 
|
|
PART ONE: BACKGROUND, APPLICABILITY, AND OVERVIEW | PART TWO: MATRIX OF COMPLIANCE REQUIREMENTS | PART THREE: COMPLIANCE REQUIREMENTS | PART FOUR: STATE PROJECT COMPLIANCE REQUIREMENTS | PART FIVE: INTERNAL CONTROLS | PART SIX: GUIDANCE FOR AUDITING PROJECTS NOT INCLUDED IN THE COMPLIANCE SUPPLEMENT | APPENDIX A: LIST OF CHANGES PART ONE - Background, Applicability and Overview Background The State Projects Compliance Supplement (Supplement) was developed pursuant to Section 215.97(3)(c), Florida Statutes, which provides that the Executive Office of the Governor (EOG) is responsible for coordinating the initial preparation and subsequent revisions of the Supplement after consultation with the Comptroller and all state agencies that award state financial assistance to nonstate entities. This Supplement serves to identify important compliance requirements, which the state expects to be considered as part of the state single audit. Without the Supplement, auditors would need to research many laws and rules for each project under audit to determine which compliance requirements are important to the state and could have a direct and material effect on a project. Providing this Supplement is an efficient and cost effective approach to performing this research. For the projects contained herein, the Supplement provides a source of information for auditors to understand the state project's objectives, procedures, and compliance requirements relevant to the audit as well as audit objectives and suggested audit procedures for determining compliance with these requirements. The Supplement also provides guidance to assist auditors in determining compliance requirements relevant to audit, audit objectives, and suggested audit procedures for projects not included herein. State agencies are responsible to annually inform the EOG of any updates needed to this Supplement. This responsibility includes ensuring that project objectives, procedures, and compliance requirements, noncompliance with which could have a direct and material effect on these individual state projects, are provided to the EOG for inclusion in this Supplement. The agency project requirements are included in Part Four of this Supplement. These individual sections can be updated or replaced as state projects change, and sections will be added for additional projects once the objectives, procedures, and compliance requirements relevant to the project are written. Applicability Auditors shall consider this Supplement and the referenced laws, rules, and other guidelines in determining the compliance requirements that could have a direct and material effect on the projects included herein. Use of this Supplement is mandatory, and accordingly, adherence to this Supplement satisfies the requirements of Section 215.97, Florida Statutes. For projects not included in this Supplement, the auditor is to follow the guidance in Part Six and use the types of compliance requirements in Part Three to identify the applicable compliance requirements which could have a direct and material effect on the project. State agencies are responsible to annually inform the EOG of any updates needed to this Supplement. However, auditors should recognize that laws and rules change periodically and that delays will occur between such changes and revisions to this Supplement. Moreover, auditors should recognize that there may be provisions of contracts or grant agreements that are not specified in law or rule, and therefore, the specifics of such may not be included in the Supplement. Accordingly, the auditor should perform reasonable procedures to ensure that compliance requirements are current and to determine whether there are any additional provisions of contracts and grant agreements that should be covered by the audit. Reasonable procedures would include inquiry of nonstate entity management and review of the contacts and grant agreements for projects selected for testing (major projects). Because the suggested audit procedures are written to enable application to many different projects administered by many different entities, they are necessarily general in nature. Auditor judgment will be necessary to determine whether the suggested audit procedures are sufficient to achieve the stated audit objectives or whether additional or alternative audit procedures are needed. Therefore, the auditor should not consider this Supplement to be a "safe harbor" for identifying the audit procedures to apply in a particular engagement. However, the auditor can consider this Supplement a "safe harbor" for identification of compliance requirements to be tested for the projects included herein if, as discussed above, the auditor performs reasonable procedures to ensure that the requirements in the Supplement are current and to determine whether there are any additional provisions of contracts and grant agreements that should be covered by the audit. Overview Matrix of Compliance Requirements (Part Two) The Matrix of Compliance Requirements (Matrix) identifies the state projects and compliance requirements addressed by the Supplement, and associates the projects with the applicable compliance requirements. The Matrix also identifies the applicable state agency and the Catalog of State Financial Assistance (CSFA) number for each project included in this Supplement. Compliance Requirements (Part Three) Part Three lists and describes the 10 types of compliance requirements and, except for Special Tests and Provisions, the related audit objectives that the auditor shall consider in every audit conducted under Section 215.97, Florida Statutes. Suggested audit procedures are also provided to assist the auditor in planning and performing tests of nonstate entity compliance with the requirements of state projects. Auditor judgment will be necessary to determine whether the suggested audit procedures are sufficient to achieve the stated audit objectives and whether additional or alternative audit procedures are needed. Determining the nature, timing, and extent of the audit procedures necessary to meet the audit objectives is the auditor's responsibility. The compliance requirements for Special Tests and Provisions are unique to each state project; therefore, compliance requirements, audit objectives, and suggested audit procedures for Special Tests and Provisions are not included in Part Three. Because of the diversity of systems in place among nonstate entities, Part Three does not include suggested audit procedures to test internal control. The auditor must determine appropriate procedures to test internal control on a case-by-case basis considering factors such as the nonstate entity's internal control, the compliance requirements, the audit objectives for compliance, the auditor's assessment of control risk, and the audit requirement to test internal control as prescribed by Section 215.97(8), Florida Statutes. However, see Internal Controls (Part Five) below. State Project Compliance Requirements (Part Four) For each state project included, Part Four discusses project objectives, procedures, and compliance requirements that are specific to the project. With the exception of Special Tests and Provisions, the auditor shall refer to Part Three for the audit objectives and suggested audit procedures that pertain to the compliance requirements associated with the projects. Since Special Tests and Provisions are unique to the project, the audit objectives and suggested audit procedures for the project are included in Part Four. The description of the project's procedures is general in nature. Some projects may operate somewhat differently than described due to the administrative flexibility afforded nonstate entities and the nature, size, and volume of transactions involved. Accordingly, the auditor should obtain an understanding of the applicable compliance requirements and project procedures in operation at the nonstate entity to properly plan and perform the audit. Internal Controls (Part Five) Section 215.97(8), Florida Statutes, requires auditors conducting a state single audit of recipients or subrecipients to obtain an understanding of internal controls, assess control risk, and perform tests of controls unless the controls are deemed to be ineffective. Also, auditors are to determine whether the nonstate entity has internal controls in place to provide reasonable assurance of compliance with the provisions of laws, regulations, and other rules, pertaining to state awards that have a material effect on each major state project. Part Five is intended to assist auditors in complying with these requirements by presenting characteristics of internal control which may be used to reasonably ensure compliance with the types of compliance requirements in Part Three. The characteristics of internal control presented in Part Five are neither mandatory nor all-inclusive. Guidance for Auditing Projects Not Included in the Compliance Supplement (Part Six) Part Six provides guidance to auditors in identifying the compliance requirements and designing tests of compliance with such requirements for projects not included in the Supplement. |
