Language Translation
  Close Menu

Uniform Compliance Guidelines For Audit Of Hospitals And State And Local Governments By Authorized Independent Public Accountants

  • Introduction

    The State Board of Accounts is the state agency, designated by legislation, with responsibility for the audit of public funds received and disbursed by public offices and officers, state offices, state institutions, and any other entities receiving or disbursing public funds. Through the annual/biennial reporting process and our involvement in approving requests for proposals and audit contracts with private examiners to perform the annual/biennial audit of the governmental entities, we have attempted to ensure entities subject to federal or state audit requirements have met these requirements as efficiently and inexpensively as possible.

    It is the State Board of Accounts' policy that entities subject to the audit of requirements of Indiana Code (IC) 5-11-1 shall have no more than one audit completed annually. Therefore, the auditor selected to perform the annual/biennial audit shall be required to complete the financial audit, the compliance audit and, if applicable, the Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) audit. It is therefore imperative that entities and their private examiner exercise diligence in determining applicable audit requirements prior to commencing the audit process. Through adherence to our Guidelines for the Audits of State and Local Governments by Authorized Independent Public Accountants (Guidelines), and with the cooperation of all parties involved, one audit can and will satisfy the needs of all interested parties.

    Subject to the Investigation of Potential Fraud, Abuse, Malfeasance, Misfeasance, or Nonfeasance section of the Guidelines, we reserve the right to audit, examine, investigate, and review records of any entity at any time as deemed necessary by the State Examiner.

    We would like to thank governmental entities and their private examiners for their cooperation and assistance they provide. We hope this issue of the Guidelines will assist you in successfully addressing your responsibilities.

    Paul D. Joyce, CPA
    State Examiner

  • Statutory Authority

    IC 5-11-1-9 gives the State Board of Accounts the responsibility for examining all accounts and all financial affairs of every public office and officer, state office, state institution, and entity disbursing public money. Other statutes support this audit responsibility such as Indiana Code 36-7-18-37 which states the State Board of Accounts shall periodically audit the books, records, and accounts of housing authorities. The State Examiner, in accordance with IC 5-11-1-7, may engage or allow private examiners to perform this examination.

    If the State Examiner engages or authorizes the engagement of a private examiner to perform an examination under IC 5-11-1, the examination and report must comply with uniform compliance guidelines (Guidelines) established by the State Board of Accounts in accordance with (IC 5-11-1-24(d)). These Guidelines may be viewed on our website (www.in.gov/sboa) under both Political Subdivisions and Citizens. If your entity type is not specifically named, then your entity fits into the Special Districts category.

    The state or a municipality may not enter into a contract with an entity subject to examination under IC 5-11-1 if the contract does not require the examinations and reports to comply with the Guidelines that are established in accordance with IC 5-11-1-24. This is expanded upon in State Examiner Directive 2015-2 found on our website.

    Hospitals

    County hospitals are allowed by IC 16-22-3-12 to engage an independent certified public accounting firm experienced in hospital matters to perform the annual audit of the hospital required by IC 5-11-1-25. Such audits are required to follow guidelines established by the State Board of Accounts. IC 16-23-1-45(a) grants the governing board of a city hospital the same rights and powers as the hospital board of a county hospital. Therefore, it is our position that city hospitals may also elect to engage an independent certified public accounting firm experienced in hospital matters to perform their annual audit as required by IC 5-11-1-25.

    IC 16-22-3-12(d) requires the hospital to provide written notice to the State Board of Accounts if it elects to have the audit of the hospital performed by an independent certified public accounting firm. Such written notice is required to be given not less than one hundred eighty (180) days before the beginning of the hospital's fiscal year in which the hospital elects to have the audit of the hospital performed by an independent certified public accounting firm. If a hospital elects to terminate the use of an independent certified public accounting firm it must provide written notice to the State Board of Accounts not less than one hundred eighty (180) days before the beginning of the hospital's fiscal year in which the hospital elects not to be audited by an independent certified public accounting firm. For any fiscal year in which the hospital does not use an independent certified public accounting firm, the hospital shall be audited by the State Board of Accounts.

  • Audit Coordination and Administration

    Audits may be initiated and administered by the State Board of Accounts; by state or local government funding agencies; or by the entities themselves. They may be performed by the State Board of Accounts, contractors of the State Board of Accounts, or private examiners approved by the State Board of Accounts and hired by the entity. Audit costs are always directly or indirectly the responsibility of the entity. Coordination of these audits with the State Board of Accounts is required. We, therefore, require the submission of all audit contracts or engagement letters to us for approval, prior to signing by the entity with the exception of those negotiated under IC 5-11-1-24.4.

    The primary responsibility for ensuring the appropriateness, timeliness, and completeness of an entity's audit rests with the entity itself. However, successful completion of the audit process cannot be accomplished without the direct cooperation and assistance of funding agencies, private examiners, and the State Board of Accounts. Due to the complexity of government regulations and the uniqueness of existing arrangements and relationships between funding agencies and entities, it is imperative that entities and their private examiners confirm in advance, the type and scope of audit necessary to satisfy all parties involved.

    Per IC 5-11-1-7, private examiners allowed engagements by the State Examiner are subject to the direction of the State Examiner. Private examiners allowed engagements for services under IC 5-11 are agents of the State Examiner and are limited to the following powers unless additional authority is granted in writing by the State Examiner.

    Private examiners are entitled to examine any books, papers, documents, or electronically stored information for the purpose of making an examination. Private examiners are entitled access in the presence of the custodian or the custodian's deputy to the cash drawers and cash in the custody of the officer. Private examiners may during business hours, examine the public accounts in any depository that has public funds in its custody.

    IC 5-11-5-1(d) requires a private examiner, acting as an agent of the State Examiner, who determines during an examination under IC 5-11 that;

    1. a substantial amount of public funds have been misappropriated or diverted and
    2. that the private examiner has a reasonable belief that the malfeasance or misfeasance that resulted in the misappropriations or diversion of the public funds was committed by the officer or an employee of the office, to report the determination to the State Examiner.

    This report shall be sent to the State Board of Accounts in accordance with State Examiner Directive 2015-6. This Directive 2015-6 should be reviewed for an expanded detail of actions to be taken by both the auditee and auditor in these instances. Similarly, if the private examiner determines the books and records are not in a sufficiently satisfactory condition for performing an audit, this shall be reported to the State Examiner immediately using the appropriate email address.

  • Audit Frequency and Completion

    Audit frequency is subject to requirements set forth by the funding agencies, the needs of the entity, IC 5-11-1-25, and other statutes.

    Audits performed by private examiners are to be completed and all required reports issued within 180 days after the close of the audit period. Any requests for an extension of time must be made by emailing the State Board of Accounts at the appropriate email address. The request shall include the reason(s) an extension is needed and the amount of extra time requested. Extensions may be granted by the State Board of Accounts for up to an additional 60 days. Requests for extension must be received no later than 30 days prior to the report deadline indicated above to be considered for approval. Extensions are not automatic; any request for an extension may be rejected by the State Board of Accounts. Any extension approval shall be in the form of a written response. Any entity that does not have an audit completed and reports submitted by the deadline or request an extension as indicated above may have their audit completed by the State Board of Accounts with the cost of the audit based on the current full cost rate charged to other governmental units.

  • Auditor Evaluation and Selection: Request for Proposal and Contract Requirements

    Request For Proposals (RFPs)

    Per IC 5-11-1-24 entities may not request proposals for performing an examination unless the request for proposals has been submitted to and approved by the State Board of Accounts. Request For Proposals (RFPs) should be used to solicit responses from qualified independent auditors (private examiners) for professional financial and compliance auditing services. This RFP process can result in comprehensive responses that assure audit services offered are consistent with services desired. It can also provide certain assurances that competitive review and selection procedures were applied in the audit contracting process.

    It is essential that RFPs for auditing services be comprehensive and cover all matters, issues, and subjects which have a bearing on the audit. Information about the entity to be audited and necessary elements of the audit requirements must be provided to independent auditors to assure clear and complete responses. Interested auditors usually respond to RFPs with a detailed audit proposal outlining the firm's qualifications, references, proposed audit work plan, and the cost of the audit.

    The RFP document should be communicated to independent auditors by any appropriate form and manner to assure open and competitive coverage. A public notice may or may not be utilized. Also, other methods of communicating RFP's for auditing services may be desirable, such as contact with the State CPA Society or the local chapter. Invitation for bid listings in newspapers are a commonly used public notice.

    The notice of proposal (or letter of transmittal) to prospective respondents should briefly summarize all important information regarding the RFP. It may include:

    • Name and address of government or entity issuing the RFP
    • Name, address, title and phone number of person(s) to contact regarding questions
    • Response due date and time deadline
    • Number of copies of response
    • Contract period (year(s) to be audited)
    • Specify location and method of delivery of response. Specify sealed response/price requirements, if any
    • Required compliance with State Examiner Directive 2015-2
    • Auditor qualifications detailed below
    • Other stipulations and clarifications as required
    • Name, title, and signature of official who transmits the proposal

    The RFP shall be submitted to the State Board of Accounts by email using the appropriate email address found in the Auditor Responsibilities section of this Guideline.

    Upon completion of our review of the RFP, we will either issue a written approval or request modifications with such modifications detailed. It should be re-submitted for approval after the modifications have been made.

    State agencies are required to use the RFP process if they contract for audits of entities they fund. They are required to submit the RFP to the State Board of Accounts for approval, prior to issuance. In addition, the State Board of Accounts will review the evaluation method used in selecting the successful respondent.

    Local governments contracting for audits of entities they fund and entities contracting for their own audits are not required to issue RFP's. However, the State Board of Accounts does recommend the RFP process for anyone soliciting audit services.

    Auditor Qualifications and Contract

    To be considered for the audit, the private examiner selected must:

    • Be a certified public accountant (CPA) and/or CPA firm licensed to practice in the State of Indiana.
    • Meet applicable independence requirements of Government Auditing Standards issued by the Comptroller General of the United States (Yellowbook) or the American Institute of Certified Public Accountants (AICPA).
    • If performing audits in accordance with Yellowbook, maintain professional competency through continuing professional education.
    • If performing audits in accordance with Yellowbook, obtain an external peer review at least once every three years and provide their most recent external peer review report and any letter of comment to both the entity to be audited and the State Board of Accounts.
    • Have no record of performing substandard audits.
    • Understand the role of the State Board of Accounts in the audit process and that they are acting as an agent for the State Examiner.
    • For hospitals, be experienced in hospital matters in accordance with IC 16-22-3-12(c).

    To obtain approval for a private examiner to audit under IC 5-11, the audit contract and private examiner's external peer review report and any letter of comment must be submitted to the State Board of Accounts, prior to signing. Contracts with no reference to and acknowledgement of the responsibility of the State Board of Accounts in this process via reference to State Examiner Directive 2015-2 and inclusion of same via addendum to the contract will be rejected. Upon completion of our review, we will issue a written approval or request modifications with such modifications detailed. It should be resubmitted for approval after the modifications have been made. The State Board of Accounts is to be provided the final contract with all addendums that has been signed by all parties.

    The approval of the audit contract by the State Board of Accounts is not an assertion that the audit will satisfy federal funding agencies or other reporting requirements. The approval is based on limited knowledge of the overall audit requirements and is not to be used as a substitute for thorough planning by the private examiner and entity. The State Examiner does not take any responsibility for the audit work completed by the private examiner nor the opinion issued. We will work with the private examiner to provide appropriate audit services, but the ultimate responsibility for audit work remains with the private examiner.

  • Auditor Responsibilities for Audits not Conducted Under IC 5-11-1-24.4
    • The audit will be conducted in accordance with auditing standards generally accepted in the United States of America; Government Auditing Standards (if applicable); Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards or Uniform Guidance (if applicable); and, for hospitals, the American Institute of Certified Public Accountants (AICPA) Audit and Accounting Guide for Health Care Entities. Revisions to any of these standards and guides will be incorporated by the effective date established by the standard setting body.
    • The audit will address items of noncompliance as they pertain to the auditee. The applicable uniform compliance guidelines developed in accordance with IC 5-11-1-24(a) for the entity under audit can be found on the State Board of Accounts website.
    • Any fraud, abuse, malfeasance, misfeasance, nonfeasance or illegal acts identified, suspected, or brought to the attention of the private examiner shall be reported by the private examiner, immediately upon discovery, to the State Board of Accounts. Materiality is not a factor to consider in that all such items are to be reported to the State Board of Accounts. Review State Examiner Directive 2015-6 for more detailed information.
    • The State Examiner will be notified immediately via email if the books and records are not in a sufficiently satisfactory condition for performing the audit.
    • The State Examiner will be notified immediately if it is anticipated the independent auditor's report will be qualified, adverse, or a disclaimer in accordance with the Codification of Statements on Auditing Standards contained in AICPA Professional Standards AU-C Section 705. The auditor may be asked to confer with the State Board of Accounts or provide supporting workpapers justifying the anticipated opinion.
    • The State Board of Accounts will be provided a draft copy of the report and any separate communications with those charged with governance and/or management in accordance with Codification of Statements on Auditing Standards contained in AICPA Professional Standards AU-C Sections 260 and 265 in an unlocked pdf, Microsoft Word, or Microsoft Excel file using the appropriate email address. Upon review and return to the independent public accountant with no or minimal changes recommended, the date of the exit conference can be established.
    • The State Board of Accounts will be notified of the date, time, and location the results of the audit will be discussed with entity officials (exit conference) at least 5 business days prior to the meeting by email.
    • The State Board of Accounts will receive a copy of the final report, as well as any separate communications with those charged with governance and/or management in accordance with Codification of Statements on Auditing Standards contained in AICPA Professional Standards AU-C Sections 260 and 265 in an unlocked pdf, Microsoft Word, or Microsoft Excel file. These files will be emailed using the appropriate email address within 10 business days of the report being issued by the private examiner.
    • The State Board of Accounts will be provided the names, postal addresses (preferably an office address if they normally receive entity-related mail there), and email addresses of the entity's chief executive officer, chief financial officer, if any, and governing board president.
    • All documentation used to support the financial audit report as well as any separate communication to the entity's governance and/or management will be available for review by the State Board of Accounts at the State Examiner's discretion.

    All correspondence will be via HousingAuthorities@sboa.in.gov for housing authorities and Hospitals@sboa.in.gov for hospitals. All other entities should use the email addresses for the contact individuals found on the State Board of Accounts website under Private Examiner Audits/State and Local Governments.

  • Investigation of Potential Fraud, Abuse, Malfeasance, Misfeasance, or Nonfeasance

    The State Examiner retains the authority to investigate any fraud, abuse, malfeasance, misfeasance, or nonfeasance identified by the private examiner. This can be performed by either the independent public accountant or State Board of Accounts' field examiners. If the circumstances dictate a more detailed investigation is necessary and the independent public accountant has agreed to perform this investigation in coordination with the State Board of Accounts, the private examiner shall inform the organization's management and those charged with governance in writing of the need for such additional investigation and the additional costs required as a result of the additional work needed. An amendment to the audit contract will be made by the entity and private examiner for such additional investigation, with the written approval of the State Examiner.

    If State Board of Accounts' personnel perform the investigation, the standard cost will be charged.

  • Audit Report

    The report must contain the financial statements of the entity and the private examiner's opinion thereon. The financial statements may be prepared by the auditee on the GAAP basis or one of the following other comprehensive bases of accounting: a) modified cash basis, or b) cash basis. If required, the report must include a Schedule of Expenditures of Federal Awards and accompanying Notes that meet the requirements set out in Uniform Guidance.

    If the financial statements are prepared on a basis of accounting that would not require the entity to report on the face of the financial statements or in a written note disclosure information concerning outstanding debt, capital assets, or receivables and payables, the report is required to include a Schedule of Long-Term Debt, a Schedule of Capital Assets, and a Schedule of Receivables and Payables as Supplementary Information.

    If required, two additional reports must be issued in accordance with Government Auditing Standards and Uniform Guidance:

    1. Report on Internal Control Over Financial Reporting and on Compliance and Other Matters Based on an Audit of Financial Statements Performed in Accordance With Government Auditing Standards.
    2. Report on Compliance With Requirements That Could Have a Direct and Material Effect on Each Major Program and on Internal Control Over Compliance in Accordance With Uniform Guidance.

    The private examiner is required to comply with all other applicable reporting requirements in accordance with Uniform Guidance.

    Findings of noncompliance with laws and regulations in accordance with IC 5-11-5-1(a) are required in addition to the findings required to be included in the financial audit report for compliance with Government Auditing Standards and Uniform Guidance. These findings must be based upon one of the following: 1) failure of the entity to observe a uniform compliance guideline under IC 5-11-2-24(a), or 2) failure of the entity to comply with a specific law. Furthermore, the finding must designate the uniform compliance guideline or the specific law upon which the finding is based.

    In addition to compliance testing for laws and regulations, the audit shall include additional compliance testing as deemed necessary for the risks identified during the examination process and the methods and accuracy of the accounts and reports of the person examined.

    If a compliance issue is identified during the compliance review and the noncompliance is deemed by the private examiner to be more than an isolated incident and/or indicative of a pattern of noncompliance, a written comment must be included in the report. The written comment shall be written in accordance with the Audit Results and Comments section of this Guideline.

    The report shall also include any response from the entity's officials concerning the audit. Per IC 5-11-5-1, before an examination report is signed, verified, and filed, the officer or chief executive officer of the state office, municipality, or entity examined must have an opportunity to review the report and to file a written response to that report. If a written response is filed, it shall be submitted by the entity to the private examiner and become a part of the report.

  • Audit Results and Comments

    Audit Results and Comments (ARC's) are used by the State Board of Accounts as the method of transmitting, for the public record, significant comments to the management and governing body of a governmental unit and to the general public. These comments shall be limited to addressing noncompliance with state statutes, noncompliance with uniform compliance guidelines issued by the State Board of Accounts, or the detection of errors or irregularities identified by the private examiner during the audit process.

    These guidelines are designed to assist the private examiners in determining when to report instances of noncompliance discovered during the audit. These are only guidelines. If a private examiner identifies any instances of noncompliance they feel, based on their professional judgment, need to be reported, they shall report those instances of noncompliance in an ARC.

    The private examiner shall exercise sound professional judgment in determining if and when an issue of noncompliance rises to the level of becoming a written ARC. Instances of noncompliance noted during the audit shall be evaluated and the significance of such noncompliance shall be determined. For example, if the entity failed to record one or more financial transaction in the records, the private examiner shall evaluate the significance of the transactions not recorded. Those instances of noncompliance determined by the private examiner to be minor issues will be communicated to management and the State Board of Accounts in a management letter. This management letter is not a public document but is a method for reporting minor issues to the entity. Those instances of noncompliance determined by the private examiner to be significant items will be reported via an ARC in the report.

    ARC's and their supporting documentation can be requested for review by the State Board of Accounts prior to the issuance of the report. After review, the State Board of Accounts reserves the right to either perform or request the private examiner perform additional audit work if deemed necessary by the State Examiner.

    If a report prepared by a private examiner identifies areas of malfeasance, misfeasance, or nonfeasance that the State Examiner deems necessary to certify to the Attorney General and the County Prosecutor, the State Board of Accounts will issue a report identifying those areas of malfeasance, misfeasance, or nonfeasance. If necessary, a request for repayment will be made in that report.

    Format of the Audit Result and Comment

    ARC titles shall be clear and state the problem succinctly.

    The first section of the ARC shall contain factual and detailed description(s) of the noncompliance or the errors or irregularities detected. Information necessary to put the noncompliance in perspective to the population as a whole should be included when useful. The private examiner shall include details that clearly indicate the work performed and conclusions reached to avoid any confusion on the part of the reader. All instances of noncompliance that are similar in nature shall be reported together in one ARC.

    The second section shall cite and quote an applicable law or uniform compliance guideline. When quoting a uniform compliance guideline, the chapter in the manual or the volume of the bulletin must be cited. If the uniform compliance guideline refers to compliance with a regulation, contract, ordinance, attorney general's opinion, etc., the applicable portion of the authoritative material must also be quoted. Uniform compliance guidelines manuals and applicable bulletins can be found at www.in.gov/sboa.

    ARC's shall be organized in the report by severity. The most severe ARC's shall appear first, followed by those comments that are less severe. Examples of previously issued ARC's can be viewed at www.in.gov/sboa/resources/reports/audit.

    Audit Documentation Necessary to Support the Audit Result and Comment

    Audit documentation is the written record of the audit procedures applied, evidence obtained, and conclusions reached that support the private examiners' performance of compliance testing. Any audit documentation used to support ARC's shall specifically state the following:

    • The description of documents reviewed.
    • Specific items such as the receipt number, check number, date, etc., and/or any other description that identified the documents or transactions tested.
    • The names of personnel inquiries were made to.
    • A description of the compliance requirements tested.
    • A description of the procedure used to determine the selection of items to be tested.
    • The compliance attributes tested.
    • The results of the testing including, but not limited to, the number of instances of noncompliance found and whether the instances of noncompliance warrant an ARC in the report.

    Any instance of noncompliance shall be clearly documented by the private examiners. The audit documentation shall be detailed enough that another private examiner or State Board of Accounts personnel could re-perform the same procedures and reach the same conclusion.

    If the private examiner discovers fraud or other questionable transactions, a copy of the original document shall be retained.

  • Federal Findings - Section II and Section III

    Audit findings shall be presented in sufficient detail for the auditee to prepare a corrective action plan and take corrective action and, for Federal agencies and pass-through entities, to arrive at a management decision if an audit in accordance with Uniform Guidance was performed. Findings that relate to both the financial statements (Section II) and federal awards (Section III) must be reported in both sections. This can be done by repeating the finding or summarizing the finding in one section with a reference to the detailed finding the in the other section. Each audit finding shall include a unique reference number to allow for easy referencing of the audit findings during follow-up. A standard format will be used for audit finding reference numbers. The format is the four digit year, a hyphen, and a three digit sequence number (ex. 20XX-001, 20XX-002, etc.). Numbering of audit findings is continuous between Section II and Section III: the numbering system should not re-set to 20XX-001 in Section III. Each finding will include a title that briefly describes the context of the finding. Each title will be unique and not duplicated as a title in another finding included in the schedule of findings and questioned costs.

    Section II Findings – Financial Statement Findings

    Findings are to be written in accordance with Government Auditing Standards. Private examiners should review the latest revision of Government Auditing Standards to ensure their findings contain all the elements established therein. The following is a synopsis of those elements:

    • Condition is a situation that exists. The condition is determined and documented during the audit.
    • Cause identifies the reason or explanation for the condition or the factor or factors responsible for the difference between the situation that exists (condition) and the required or desired state (criteria), which may also serve as a basis for recommendations for corrective actions. Common factors include poorly designed policies, procedures, or criteria; inconsistent, incomplete, or incorrect implementation; or factors beyond the control of program management. Auditors may assess whether the evidence provides a reasonable and convincing argument for why the stated cause is the key factor or factors contributing to the difference between the condition and the criteria.
    • Effect or potential effect is a clear, logical link to establish the impact or potential impact of the difference between the situation that exists (condition) and the required or desired state (criteria). The effect or potential effect identifies the outcomes or consequences of the condition. When the audit objectives include identifying the actual or potential consequences of a condition that varies (either positively or negatively) from the criteria identified in the audit, "effect" is a measure of those consequences. Effect or potential effect may be used to demonstrate the need for corrective action in response to identified problems or relevant risks.
    • Criteria is the laws, regulations, contracts, grant agreements, standards, measures, expected performance, defined business practices, and benchmarks against which performance is compared or evaluated. Criteria identify the required or desired state or expectation with respect to the program or operation. Criteria provide a context for evaluating evidence and understanding the findings. The criteria is the requirement upon which the audit finding is based, this can include statutory, regulatory, or other citations.

    Section III Findings – Federal Award Findings and Questioned Costs

    The finding should be written in a way that the issues being addressed are clear to the reader. If the issue relates to multiple compliance requirements, then each compliance requirement should be listed in the title. If it is a situation in which there is a lack of controls over all or a majority of the compliance requirements that were determined to be direct and material to the program then the following standard title should be used: Internal Control Over (Insert name of program(s). The cluster name should be used in lieu of the program name if the issue pertains to all of the programs included in the cluster.

    Findings are to be written in accordance with Uniform Guidance 2CFR Part 200, Subpart F, § 200.516. Private examiners should review the Uniform Guidance to ensure their findings contain all the elements established therein. The following is a synopsis of the CFR cited noted above:

    Format of Finding

    • Federal program and specific Federal award identification including the CFDA title and number, Federal award identification number and year, name of Federal agency, and name of the applicable pass-through entity. When information, such as the CFDA title and number or Federal award identification number, is not available, the auditor must provide the best information available to describe the Federal award.
    • Condition should include facts that support the deficiency identified in the audit finding.
    • Context provides information that gives a proper perspective for judging the prevalence and consequences of the findings, such as whether the audit findings represent an isolated instance or a systematic problem. Where appropriate, instances identified shall be related to the universe and the number of cases examined and be quantified in terms of dollar value.
    • Cause that identifies the reason or explanation for the condition or factors responsible for the difference between the condition and the required or desired state (criteria). This may serve as the basis for recommendations for corrective action.
    • Effect or potential effect that provides a clear, logical link to establish the impact or potential impact of the difference between the condition and the criteria. Effect should provide sufficient information to the auditee and Federal agency, or pass-through entity, in the case of a subrecipient, to permit them to determine the cause and effect to facilitate prompt and proper corrective action.
    • Identification of known questioned costs and how they were computed.
    • Criteria or specific requirement upon which the audit finding is based, this can include statutory, regulatory, terms and conditions of the award, or other citations. In a few instances you may cite the Indiana Code, if the compliance requirement indicates you should follow a state statue or policy, but this would be in conjunction with the criteria stating you need to follow the state statue or policy. The Uniform Guidance compliance supplement can provide guidance to applicable CFR's for the applicable compliance requirements but you can't site the supplement itself.
    • Recommendations should be tailored to the unit to prevent future occurrences of the deficiency identified in the audit finding.
    • Identification of whether the finding is a repeat of one in the immediately prior audit including the applicable prior year audit finding number.
    • Views of responsible auditee officials.

    Additional Guidance

    Only include instances of noncompliance that are related in the same finding. The internal control issue related to the noncompliance should be included in the same finding. Any instances of noncompliance that are not related should be in separate findings. All issues related to a finding should be included in the finding. An ARC should not appear in the report for issues related to what is disclosed in a finding. Any issue related to the financial statement or a major program that is material should be disclosed in a finding and not in an ARC.

    If there is an internal control issue in which no control was in place, the auditor should not provide their opinion of what the control should have been. There should only be a statement that they had no control over the compliance requirement.

    After stating the facts and including the audit finding detail as outlined above, the finding should speak for itself without further information from the examiner.

  • Audit Review (Draft and Final Versions), Acceptance, and Distribution

    Due to our oversight responsibility for audits performed in accordance with IC 5-11-1-9 quality control reviews of the audit reports focusing on sufficiency in scope, adequacy in quality, and compliance with appropriate professional standards are conducted prior to their issuance on the State Board of Accounts website. Additionally, we will evaluate any findings contained therein as well as those reported in any separate communication from the independent public accountant to the entity for further action required of this department. There shall be no written communication between the private examiner and the entity that is not shared with the State Examiner.

    Letters, reports, or correspondence between the independent public accountant and the entity shall be consistent with the findings published in the audit report and should not include any items that should be disclosed in the findings found in the published audit report in accordance with all applicable standards and Guidelines but were not. Submission of these separate communications shall be submitted in the form, time, and process specified in the Auditor Responsibilities section of these Guidelines. These items will not be posted or distributed as specified in this section of these Guidelines.

    The private examiner may be contacted regarding issues noted and asked for clarification, supporting documentation, additional investigation, etc. Upon satisfactory resolution of issues, the State Board of Accounts will inform the private examiner that the exit conference date with entity officials can be established.

    The audit report will be posted to the State Board of Accounts' website and distributed as required by IC 5-11-5-1(a) if it is found to satisfy the guidelines and standards adopted by the State Board of Accounts. If it does not satisfy the guidelines and standards adopted by the State Board of Accounts, the State Examiner will provided the private examiner the opportunity to correct the deficiencies noted and resubmit the report for review and acceptance. If the deficiencies are not resolved, the State Examiner may proceed with any number of actions which include:

    • Post the report to the State Board of Accounts website with a written statement attached notifying readers that the report does not satisfy the guidelines and standards adopted by the State Board of Accounts.
    • Conduct a second audit of the same time period as the deficient audit with all associated costs charged.
    • Reject all future contracts with the private examiner or approve with additional conditions imposed.
  • On-Site Review of Private Examiner

    A review may be performed "on-site" at the private examiner's place of business at the State Examiner's discretion. The review will be done to determine the private examiner's sufficiency in scope, adequacy in quality, and compliance with appropriate professional standards. They are conducted at a time mutually agreeable to both parties taking into account seasonal demands of the profession. However, unnecessary delays or demonstrated noncooperation by a private examiner may result in the State Board of Accounts not approving any additional contracts with them for audits. They are usually completed within a day followed by an exit conference to discuss the results. An entity should not receive an additional billing from the auditor in connection with this review. Auditors desiring compensation for the minimal time expended during a review should incorporate this charge within their contract for audit services. Any reports submitted to the State Board of Accounts shall be at no cost to the State Board of Accounts.

  • Audits Conducted Under IC 5-11-1-24.4 - Opt-Out Entity Audits

    Statutory Authority

    IC 5-11-1-24.4 allows entities, with the some exceptions, to request an "opt-out" of an examination by the State Board of Accounts if certain criteria are met. Among these are the establishment of an internal control department and internal control officer. Also, the request must be made in writing, the legislative body must approve the request via resolution, and the request is filed with the State Board of Accounts more than one hundred eighty (180) day before the beginning of the audited entity's fiscal year. The statute also establishes selection procedures for the certified public accountant and the composition of the audit committee. Any entity wishing to "opt-out" under this statute should read the entire statute to ensure that they can exercise this option and all required steps are understood and followed to obtain the desired "optout".

    It is important to remember that the certified public accountant selected to perform the audit is required to conduct the audit in accordance with State Board of Accounts guidelines; notify the State Examiner immediately and before disclosure to the audit entity, of known or suspected fraud, abuse, or any other crimes; provide the final report to the State Board of Accounts; and allow access to the workpapers for review by the State Board of Accounts. The statute requires a second audit by the State Board of Accounts if the certified public accountant's audit fails to satisfy guidelines and standards adopted by the State Board of Accounts with the associated costs charged. For this reason, entities and certified public accountants should consult the State Board of Accounts whenever they have questions concerning the audit. The audited entity will reimburse the State Board of Accounts for any direct and indirect costs incurred when providing technical assistance and support requests by the audited entity.

    This statute does not eliminate the State Board of Accounts' ability to conduct a compliance review or an examination under IC 5-11-1-.9.5 as a result of an alleged malfeasance, misfeasance, or nonfeasance with all standard audit costs charged.

    Auditor Selection and Audit Frequency

    An entity's legislative body must establish an audit committee of three members in accordance with IC 5-11-1-24.4(e)(1). This committee evaluates, ranks, and recommends certified public accountants based on the factors and following the procedures established in IC 5-11-1-24.4.(e)(2). The legislative body selects the certified public accountant and negotiates a contract. This contract must include the seven items detailed in IC 5-11-1-24.4(e)(5).

    IC 5-11-1-24.4(e)(6) allows a legislative body to renew a contract with a certified public accountant if the original contract was awarded in accordance with this section.

    Audit frequency is subject to requirements set forth by the funding agencies, the needs of the entity, IC 5-11-1-25, and other statutes.

    Fraud, Abuse of Public Funds, or Other Crimes

    IC 5-11-1-24.4(e)(5)(E) also requires identified or suspected instances of fraud, abuse of public funds, or other crimes be reported to the State Board of Accounts immediately. It adds that this notification is to be made before disclosing this information to the audited entity itself. This report shall be sent to the State Board of Accounts in accordance with State Examiner Directive 2015-6. This Directive should be reviewed for an expanded detail of actions to be taken by both the auditee and auditor in these instances.

    Audit Completion and Auditee Contact Information

    The certified public accountant must deliver the final audit report to the audited entity and the State Board of Accounts simultaneously and no later than thirty (30) days after completion per IC 5-11-1-24.4(f). Any separate communication to the entity's management and governance required by generally accepted auditing standards must also be provided. All items must be in an unlocked or unsecured electronic format and emailed using the appropriate email address.

    Furthermore, the names, postal addresses (preferably an office address if they normally receive entity-related mail there), and email addresses of the entity's chief executive officer, chief financial officer, if any, and governing board president will be provided to enable the processing of the report. Contact information for additional individuals may be provided if the entity so desires. It is the certified public accountant's responsibility to provide this contact information to the State Board of Accounts.

    Auditor Responsibilities

    • The audit will be conducted in accordance with auditing standards generally accepted in the United States of America; Government Auditing Standards (if applicable); Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards or Uniform Guidance (if applicable); and, for hospitals, the American Institute of Certified Public Accountants (AICPA) Audit and Accounting Guide for Health Care Entities. Revisions to any of these standards and guides will be incorporated by the effective date established by the standard setting body.
    • The audit will address items of noncompliance as they pertain to the auditee. The applicable uniform compliance guidelines developed in accordance with IC 5-11-1-24(a) for the entity under audit can be found on the State Board of Accounts website.
    • Any fraud, abuse of public funds, or the commission of a crime discovered or suspected by a certified public accountant conducting an audit under IC 5-11-1-24.4 must be reported to the State Board of Accounts immediately upon discovery and before disclosure to the auditee. Materiality is not a factor to consider in that all such items are to be reported to the State Board of Accounts. Review State Examiner Directive 2015-6 for more detailed information.
    • The State Examiner will be notified immediately via email if the books and records are not in a sufficiently satisfactory condition for performing the audit.
    • The State Examiner will be notified immediately if it is anticipated the independent auditor's report will be qualified, adverse, or a disclaimer in accordance with the Codification of Statements on Auditing Standards contained in AICPA Professional Standards AU-C Section 705.
    • The State Board of Accounts will be notified of the date, time, and location the results of the audit will be discussed with entity officials (exit conference) at least 5 business days prior to the meeting by email.
    • The State Board of Accounts will receive a copy of the final report, as well as any separate communications to those charged with governance and/or management in accordance with Codification of Statements on Auditing Standards contained in AICPA Professional Standards AU-C Sections 260 and 265 in an unlocked pdf, Microsoft Word, or Microsoft Excel file. These files will be emailed using the appropriate email address in accordance with IC 5-11-1-24.4(e)(5)(F).
    • The State Board of Accounts will be provided the names, postal addresses (preferably an office address if they normally receive entity-related mail there), and email addresses of the entity's chief executive officer, chief financial officer, if any, and governing board president. Contact information for additional individuals may be provided if the entity so desires.
    • All inquiries from the State Board of Accounts will be promptly responded to and documentation used to support the examination as well as any separate communication to the entity's governance and/or management will be available for review by the State Board of Accounts at the State Examiner's discretion in accordance with IC 5-11-1-24.4(f).

    All correspondence will be via HousingAuthorities@sboa.in.gov for housing authorities and Hospitals@sboa.in.gov for hospitals. All other entities should use the email addresses for the contact individuals found on the State Board of Accounts website under Private Examiner Audits/State and Local Governments.

    Audit Review, Acceptance, and Distribution

    In accordance with IC 5-11-1-24.4(f), quality control reviews of the audit reports focusing on sufficiency in scope, adequacy in quality, and compliance with appropriate professional standards are conducted prior to their issuance on the State Board of Accounts website. Additionally, we will evaluate any findings contained therein as well as those reported in any separate communication from the independent public accountant to the entity for further action required of this department. There shall be no written communication between the private examiner and the entity that is not shared with the State Examiner.

    Letters, reports, or correspondence between the independent public accountant and the entity shall be consistent with the findings published in the audit report and should not include any items that should be disclosed in the findings found in the published audit report in accordance with all applicable standards and Guidelines but were not. Submission of these separate communications shall be submitted in the form, time, and process specified in the Auditor Responsibilities section of these Guidelines. These items will not be posted or distributed for public inspection.

    The private examiner may be contacted regarding issues noted and asked for clarification, supporting documentation, additional investigation, etc.

    The audit report will be posted to the State Board of Accounts' website and distributed as required by IC 5-11-1-24.4(g) if it is found to satisfy the guidelines and standards adopted by the State Board of Accounts.

    On-Site Review of Workpapers

    In accordance with IC 5-11-1-24.4(f ), a review of workpapers may be performed "on-site" at the private examiner's place of business at the State Examiner's discretion. The review will be done to determine the private examiner's sufficiency in scope, adequacy in quality, and compliance with appropriate professional standards. They are conducted at a time mutually agreeable to both parties taking into account seasonal demands of the profession. However, unnecessary delays or demonstrated noncooperation by a private examiner may result in the State Board of Accounts not accepting the associated audit report thus requiring a second audit by the State Board of Accounts with the associated costs charged. These workpaper reviews are usually completed within a day followed by an exit conference to discuss the results.