure that it prepared management decisions with the required content for each single audit finding and issue such management decisions within 6 months of receipt of the single audit reports, as required by the Office of Management and Budget (OMB) guidance. In April 2022, FNS provided us its Single Audit Standard Operating Procedure (SOP) dated April 2022 to show the corrective actions taken to date to address this recommendation. We reviewed FNS's SOP and found that it includes procedures to help ensure that management decisions contain the required elements and are issued timely in accordance with the OMB guidance. For example, FNS's SOP includes the OMB requirements that the management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. Further, the April 2022 SOP has requirements for FNS's Regional Offices to track the management decision date by individual finding in their internal tracking documents. We believe FNS's revised SOP addresses this recommendation. Therefore, we consider this recommendation to be closed-implemented.
Department of Agriculture The Secretary of Agriculture should direct the Under Secretary for Food, Nutrition, and Consumer Services to design and implement policies and procedures for identifying and managing high-risk and recurring single audit findings using a risk-based approach.
Closed – Implemented
U.S. Department of Agriculture's (USDA) Food and Nutrition Service (FNS) neither agreed nor disagreed with our recommendation. We issued this recommendation to USDA because FNS's standard operating procedures did not include a risk-based approach to identify and manage high-risk and recurring single audit findings. In April 2022, FNS provided us its Single Audit Standard Operating Procedure (SOP) dated April 2022 to show the corrective actions taken to date to address this recommendation. We reviewed FNSs SOP and found that it includes procedures for identifying and managing high-risk and recurring single audit findings using a risk-based approach. In its SOP, FNS developed specific steps for identifying and tracking high-risk and recurring single audit findings and assigning findings into high-risk categories so that adequate resources can be dedicated to address the problem. We believe FNS's corrective actions above address the recommendation. Therefore, we consider this recommendation to be closed-implemented.
Department of Agriculture
Priority Rec.
The Secretary of Agriculture should direct the Under Secretary for Rural Development to design policies and procedures to reasonably assure that all award recipients required to submit single audit reports do so in accordance with OMB guidance.
Closed – Implemented
U.S. Department of Agriculture's (USDA) Rural Development (RD) concurred with our recommendation. We issued this recommendation to USDA because RD's policies and procedures were not adequately designed to (1) identify award recipients that should have submitted single audit reports; (2) verify that award recipients that were required to submit single audit reports did so; (3) determine whether award recipients that were required to submit single audit reports did so within the required time frames; and (4) take action to obtain single audit reports when award recipients did not submit the reports within the required time frames. In September 2021, RD provided us its Single Audit Standard Operating Procedure (SOP) dated June 30, 2021 to show the corrective actions taken to date to address the recommendation. We asked RD to clarify and provide support that shows this SOP is finalized and is the official current SOP. On February 16, 2022, RD clarified for us that this SOP is finalized and currently in use by RD staff. We have reviewed RD's SOP and believe that RD designed policies and procedures to reasonably assure that award recipients required to submit single audit reports are done in accordance with the Office of Management and Budget guidance. In its SOP, RD indicated that it developed a process to identify recipients meeting the $750,000 requirement based on funds advanced in RD programs. In addition, RD indicated that it developed an Excel Spreadsheet to track and monitor the timely submission of single audit reports. According to RD's SOP, on the 5th business day of every quarter, the Internal Control Division (ICD) will run a report to identify disbursements that occurred in the prior quarter and combine with prior disbursement data creating a running total of disbursements in the Disbursement Running Data Excel Spreadsheet. For any awardee that reaches the $750,000 threshold, ICD will locate the awardee's Organization Type and fiscal year-end in the Awardee Data Excel Spreadsheet. RD will then use the Disbursement Running Data and the Awardee Data excel spreadsheets to identify awardees that are required to submit a single audit report and the due date of that audit. In addition, RD uses a Single Audit Tableau Dashboard that will display any awardees that have not submitted their single audit reports as required. For those awardees that have not submitted a single audit and are past due, they will be flagged on the Single Audit Tableau Dashboard. A list of past due awardees will be sent to the Program Office for follow-up. We believe that RD's SOP demonstrates that RD has designed policies and procedures in fiscal year 2021 that address the recommendation. Therefore, we consider this recommendation to be closed-implemented.
Department of Agriculture
Priority Rec.
The Secretary of Agriculture should direct the Under Secretary for Rural Development to revise policies and procedures to reasonably assure that management decisions contain the required elements and are issued timely in accordance with OMB guidance.
Closed – Implemented
U.S. Department of Agriculture's (USDA) Rural Development (RD) concurred with our recommendation. We issued this recommendation to USDA because RD did not adequately design policies and procedures to reasonably assure that it prepared management decisions with the required content for each single audit finding and issued such management decisions within 6 months of receipt of the single audit reports, as required by the Office of Management and Budget (OMB) guidance. In September 2021, RD provided us its Single Audit Standard Operating Procedure (SOP) dated June 30, 2021 to show the corrective actions taken to date to address the recommendation. We asked RD to clarify and provide support that shows this SOP is finalized and is the official current SOP. On February 16, 2022, RD clarified for us that this SOP is finalized and currently in use by RD staff. We have reviewed RD's SOP and believe that RD has revised its policies and procedures to reasonably assure that management decisions contain the required elements and are issued timely in accordance with the OMB guidance. For example, RD's SOP spells out the OMB requirements by stating that the management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given (2 CFR ? 200.521). RD also has procedures within its SOP to ensure these requirements are met by implementing a system that captures single audit findings and a process for ensuring its management decisions are issued within 6 months of acceptance of the audit report by the Federal Audit Clearinghouse. Furthermore, RD developed and included a Management Decision Letter (MDL) template within its SOP which contains the required elements in accordance with OMB guidance. Finally, RD provided us several recent examples of completed fiscal year 2021 MDL which we verified also have the OMB required elements. We believe RD's corrective actions above address the recommendation. Therefore, we consider this recommendation to be closed-implemented.
Department of Agriculture The Secretary of Agriculture should direct the Under Secretary for Rural Development to design and implement policies and procedures for identifying and managing high-risk and recurring single audit findings using a risk-based approach.
Closed – Implemented
U.S. Department of Agriculture's (USDA) Rural Development (RD) concurred with our recommendation. We issued this recommendation to USDA because RD's standard operating procedures did not include a risk-based approach so that state offices or program areas can identify and manage the single audit findings that could pose a greater risk to the program's objectives or increase the risk of fraud, waste, or abuse of federal funds. In September 2021, RD provided us its Single Audit Standard Operating Procedure (SOP) dated June 30, 2021 to show the corrective actions taken to date to address the recommendation. We asked RD to clarify and provide support that shows this SOP is finalized and is the official current SOP. On February 16, 2022, RD clarified for us that this SOP is finalized and currently in use by RD staff. We have reviewed RD's SOP and believe that RD has designed and implemented policies and procedures for identifying and managing high-risk and recurring single audit findings using a risk-based approach. For example, in its SOP, RD indicated that it developed a Risk Rating system that will rate the single audits and specify whether they are considered high risk or not. According to RD, this will allow RD to mitigate future risk by showing areas of improvement within the organization and highlight any awardees that have had significant findings. Also, RD mentions in its SOP that it performs a comprehensive review of the financial statements and the related findings and assigns a risk rating of the entity. RD provided us documentation which we believe demonstrates that RD has designed and implemented a risk based approach to prioritize single audits of entities according to the severity of their findings. For example, entities whose single audits indicate material non-compliance with grant agreement obligations are assigned as "significant program risk" while entities whose single audits indicate the awardee has not adequately delivered the RD program objectives are assigned as "adverse program risk." We believe RD's corrective actions above address the recommendation. Therefore, we consider this recommendation to be closed-implemented.
Department of Health and Human Services The Secretary of Health and Human Services should direct the Assistant Secretary for Financial Resources to design policies and procedures to reasonably assure that all award recipients required to submit single audit reports do so in accordance with OMB guidance.
Closed – Implemented
The Department of Health and Human Services (HHS) concurred with our recommendation to the Assistant Secretary for Financial Resources (ASFR). We reviewed ASFR's policies and procedures which show that ASFR has established a process to identify grantees that are delinquent in the report submission and to notify the appropriate HHS agencies obligated to resolve the delinquency. ASFR stated that it has performed this process for fiscal years 2014 through 2016 and is continuing the delinquent audit review process for fiscal year 2017 and the future.
Department of Health and Human Services
Priority Rec.
The Secretary of Health and Human Services should direct the Assistant Secretary for Financial Resources to revise policies and procedures to reasonably assure that management decisions contain the required elements and are issued timely in accordance with OMB guidance.
Closed – Implemented
The Department of Health and Human Services (HHS) concurred with our recommendation. In February 2020, HHS provided us its revised Single Audit Resolution Standard Operating Procedure (SOP) dated September 30, 2019, which includes (1) the elements required by the Office of Management and Budget's (OMB) Uniform Guidance and stating that these elements must be included in the management decision letter (MDL); (2) the requirement that MDLs must be issued within 6 months of the single audit report's acceptance into the Federal Audit Clearinghouse; (3) an optional MDL template which staff may use as a guide; and (4) HHS's new quality control process that describes the steps for HHS's Assistant Secretary for Financial Resources Office of Program Audit Coordination to follow when completing its quality control reviews to verify that MDLs are issued timely and include the required elements. We believe HHS's actions address our recommendation.
Department of Health and Human Services The Secretary of Health and Human Services should direct the Assistant Secretary for Financial Resources to design and implement policies and procedures for identifying and managing high-risk and recurring single audit findings using a risk-based approach.
Closed – Implemented
The Department of Health and Human Services (HHS) concurred with this recommendation to the Assistant Secretary for Financial Resources. In fiscal year 2020, HHS provided us documentation to show that HHS has addressed the recommendation. We have reviewed HHS's Audit Resolution Standard Operating Procedure (SOP) (dated September 30, 2019) and verified that HHS revised its Audit Resolution SOP to include a risk-based approach for identifying and managing high-risk and recurring single audit findings. The Audit Resolution SOP includes steps for HHS staff to follow when conducting risk reviews of single audit findings and reports in order to focus and tailor their audit resolution activities. For example, HHS staff are required to review audit findings to identify risk factors such as significance of non-compliance issues, including findings associated with modified opinion and/or material weakness and repeat findings. In addition, we have reviewed HHS's Audit Tracking and Analysis System (ATAS) User Manual (dated January 31, 2019), which contains screen shots and other illustrations from ATAS that demonstrate HHS has automated its processes to assist HHS staff in using a risk-based approach for identifying and managing high-risk and recurring single audit findings. From our review of HHS's Audit Resolution SOP and ATAS User Manual, we believe HHS has met the intent of the recommendation.
Department of Health and Human Services
Priority Rec.
The Secretary of Health and Human Services should direct the Administrator of the Centers for Medicare and Medicaid Services to revise its policies and procedures to take action to obtain single audit reports when award recipients did not submit reports within the required time frames.
Closed – Implemented
The Department of Health and Human Services (HHS) concurred with this recommendation to the Centers for Medicare and Medicaid Services (CMS). In fiscal year 2018, HHS informed us that the CMS Audit Management Division (AMD) released an audit alert to the Single Audit coordinators, which included the Single Audit General Policy Standard Operating Procedure (SOP) with an effective date of January 1, 2018. We have reviewed HHS's CMS SOP effective January 1, 2018, and verified that the SOP includes provisions for following up with entities that have delinquent audits. Per the SOP, the follow up activities include CMS (1) sending email stating the issue and requesting status to all awardee organizations on HHS delinquent audit list and (2) informing the awardee that failure to comply with the requirement of having an audit performed and submitted to the Federal Audit Clearinghouse could jeopardize the awardee's ability to receive future awards and/or result in other remedial actions being taken. In addition, we have verified that HHS's CMS issued an audit alert on February 1, 2018, which instructed HHS's CMS staff to incorporate the SOP into their existing procedures for single audits. We believe CMS's revised SOP has sufficient policies and procedures that requires CMS staff to take action to obtain single audit reports when award recipients did not submit reports within the required time frames.
Department of Health and Human Services
Priority Rec.
The Secretary of Health and Human Services should direct the Administrator of the Centers for Medicare and Medicaid Services to revise its policies and procedures to reasonably assure that management decisions contain the required elements and are issued timely in accordance with OMB guidance.
Closed – Implemented
The Department of Health and Human Services (HHS) concurred with this recommendation to the Centers for Medicare and Medicaid Services (CMS). In fiscal year 2018, HHS informed us that the CMS Audit Management Division (AMD) released an audit alert to the Single Audit coordinators, which included the Single Audit General Policy Standard Operating Procedure (SOP) with an effective date of January 1, 2018, and which also included the Management Decision Letter (MDL) template. We have reviewed HHS's CMS SOP effective January 1, 2018, and verified that the SOP requires HHS's CMS staff to send an MDL that meets the requirements found in 45 CFR 75.521 to the auditee within the 6-month timeframe. In addition, we have verified that the SOP identifies the elements that need to go into the MDL, including the requirement to state whether or not the audit finding is sustained; the reasons for the decision; expected auditee action to repay disallowed costs, make financial adjustments, or take other action: and describe any appeal process available to the auditee. Further, we have reviewed the audit alert, which CMS sent to its Single Audit coordinators, and verified that the audit alert contained an MDL template that CMS staff may follow when preparing MDLs. We believe CMS's revised SOP has sufficient policies and procedures to reasonably assure that management decisions contain the required elements and are issued timely in accordance with Office of Management and Budget guidance.
Department of Health and Human Services The Secretary of Health and Human Services should direct the Administrator of the Centers for Medicare and Medicaid Services to design and implement policies and procedures for identifying and managing high-risk and recurring single audit findings using a risk-based approach.
Closed – Implemented
The Department of Health and Human Services (HHS) concurred with this recommendation to the Centers for Medicare and Medicaid Services. In fiscal year 2020, HHS provided us documentation to show that HHS has addressed the recommendation. We have reviewed HHS's Audit Resolution Standard Operating Procedure (SOP) (dated September 30, 2019) and verified that HHS revised its Audit Resolution SOP to include a risk-based approach for identifying and managing high-risk and recurring single audit findings. The Audit Resolution SOP includes steps for HHS staff to follow when conducting risk reviews of single audit findings and reports in order to focus and tailor their audit resolution activities. For example, HHS staff are required to review audit findings to identify risk factors such as significance of non-compliance issues, including findings associated with modified opinion and/or material weakness and repeat findings. In addition, we have reviewed HHS's Audit Tracking and Analysis System (ATAS) User Manual (dated January 31, 2019), which contains screen shots and other illustrations from ATAS that demonstrate HHS has automated its processes to assist HHS staff in using a risk-based approach for identifying and managing high-risk and recurring single audit findings. From our review of HHS's Audit Resolution SOP and ATAS User Manual, we believe HHS has met the intent of the recommendation.
Department of Housing and Urban Development
Priority Rec.
The Secretary of Housing and Urban Development should direct the Principal Deputy Assistant Secretary for the Office of Community Planning and Development to revise policies and procedures to reasonably assure that management decisions contain the required elements and are issued timely in accordance with OMB guidance.
Closed – Implemented
The GAO recommendation was for the Department of Housing and Urban Development's (HUD) Office of Community Planning and Development (CPD) to revise policies and procedures to reasonably assure that management decisions contain the required elements and are issued timely in accordance with the Office of Management and Budget (OMB) guidance. CPD did not agree with our recommendation and, consequently, did not revise its policies and procedures, which was the intent of the GAO recommendation. Nevertheless, in fiscal year 2017, CPD provided training on writing management decisions and issued a reminder memorandum to CPD staff to comply with Single Audit requirements, including management decision requirements, which are referenced in CPD's clarifying guidance dated September 9, 2013. This guidance was in effect at the time of our audit engagement. After further review of CPD's guidance, we believe the guidance dated September 9, 2013, is effectively designed to reasonably assure that management decisions contain the required elements and are issued timely in accordance with OMB guidance. Further, we believe that CPD's issuance of its reminder memorandum to CPD staff re-enforces CPD's existing policies and procedures that are specified in CPD's clarifying guidance. Therefore, we consider this recommendation closed.
Department of Housing and Urban Development The Secretary of Housing and Urban Development should direct the Principal Deputy Assistant Secretary for the Office of Community Planning and Development to design and implement policies and procedures for identifying and managing high-risk and recurring single audit findings using a risk-based approach.
Closed – Implemented
The Department of Housing and Urban Development's (HUD) Office of Community Planning and Development (CPD) published new notices in February 2022; and October 2022, which incorporated the specific consideration of grantee Single Audit submissions into CPD's Risk Analysis criteria for all programs. According to CPD's Monitoring Handbook, monitoring review areas and scope should reflect a direct connection to the Risk Analysis results, with review areas identified and monitoring Exhibits selected to address high-risk factors. These actions should help HUD's CPD to recognize emerging and persistent issues related to award recipients' use of funds identified by single audit findings, which should help CPD prioritize its resources to ensure that award recipients timely address them. We believe CPD's corrective actions above address the recommendations. Therefore, we consider this recommendation closed-implemented.
Department of Housing and Urban Development
Priority Rec.
The Secretary of Housing and Urban Development should direct the Principal Deputy Assistant Secretary for the Office of Public and Indian Housing to revise policies to reasonably assure that management decisions contain the required elements and are issued timely in accordance with OMB guidance.
Closed – Implemented
The Department of Housing and Urban Development's (HUD) Office of Public and Indian Housing (PIH) updated its Independent Public Accountant Audit Findings Review Standard (dated September 2017), which PIH developed to establish requirements for management decision letter issuance and closure of findings. We reviewed this standard and verified that it contains the required elements in accordance with the Office of Management and Budget guidance relating to management decisions. In addition, we verified that PIH has updated this standard to require periodic reviews of audit findings tracking sheets to ensure staff are complying with the standard and are issuing management decisions timely. Therefore, we believe PIH's actions addresses this recommendation.
Department of Housing and Urban Development The Secretary of Housing and Urban Development should direct the Principal Deputy Assistant Secretary for the Office of Public and Indian Housing to design and implement policies and procedures for identifying and managing high-risk and recurring single audit findings using a risk-based approach.
Open
The Department of Housing and Urban Development's (HUD) Office of Public and Indian Housing (PIH) neither agreed nor disagreed with this recommendation. In May 2018, PIH stated that it had implemented a Risk Based Approach Tool designed to identify and manage high-risk and recurring single audit findings. The tool was intended to track and focus on audit findings reported as material weaknesses or significant deficiencies and was designed to determine the resources needed and available to assist in mitigating the audit findings. However, in March 2019, PIH informed us that in late 2018, it was working toward repositioning goals, priorities and identification of key risk indicators aligned with HUD and PIH priorities. PIH stated that it no longer uses the assessment tool that included over 100 risk indicators and indicated that it has a revised risk mitigation framework proposal that will be presented to the Enterprise Risk Counsel in the near future. In August 2021, PIH notified us of three actions that its program office is taking as part of PIH's process to identify and manage risk in single audit findings. These actions include (1) PIH reporting information/data monthly to the Enterprise Risk Counsel on improving the Public Housing Agency's (PHA) performance by decreasing insolvency, improving physical condition, reducing the number of troubled and substandard, increasing utilization, and occupancy; (2) PIH managing its highest risk around improving PHA performance and the Enterprise Risk Counsel tracks the risk for PIH; and (3) PIH providing the Enterprise Risk Counsel with a Risk Mitigation tool which contains a risk overview and identifies mitigation strategies. As of August 2023, we are waiting for HUD to provide a status update on current actions taken by PIH to address our recommendation. We will continue to monitor the agency's actions to address this recommendation.
Department of Transportation
Priority Rec.
The Secretary of Transportation should direct the Administrator of the Federal Highway Administration to revise policies and procedures to reasonably assure that management decisions contain the required elements and are issued timely in accordance with OMB guidance.
Closed – Implemented
The Department of Transportation (DOT) concurred with this recommendation. In fiscal year 2019, DOT's Federal Highway Administration (FHWA) provided us support to show that FHWA had revised its policies and procedures document for Single Audit compliance (i.e., Financial Integrity Review & Evaluation Toolkit, Chapter 25), updated its Single Audit management decision letter (MDL) template and example, and updated its monitoring activities using its Single Audit Tracking site. We have reviewed and verified that FHWA's policies and procedures document and MDL template contain the required management decision elements, such as a statement indicating whether FHWA agrees with the single audit finding, the reasons for its decision, and a timetable for actions if the award recipient has not completed corrective action. In addition, we have reviewed a print screen from FHWA's Single Audit Tracking site, which we believe demonstrates that FHWA has a process that enables it to monitor and ensure whether management decisions contain the required elements and are issued timely in accordance with Office of Management and Budget (OMB). Finally, we have verified that FHWA disseminated its updated policies and procedures document to its staff in October and November 2018. We believe DOT's FHWA has sufficient policies and procedures to reasonably assure that management decisions contain the required elements and are issued timely in accordance with OMB.
Department of Transportation The Secretary of Transportation should direct the Administrator of the Federal Highway Administration to design and implement policies and procedures for identifying and managing recurring single audit findings using a risk-based approach.
Closed – Implemented
The Department of Transportation (DOT) concurred with this recommendation. In fiscal year 2019, DOT's Federal Highway Administration (FHWA) provided us support to show that FHWA revised its policies and procedures document for Single Audit compliance (i.e., Financial Integrity Review & Evaluation Toolkit, Chapter 25) in response to the recommendation. We have reviewed and verified that DOT's FHWA uses a risk based approach by designating single audit findings as either "priority 1" or "priority 2." In general, DOT's Office of Inspector General categorizes single audit findings with questioned costs or those findings that are on single audit reports where FHWA is the cognizant or oversight agency and the total FHWA award was $2 million and above as "priority 1" and procedural findings on single audit reports where FHWA is not the cognizant/oversight agency and the total FHWA award was less than $2 million are categorized as "priority 2." Since "priority 1" findings pose the greatest potential risk, DOT stated that FHWA now tracks when "priority 1" findings are repeat findings. DOT stated that adding this feature allows FHWA to run a report identifying repeat "priority 1" findings in a fiscal year, which enables DOT's FHWA to identify and manage recurring single audit findings. We believe DOT's FHWA actions address our recommendation.
Department of Transportation
Priority Rec.
The Secretary of Transportation should direct the Administrator of the Federal Transit Administration to design policies and procedures to reasonably assure that all award recipients required to submit single audit reports do so in accordance with OMB guidance.
Closed – Implemented
The Department of Transportation (DOT) concurred with this recommendation. During our meeting with DOT's Federal Transit Administration (FTA) in November 2019, FTA officials indicated that FTA has a master agreement (dated October 1, 2018) which lays out the grant requirements for federal award recipients to follow, including undergoing an annual "Single Audit". As part of its master agreement, FTA requires federal award recipients to certify on an annual basis that they are following the government grant requirements, including performing the required financial and compliance audits in accordance with the Single Audit Act Amendments of 1996 and 2 C.F.R. Part 200, Subpart f, "Audit Requirements". To ensure federal award recipients complete the certifications, DOT has hired a Single Audit oversight coordinator whose full time responsibility is to manage the Single Audit process, which includes making sure all federal award recipients have completed certifications before any grants are awarded to them for the year. In addition to the certification process, FTA developed its Single Audit Management Standard Operating Procedure (SOP) (dated December 13, 2018), which includes procedures for monitoring compliance of federal award recipients requiring Single Audits. As part of these procedures, FTA officials said that FTA follows federal statute which requires it to perform Triennial and State Management Reviews ( which includes reviews of Single Audits) every 3 years. These reviews look back at the previous 3 fiscal years. FTA officials indicated that these reviews cover over 650 FTA federal award recipients and evaluate for compliance with statutory, administrative, and program requirements. Further, FTA officials stated that where a federal award recipient is found to not be in compliance with the Single Audit and other requirements, FTA then reviews the federal award recipient on an annual cycle for the next 3 years and will only put the federal award recipient back on a 3 year cycle if found to be in compliance in those 3 years. FTA officials indicated that, over the last 5 years, they have identified 23 out of 1,136 federal award recipients through FTA's Triennial and State Management Reviews to not be in compliance with Single Audit requirements and, thus, has assessed the risk of non-compliance with the timely submission of Single Audit reports to be at a low level. We verified that FTA's SOP includes procedures for monitoring compliance of federal award recipients requiring Single Audits. The SOP indicates that FTA uses its comprehensive program management oversight review programs, including the Triennial and State Management Reviews, to verify Single Audit completion and submission to the Federal Audit Clearinghouse for recipients that receive regular oversight reviews from FTA. We consider FTA's process of performing its Single Audit oversight reviews reasonable and believe that FTA has met the intent of the recommendation.
Department of Transportation
Priority Rec.
The Secretary of Transportation should direct the Administrator of the Federal Transit Administration to revise policies and procedures to reasonably assure that management decisions contain the required elements and are issued timely in accordance with OMB guidance.
Closed – Implemented
The Department of Transportation (DOT) concurred with this recommendation. In fiscal year 2019, DOT's Federal Transit Administration (FTA) developed its management decision template, tracking system, and Single Audit Management Standard Operating Procedures (SOP) to ensure management decisions contain the required elements and are issued timely. We have reviewed FTA's Single Audit Management Standard Operating Procedures (SOP) and verified that it includes management decisions procedures, including the management decision template, and procedures for FTA's tracking system and verified that the SOP was disseminated to staff in April 2019. We believe DOT's FTA has sufficient policies and procedures to reasonably assure that management decisions contain the required elements and are issued timely in accordance with OMB.
Department of Transportation The Secretary of Transportation should direct the Administrator of the Federal Transit Administration to design and implement policies and procedures for identifying and managing recurring single audit findings using a risk-based approach.
Closed – Implemented
The Department of Transportation (DOT) concurred with this recommendation. In fiscal year 2019, DOT's Federal Transit Administration (FTA) developed a process for identifying and managing recurring single audit findings using a risk-based approach. In FTA's response memo (dated September 10, 2019), FTA stated that it conducts an annual oversight needs assessment of approximately 600 federal award recipients each year. According to FTA, this assessment examines nine high-risk areas and covers an evaluation of potential risks related to Single Audit findings, including whether a federal award recipient has (1) repeat and/or past due Single Audit findings, (2) a pattern of unsatisfactory Single Audit progress towards closing Single Audit findings, and (3) a substantial number of open or high-risk Single Audits. According to FTA, federal award recipients that are identified as high-risk in any review area are considered for more in-depth oversight reviews within the same fiscal year. In addition, FTA provided us documentation which demonstrates that FTA uses a web-based information system which allows it to share and track oversight activities and to monitor and track Single Audit submittals, management decisions, findings (including repeat audit findings), corrective actions, and manage recurring Single Audit findings using a risk based approach. We believe that FTA has met the intent of the recommendation.

Full Report

GAO Contacts

Office of Public Affairs

Topics

Audit oversightAudit reportsAwardsAuditing proceduresFinancial managementInternal auditsInternal controlsRegulatory agenciesReporting requirementsFederal awardsPolicies and proceduresSingle audits