Rescinded [2010-06-21] - Guide on the Audit of Federal Contributions - Part II: Suggested Approaches and Procedures

One of the activities planned by the Office of the Comptroller General (OCG) for implementation of single audits will be the provision, in consultation with Supply and Services Canada (SSC), of listings describing recipients of contributions. This information, which will in all likelihood be a by-product of the existing payments systems, will provide the means of identifying groups of departments that could work together for the purpose of conducting single audits, and the basis for choosing a cognizant or lead department for the audit. As indicated in Chapter 4 of Part I, the OCG will play a facilitator role in this process. In the absence of. consolidated information, departments have only become aware of the related activity of other donor departments through information solicited from the recipient; through informal 'networks' of officials working on similar classes of recipients, or by chance through some other means. This informal approach has not been conducive to any joint planning of the audit of contribution recipients; planning that could reduce inconvenience to recipients and provide more cost effective auditing.

The plan is to have departments provided with a list of recipients that were also funded by other federal departments in the preceding fiscal year. These lists will contain details of amounts paid and other departments involved. The precise method by which this will be handled over the longer term is the subject of an assessment now being conducted by OCG and SSC staff, using the basic principle that a by-product approach will be used. Thus the system will be subject to developments underway and/or planned in other application areas. Initially, these recipient lists are being produced from the list of recipients provided by departments for Public Accounts purposes. This imposes some problems since only amounts over $25,000 are being reported and the list includes grants because current reporting requirements for Public Accounts do not call for a strict separation of grants and contributions. Additionally, because the detail must be sorted alphabetically and no standard input criteria have been set, some manual editing is required by the Single Audit Implementation Project Office. Moreover, the recipient lists are only available on a yearly basis. it is anticipated that this basic source of data will be replaced in time for 1983-84, allowing provision of lists that are more comprehensive, accurate and frequent.

Departments will be asked to identify from the listings provided, those recipients that seem appropriate for single audits. Criteria to be used to determine appropriateness for single audits could include some combination of the following:

• the contribution is of a material amount and the terms and conditions are such as to justify an audit;
• recipient gets funding on a regular basis, i.e. year after year, and more or less the same group of federal departments fund the same recipient each year;
• timing required for audit is flexible;
• provincial government is a cofunder, or a major federal-provincial cost sharing arrangement is involved.

Recipients funded by a common set of departments should be grouped together to facilitate negotiations. A list of prospective single audits should be sent to the other departments concerned with a copy to the OCG. The OCG could take part in such negotiations as an advisor. The department with the largest dollar amount of contribution to a particular recipient, or one with the predominant program interest could be nominated as the cognizant department responsible for coordinating the planning, execution and reporting of the single audit. All such single audit plans should be available to the OCG for review in assisting the Single Audit Implementation Project Office to acquire a body of knowledge on the planning of single audits that would be available in generic form as a reference source to all concerned.

The departments grouped together to perform single audits of recipients should nominate officials to form an audit steering group. This group will serve as liaison to the cognizant department nominated.

The cognizant department will seek direction and assistance from the audit steering group in carrying out its single audit responsibilities, which include:

• timing of recipient audits;
• liaison with recipients, auditors, other interested parties;
• selection of auditors; or approval of auditors selected by recipients;
• obtaining cross-servicing agreements;
• setting out federal audit objectives, minimum scope requirements, major compliance requirements, reporting requirements, and access to documentation required; and
• evaluation of adequacy of audits undertaken.

The role of the single audit steering group in assisting the cognizant department to perform single audits is developed further in Chapter 3, Single Audit of a Recipient.

In Part II, Chapter 2, a process for determining the cognizant department is suggested. When the cognizant department is determined, then audit planning can commence.

The importance of planning cannot be overstressed  since proper and careful planning will provide short and long term benefits which aid in achieving an efficient and effective single audit.

The single audit of a recipient requires planning at two levels. The primary level of planning involves agreement between the cognizant and other donor departments on several matters. Documentation of this planning should occur in a Cross- Servicing Agreement which will be signed between the donor departments and the cognizant department.

The Cross-Servicing Agreement should address the following areas:

• composition, duties and reporting lines of the single audit steering group;
• a broad outline of audit objectives;
• a broad definition of audit scope;
• arrangements for sharing of direct and indirect audit costs;
• technical and personnel resources to be committed to the single audit for such matters as training, problem settlement, follow-up to audit, etc.;
• audit reporting requirements of the other donor departments;
• access through the cognizant department to audit documentation;
• procedures for follow-up to audit findings; and
• a procedure for selecting recipients to be subjected to audit.

The second level of planning should occur through the single audit steering group.

a) Single Audit Steering Group

The composition of the single audit steering group should result in each donor department being represented. Since the role of financial services is to provide program managers with "functional guidance and support in determining compliance to the terms and conditions applicable to the contribution", financial officers or program management personnel themselves will likely, be the representatives of the respective departments in this group.

The single audit steering group should be charged with responsibility to support the cognizant department in planning, directing and managing the single audit of a recipient. Their role would be to support and supplement the broad audit objectives, scope, and reporting requirements formalized in the Cross-Servicing Agreement between the cognizant department and the other donor departments. The single audit steering group will also act as a forum to settle problems which may develop between any of the auditors, recipient or donors.

b) Audit Objectives

As noted previously, the Cross-Servicing Agreement should outline the broad audit objectives which apply to a single audit. These should be to determine that:

1. Funds provided are being used in accordance with the terms and conditions of the contribution agreements and that the recipient has complied with the specified laws and regulations governing the contributions.
2. The recipient utilizes financial and other administrative procedures with proper internal controls to protect federal interests (and where provinces are involved in the single audit, provincial interests as well) and to effectively discharge management responsibilities.
3. Financial information included in reports and financial statements are presented fairly and (where previous period information is included) reported on a basis consistent with that of the prior period.

These broad audit objectives should be common for most single audits of recipients receiving contributions from more than one department.

The single audit steering group will incorporate these objectives in the audit and supplement them with more specific objectives to satisfy the needs of the particular departments relying on the single audit. The added objectives will be developed as a result of the requirements of specific contribution agreements. The objectives may address a wide range of financial and non-financial compliance requirements which are contained in the particular contribution agreements. Before any single audit is undertaken, the single audit steering group should ensure that the objectives are clearly and precisely defined.

c) Audit Scope

The Cross-Servicing Agreement should define the broad audit scope for single audits. This should include:

1. a reference to the scope required by generally accepted auditing standards (see Appendix "A");
2. the identification of recipient(s) who are eligible for the single audit application. In addition to the scope required by generally accepted auditing standards, the scope of audit should include a review of the systems and procedures that are established to ensure compliance with the terms and conditions, laws and regulations affecting the expenditure of contribution funds;
3. the periods under review;
4. the specific contribution agreements subject to the single audits.

While supporting the broad audit scope referred to in the Cross-Servicing Agreement, the single audit steering group should supplement the scope with details relating to specific scope requirements. Some of these specific scope considerations may be:

1. The period under review should not exceed two years. However, the audit steering group should try to ensure that the audit period is broad enough to encompass the review of all contributions selected for the single audit. (See No. 3 below.)
2. In some instances, access by the auditors may be restricted due to the sensitive nature of the material being reviewed. 1f this occurs, the audit steering group should plan alternative measures on which the auditor could rely for reporting purposes. This restriction of audit scope should be dealt with prior to the audit commencing in order that the restriction can be referred to in the engagement letter. (See Section 1 (f) for a discussion on engagement letters.)
3. A specific list of contributions under review should be prepared prior to the start of the single audit. The list should comprise those contributions selected by program managers of the donor departments participating in the single audit.

d) Frequency and Timing

In planning the single audit of a recipient, consideration should be given to the period subject to audit and the deadline by which audit reports should be submitted. The Cross-Servicing Agreement should document consensus on the period subject to audit. This decision would depend on the size of funding involved, the materiality of the contribution and any concerns related to compliance. Usually, the period under review will be one fiscal year with the period end coinciding with that of the recipient. However, in situations where there is a material amount involved and a concern that there is non-compliance with the contribution agreement, the audit period may be less than one year, and the period end may be other than the recipient's year end. As mentioned, single audits should not cover a period of more than two years.

The single audit steering group should be responsible for planning the start date of the single audit. Circumstances beyond the control of the group may interfere with the planned start date, but every attempt should be made to start as soon after the fiscal year end of the recipient as possible.

During the planning stage, the single audit steering group should establish target dates for completion of the audit, receipt of audit reports and completion of settlement procedures. The sequencing of these events will provide goals to be achieved and direction to recipients regarding timing of audit. These dates should allow an adequate time frame in which the audit can be performed but should not allow for undue delay in completion of the single audit. In circumstances where an audit might result in a refund of contribution funding, the longer an audit is delayed the more difficult will be attempts to settle the final claim.

e) Sharing of Audit Costs and Fees

Two potential sharing arrangements should be agreed to prior to the start of the single audit. These are:

1. sharing between the cognizant department and the recipient; and
2. sharing 'among the cognizant department and other departments.

In the sharing of audit costs between the cognizant department and. the recipient, allocation should be predicated on the extent of additional auditing required to satisfy audit objectives established by the donor. Some arrangement may be made to consider audit costs as part of the contribution, but this decision should be left to the donor department.

Among federal departments, consideration for sharing audit costs should include:

1. a proportional allocation based on the amount funded by each department;
2. an allocation based on the effect on audit scope and extent of testing required to ascertain compliance to different contribution terms and conditions;
3. an allocation based on the extent of resources provided by each department in administering the single audit.

Each of these considerations should be a factor in negotiations among the departments to allocate audit costs and fees.

The compiling of audit costs will require that the single audit steering group define costs associated with the single audit. Since this must be performed in the planning stage, only an estimate of this cost will be available. However, based on this estimate some allocation should be provided. If, after the audit is complete these actual costs are determined to be substantially different, then some reallocation might occur.

f) Selection of Auditors

The policy section of the Guide states that:

For the single audit of a recipient, the auditor to be used should be agreed to in the Cross-Servicing Agreement.

Agreement to use the external auditor engaged by the recipient should be the result of an evaluation of the acceptability of this auditor based on the auditor's independence, qualifications and integrity, and bearing in mind the overall need to protect the federal interests. Where such an external auditor is used, the single audit steering group, through the cognizant department, should forward a letter of understanding to the recipient and auditor which communicates:

1. reliance placed by the donor department on the auditors and their audit;
2. audit objectives established in the Cross-Servicing Agreement;
3. audit scope determined by the Cross-Servicing Agreement;
4. type of audit report required by the cognizant department including addressee;
5. a clear understanding with respect to access to working papers;
6. lines of communication between the auditor, recipient and donors; and
7. responsibility of the auditor/recipient to have the single audit completed by specific target dates.

Where the decision to choose an auditor, other than one presently used by the recipient occurs, a formal selection process should be undertaken. This process should follow Treasury Board Administrative Policy Manual - Chapter 315 on Consulting and Professional Services.

When the selection process is complete, the single audit steering group should prepare a letter of engagement for the audit. This letter should contain as a minimum, a reference to:

1. the nature of the audit work to be performed;
2. the fact that the audit is not relied on to disclose defalcations or fraud, but should they be disclosed, they will be reported immediately to the cognizant department;
3. the type of audit report expected (see Section 3, Reporting) including instructions on distribution;
4. the adherence to generally accepted auditing standards and the provisions of this policy;
5. fees and billing arrangements; and
6. the scope of the audit (see Section No. 2.b) below on extent of compliance testing required).

Any other matters which require clarification should also be included.

The single audit of a contribution recipient should be performed in accordance with generally accepted auditing standards and the policy directives and guidelines issued by the Office of the Comptroller General (OCG) with respect to the audit of contributions. Generally accepted auditing standards relate to the auditors' qualifications, the performance of his examination and the preparation of his report.' Agreement by the auditor to perform the audit as outlined above should be documented in the engagement letter prior to the start of the audit.

a) Internal Control

The execution phase of the single audit should include an assessment of the recipient's systems of internal control. Internal control comprises the plan of organization and all the coordinate systems established to ensure the orderly conduct of business including safeguarding assets, reliability of accounting records and timely and reliable financial information. In the case of contributions, the system should also relate to the procedures which exist to ensure compliance with the terms and conditions of the contribution agreement.

The auditor should perform a thorough study and evaluation of internal controls to establish a basis to determine the nature, extent and timing of auditing procedures. Since the nature and sophistication of internal control will vary from recipient to recipient, the nature and extent of testing will also vary.

b) Assessment of Compliance

The single audit steering group has, to some extent, influence over the assessment of compliance through the definition of audit scope. The letter of engagement should indicate those specific terms and conditions that should be audited for compliance. The auditor should be asked to provide positive assurance on tested items and negative assurance on untested items. (See Section 3, Reporting.)

The extent of audit testing necessary should be considered by the single audit steering group and conveyed to the auditor through the letter of engagement by the cognizant department. Although the final decision on the extent of audit testing should be left to the professional judgment of the qualified auditor, the single audit steering group should be aware of the various types of tests and the methods used, both statistical and non-statistical for selection of the test sample.

If the single audit steering group wishes to influence the extent of testing in certain areas then discussion should be held with the auditor. During these discussions, the single audit steering group should define the upper error limit and confidence level which would be acceptable to them for a dollar-based sample. This effectively controls the extent of testing since low upper error limits and high confidence levels will result in larger samples and correspondingly higher audit costs. Conversely high upper error limits and low confidence levels will result in smaller samples. Caution should be used in prescribing these factors and competent staff or assistance should be available within the department to deal with these matters. Assistance in this area may be available to the department from the Audit Services Bureau of Supply and Services Canada or from sources outside the government.

During the audit, questions relating to program compliance may be raised by the auditor. In some instances, these questions will be easily resolved. In other situations the interpretation may not be clear and a decision should be obtained. The single audit steering group should provide this interpretation or defer the decision to settlement of the final claim. When the group provides interpretation these decisions should be documented. When no decision is given, the auditor should refer to the problem, in the audit report. Follow-up action could be taken based on the disclosure in the audit report.

c) Documentation

Since the program manager has the ultimate responsibility for audit, a clear understanding regarding access to the auditor's working papers must be established by the audit steering group through the cognizant department. Normally, the authorization for access to working papers would be agreed to as part of the letter of engagement which is signed prior to the audit starting. The auditor should agree to providing access to working papers at a mutually convenient time. Questions relating to confidentiality should be agreed to prior to commencement of the audit.

If the cognizant department has a specific format which would facilitate the review of working papers and the adequacy of the work performed, then this requirement should be communicated to the auditor prior to commencement of the audit. In some cases a particular analysis or reconciliation may be required to settle a contribution claim. The required format should be communicated to the auditor so that the review performed by the cognizant department could be facilitated.

For the single audit of a recipient, the documentation of evidence should meet the standards of a professional auditor. In situations where the single audit is carried out by the recipient's auditor, the evidence for the contribution audit may form part of the documentation in support of the opinion on the financial statements for the annual audit. Because of this intermingling of evidence, there may be some difficulty in efficiently reviewing the working papers.

In some cases, the auditor performing the single audit should be encouraged 'by the cognizant department to maintain separate files which would facilitate review. These files may consist of:

1. a permanent file containing general information, contracts, correspondence and documentation supporting the understanding of compliance conditions pertinent to the audit of the contribution;
2. an internal control review file containing documentation of the internal control and the evaluation of strengths and weaknesses; and
3. a period end file containing the audit program and supporting documentation for audit work completed.

The letter of engagement documenting the understanding between the cognizant department, recipient and auditor should refer to the audit report and duties of the auditor, in reporting compliance to specific terms and conditions of contributions received by the recipient. The development of contents and distribution of these reports is the final step in the single audit of a recipient.

The following requirements should be applied in the preparation of the audit report, or reports, if one report is to be prepared for each contributing department:

a) Scope paragraph

The scope paragraph should:

1. specifically identify the financial information and operations reported on: i.e. the entire set of financial statements or a special statement on the disposition of federal funds;
2. state whether the examination was performed in accordance with generally accepted auditing standards and the provisions of the Treasury Board policy on the audit of contributions, and accordingly, included such tests and other procedures as were considered necessary in the circumstances;
3. identify sections dealing with the terms and conditions of any agreements, statutes or government regulations in accordance with which the information is prepared.

b) Opinion Paragraph

The opinion paragraph should:

1. express an opinion on whether the financial information is presented fairly in accordance with the basis of accounting and any significant interpretations as described in the financial information, or in the additional information paragraph of the report;
2. indicate whether the financial information was prepared and operations are in compliance with the stated terms and conditions of agreements, statutes or government regulations referred to in a)iii) above. The auditor should provide positive assurance on tested items and negative assurance on untested items. (See also Chapter 5, Standard Audit Clauses.)

c) Additional information paragraphs

Additional information paragraphs may be required to describe the basis of accounting and any significant interpretations, when the financial information does not disclose such detail.

A sample audit report is attached to this chapter. Appropriate amendments would need to be made to take into account particular circumstances.

The cognizant department through the single audit steering group should be responsible for distribution of the audit report(s). After all audit reports are received by the cognizant department, distribution should occur through the group. Any questions regarding a report should be directed through the cognizant department by a member on the single audit steering group to the auditor.

The second report which may be received pertains to the system of internal control. This report would be prepared only if there are significant weaknesses in internal control. Although the primary function of the audit is not the detection of major irregularities or fraud, the auditor should be alert for situations or transactions that may indicate problems. If the auditor's examination indicates that material irregularities have occurred or that there exists a fundamental non- compliance to the contribution agreements, such facts should he brought to the immediate attention of the appropriate officials of the recipient organization, and to the cognizant federal department.

Significant weaknesses must be discussed with senior personnel of the auditee before any action is taken. After this, the auditor should communicate the weakness, its potential danger, and suggested corrective action to the cognizant department. Distribution of this report should be through this group to ensure that all interested parties are notified of the weakness.

The single audit steering group should attempt to build into the audit process the requirement to provide any data or information necessary for purposes of final claim settlement. As previously mentioned, the auditor may include in his working papers specific format to assist in settlements.

Once the audit report is finalized and accepted by all parties, the decision to collect overpayments or to obtain write-off authority rests with each donor department.

Sample Audit Report Giving Positive Assurance

To Donor Department:

We have examined the (financial statements) of (recipient's name) with respect to reporting on compliance with the terms and conditions of (agreement and/or specified legislation) as indicated in our letter of engagement for the year or period ended ______, 19___ Our examination was performed in accordance with generally accepted auditing standards, and accordingly included such tests and other procedures as were considered necessary in the circumstances.

In our opinion, these (financial statements) are presented fairly in accordance with generally accepted accounting principles (or the basis of accounting described below). The financial information was prepared and the operations are in compliance with the stated terms and conditions of (agreement and/or legislation) as at ______, 19___ (except as noted below).

Basis of accounting or other pertinent interpretations.

No two contribution audits are precisely the same. Although the overall audit objectives are the same for all audits, the particular procedures performed to meet these objectives must he related to the specific circumstances of each contribution program. Thus planning is an important factor in carrying out a contribution audit. The decisions made in planning are the key to efficient and effective auditing.

The research involved in preparing Part 1 of this Guide indicates that duplication of audit is common in some areas of audit. The potential for duplication increases when contributions are directed through a Federal-Provincial program. The display presented in Appendix "A" to Part I illustrates the 'naze of audit which could exist in a situation where both the federal and provincial governments, as co-donors, directly fund a common recipient within a province.

The planning of the single audit of a major Federal-Provincial program should involve agreement between the province and federal departments on a wide range of matters prior to the execution of the audit. The initial stage of planning should result in agreement with the province on the following matters:

a) Audit Objectives

A suggested listing of broad audit objectives which may be agreed to by the parties would include determining that:

1. Financial operations are conducted properly.
2. Financial statements are presented fairly in accordance with generally accepted accounting principles and applicable statutes and agreements. (For each program it would be advisable to specify the statutes and agreements).
3. Compliance exists with the terms and conditions, laws, regulations and other authorities affecting the expenditures of federal and provincial funds provided by the contribution program(s).
4. Internal control exists and meets the objectives of the federal and provincial programs.
5. Financial reports to federal and provincial governments contain accurate and reliable financial information.

b) Audit Scope

The audit scope should be determined prior to the commencement of audit. The audit scope will identify the size of the entity which is subject to audit, records to be examined, sub-recipients, materiality and other considerations which are unique to the program. The donors should also select the contribution payments to be audited considering the materiality, acceptable levels of risk, and the possible selection on the basis of a statistical sampling technique.

For purposes of communicating the audit scope to the auditor the preceding considerations are important. However, four parameters should be added to ensure the scope of audit includes a review or examination of:

1. The system of internal control of recipients and sub-recipients.
2. The system established to ensure compliance with federal and provincial authorities, and terms and conditions affecting the expenditure of contributions.
3. Financial transactions and accounts.
4. Financial statements and reports of recipients and sub-recipients.

c) Frequency and Timing

In planning the single audit of a major Federal-Provincial program, consideration should be given to the period to be covered by the audit. The normal period to be covered will be one year, however, circumstances may exist where the period will be less than, or more than, one year. For example, if the contribution program was for a period of fourteen months, then fourteen months would be a more realistic period than one year for audit purposes. In any event, the audit should not cover a period of more than two years.

Contribution audits of major Federal-Provincial programs should be performed on an annual basis when possible. In these normal circumstances the year end of the entity being audited would be the year end subject to audit. This would provide an opportunity to produce efficiency in the audit procedures related to such matters as cut-off of expenditures, confirmations and other, audit verifications. If a year end other than that of the audit entity is chosen, then these procedures would be repeated specifically for the single audit and could be inefficient.

Consideration should be given to establishing a target date for receipt of completed audits. This would encourage prompt reporting of contribution expenditures. The benefits of this include such items as more current information for reporting purposes, and an increased probability of being successful in initiating corrective action when errors occur or weaknesses are determined.

d) Selection of Auditors

In a Federal-Provincial program the choice of auditors should satisfy the concerns of both parties for the qualities of independence, competence and efficiency. As suggested in Part I, the audit may be performed by any of the following:

• Audit Services Bureau of the Department of Supply and Services;
• external auditors retained by the recipient;
• independent auditors retained by the donor or cognizant department or agency.

The selection of auditors should be performed according to the requirements of the Treasury Board Administrative Policy Manual, Chapter 315 on Consulting and Professional Services. Treasury Board guidelines require the issuance of a request for proposal and provide guidance in the preparation of this request. The request for proposal should contain the following information as a minimum requirement:

1. Federal and provincial department requesting the proposal and an address to which the proposal can be sent.
2. Description of the audit entity and records subject to audit including:
   • type of recipient and sub-recipient;
   • budget size and population size of financial activity;
   • basis of accounting;
   • description of records including how revenue, expenditures, etc., are recorded; and
   • description of other systems, records and procedures relating to contributions.
3. List of contributions subject to audit.
4. A statement which specifies the type of audit which is required and an outline of the audit scope.
5. A description of the compliance requirements and reference to the relevant authorities governing the expenditure of contributions.
6. The period subject to audit including year end and reporting deadlines.
7. Report requirements.
8. A specification of assistance which is available to the proposer including:
   • availability of staff assistance;
   • availability of prior period reports;
   • availability of staff to assist in answering program queries; and
   • dates of meetings to review progress during the audit.
9. Contractual arrangements and consideration of such matters as access to working papers.
10. A summary of the selection process, evaluation criteria, other information required in the proposal and a due date for the proposal.

When the auditor has been selected, an engagement letter should be prepared to formalize points presented in the request for proposal. The engagement or assignment letter should refer to:

• the entity being audited;
• the type of audit and audit report which is expected;
• an outline of the objectives and scope of the audit (see Sections l.a) and b) above);
• the adherence to generally accepted auditing standards and the provisions of the Treasury Board policy on the audit of contributions;
• the duty to report defalcations or irregularities;
• a review of internal control and the reporting of weaknesses;
• reliance on other auditors and prior levels of audit;
• access to working papers and audit programs;
• fees and billing arrangements;
• such other formal arrangements as are necessary in the circumstances.

Sharing in audit costs and fees between the federal government and a province should be equitably split according to the extent of auditing required to satisfy their respective audit objectives, and the consequent and proportional affect on the audit scope. Some effort should be made to determine audit time prior to the single audit and subsequent effect of the single audit on total time. This may form a basis for allocation of the audit costs and fees. The financial allocation will, however, be a negotiated settlement between the two levels of government.

a) Prior Levels of Audit

Because the delivery system for contributions includes federal and provincial jurisdiction with potential for overlap, prior levels of audit will exist. In the single audit situation it may be necessary, and indeed prudent, to rely on some of these prior levels of audit. Ideally, the federal program manager could set out the federal audit objectives to the auditor involved in the prior level (e.g. provincial) before the audit takes place so as to obviate the need for a federal audit.

To determine that a basis for reliance exists if the audit has already taken place, the following questions should be answered and the responses evaluated:

1. Are the financial components being audited at the prior level of audit material?
2. Is there a significant audit risk involved in the components reported upon by the prior levels of audit?
3. Is the auditor involved in the prior level of audit professionally qualified and competent?
4. Are prior level audit reports available and unqualified?

In some instances it may be necessary to communicate with the auditor involved in these prior levels, of audit and evaluate the above questions subsequent to this discussion. If the auditor is not able to rely on prior levels of audit, the scope of the single audit should be expanded. See also the general criteria for reliance on non-federal auditors discussed in Chapter 5.

b) Assessment of Internal Control

To determine the nature, extent, and timing of audit procedures to be performed, the auditor should evaluate internal accounting control to determine the degree of reliance which may be placed thereon. The evaluation should also include administrative controls for compliance requirements which do not involve financial transactions.

The auditor should document this study of internal control comprising of description, confirmation and evaluation. From this study the most efficient and effective audit program will be developed.

Where weakness exists in the internal control, the auditor should report the weakness and suggest improvements to the internal control. This will be discussed in the "Reporting" section of this chapter.

In the situation where contributions flow through to sub-recipients, consideration should be given to the sub-recipients system of internal control. An evaluation of this system may be necessary where no review has been performed by a prior level of audit.

c) Compliance Review

Guideline 3 in Part I of this Guide states:

This responsibility could be fulfilled through one of two routes. These are:

1. Involvement through the single audit steering group in developing an audit program for the single audit and a selected review of audit work performed; or
2. Publication of compliance requirements and an in-depth review of audit work performed through the single audit.

The first alternative would appear to provide a more efficient approach. The particular situation or lack of a single audit steering group may result in the approach being inoperative. If the first alternative is used, then provinci3l concerns could be added and the single audit concept would function more efficiently and effectively.

d) Documentation of Evidence
Working papers prepared for the single audit provide a written record of work performed and support for written opinions and reports. They must be complete as to:

• information and material facts;
• the scope of the work performed;
• the source of information obtained; and
• the conclusion reached.

These documents will provide a medium for review to determine the adequacy of work performed and the soundness of conclusions reached.

Since the program manager has the ultimate responsibility for audit, a clear understanding regarding access to the auditor's working papers must be established. Normally the authorization for access to working papers would be agreed to as part of the letter of engagement which is signed prior to the audit starting. The auditor should agree to providing access or information on a timely basis. Because the single audit attempts in this instance to satisfy the requirement of two jurisdictions, it may be necessary to direct requests for information through the single audit steering group. Questions of confidentiality would be settled prior to contacting the auditor.

If the department has a specific format which would facilitate the review of working papers and the adequacy of the work performed, then this would be communicated to the auditor prior to commencement of the audit. In some cases a particular analysis or reconciliation may be required to settle a contribution claim. This should be presented to the auditor for completion and the review performed by financial services could be facilitated.

The auditor performing the single audit could be instructed to maintain separate files which would facilitate review. These files may consist of:

1. A permanent file containing general information, contracts, correspondence and documentation supporting the understanding of compliance conditions pertinent to the audit of the contribution.
2. An internal control review file containing documentation of the internal control and the evaluation of strengths and weaknesses.
3. A period end file containing the audit program and supporting documentation for audit work completed.

The letter of engagement documenting the understanding between the client and auditor refers to the audit report and duties of the auditor. The development of contents and distribution of these reports is the final step in the single audit.

The following requirements should be applied in the preparation of the audit report:

a) Scope paragraph

The scope paragraph should:

1. specifically identify the financial information and operations reported on;
2. state whether the examination was performed in accordance with generally accepted auditing standards and the provisions of the Treasury Board policy on the audit of contributions, and accordingly included such tests and other procedures as were considered necessary in the circumstances;
3. identify sections dealing with the terms and conditions of any agreements, statutes or government regulations in accordance with which the information is prepared.

b) Opinion paragraph

The opinion paragraph should:

1. express an opinion on whether the financial information is presented fairly in accordance with the basis of accounting and any significant interpretations as described in the financial information or in the additional information paragraph of the report;
2. indicate whether the financial information was prepared and operations are in compliance with the stated terms and conditions of agreements, statutes or government regulations referred to in a)iii) above. The auditor should provide positive assurance on tested items and negative assurance on untested items. (See also Chapter 5, Standard Audit Clauses.)

c) Additional information paragraphs

Additional information paragraphs may be required to describe the basis of accounting and any significant interpretations when the financial information does not disclose such detail.

A sample audit report is included at the end of this chapter.

The audit report should be distributed to the parties involved in the single audit. These parties may include:

1. The federal department responsible for the contribution. More specifically, the audit report should be addressed to the program manager responsible for audit.
2. The provincial representative who has responsibility for certification of the claim.
3. Such others as may be agreed to by the parties.

The second report which may be received pertains to the system of internal control. This report may be prepared only if there are significant weaknesses in the internal control.

Significant weaknesses must be discussed with senior personnel of the auditee before any action is taken. After this has been done the auditor should communicate the weakness, its potential danger and suggested corrective action to the single audit steering group. Distribution of this report should be through this group to ensure that all interested parties are notified of the weakness.

The single audit steering group should attempt to build into the audit process the requirement to provide, through the course of the audit, the necessary data and other information on specific subjects and problem areas for purposes of final claim negotiation. If this process is successful the time required to settle final claims could be substantially reduced.

Sample Audit Report Giving Positive Assurance

To Donor Department:

We have examined the (financial statement) of (recipient's name) with respect to reporting on compliance with the terms and conditions of (agreement and/or legislation) as indicated in our letter of engagement for the year/period ended ______, 19___ Our examination was made in accordance with generally accepted auditing standards, and accordingly included such tests and other procedures as were considered necessary in the circumstances.

In our opinion, this (financial statement) is presented fairly in accordance with the basis of accounting described below. Furthermore, the financial information was prepared and the operations are in compliance with the stated terms and conditions of (agreement and/or specified legislation) as at ______, 19___ Basis of accounting or other pertinent interpretations.

Internal audit groups are responsible for the audit of internal management policies, practices and controls of contribution programs. As such, for specific audit engagements, audit procedures should be developed to provide an assessment of the following:

1. the adequacy of management controls in contribution systems and processes relating to selection, approval, payment and review of projects and of program operations;
2. the propriety of transactions;
3. the economy, efficiency and administrative effectiveness of contribution operations and delivery systems;
4. general compliance by recipients to terms and conditions of agreements and the adequacy of management efforts to determine compliance, including audits undertaken of recipients of contributions.

The scope of an internal audit of a department's contribution program should comprise:

• all organizational units (if more than one) charged with delivery of the particular contribution program;
• all systems of delivery, control and payment related to the contribution program and all operations and processes related to it; and
• the period under review should include the period since the last audit.

a) Information Sources for Audit

In addition to the Main Estimates, Public Accounts, and other documents such as organization charts which are normally reviewed as part of an audit, the following sources of information should be examined:

• acts or other legislation pertaining to the contributions program;
• sections of the organization's Strategic Overview and Multi-year Operational Plan as pertaining to contributions;
• minutes of departmental meetings on contributions (if applicable);
• terms and conditions submissions to Treasury Board;
• application forms and brochures pertaining to the contributions program;
• documents specifying the delegation of approval and financial signing authorities for contributions;
• relevant sections of the organization's financial procedures manual;
• documented guidelines on the review and approval of applications; and
• evaluation studies/operational reviews relevant to the contributions program.

b) Audit Criteria and Related Procedures

Although this Guide deals with the audit of contributions only, the management process for both grants and contributions is the same, and consequently so are the audit criteria. Based on these criteria, audit programs may be tailored for particular contribution programs. The criteria would provide a basis of assessing the adequacy of management processes involved. In addition, individual audit programs may include audit check lists designed to determine compliance to the specific terms and conditions of contribution agreements and to the pertinent statutes and regulations.

The management process for contributions is illustrated in Figure 1. The related audit criteria covering each of these management functions is summarized as follows:

1. The objectives of the contribution program should be precisely stated.
2. Terms and conditions for contribution agreements should be established.
3. Information on contribution programs should be made available to potential recipients.
4. Procedures should be established for the review and approval of applications for contributions.
5. Contribution payments should be consistent with the level of funding approved and adequate internal financial controls must be in place.
6. Validation procedures should exist to determine whether payments are being used by recipients in compliance to the terms and conditions of contribution agreements.
7. A management reporting system, incorporating appropriate financial and non-financial information should be in place to provide management with timely, accurate and useful information.
8. The intended effects of contribution programs should be identified and actual effects should be evaluated against original objectives and their intended effects.

The audit criteria have been developed by the Office of the Auditor General of Canada (OAG) based upon policies and guidelines from the Office of the Comptroller General (OCG), discussions with staff in government departments and agencies who have had considerable experience in managing contribution programs, as well as the OAG's own experience in auditing contributions. The OCG endorses the use of these audit criteria, the uniform adoption of which would constitute a set of standard contribution audit criteria for the government. As in all audit assignments, the audit criteria should be discussed with the manager of the responsibility centre subject to audit, prior to audit commencement.

Detailed audit criteria and related audit procedures follow for each component of the contribution management process.

a) Contribution Objectives

Audit Criteria

The objectives of the contribution program should be stated.

The objectives should be precise enough to allow for:

• specifying eligibility for funding;
• developing procedures for reviewing and approving applications; and
• identifying measures for determining the effectiveness of the program.

Objectives properly stated provide a means for ensuring uniform decisions on who qualifies as a recipient and they can reduce inefficiencies due to large numbers of ineligible applications being submitted and processed. The existence of such eligibility criteria is evidence that the objectives were clear enough to specify the groups eligible for funding, provided these criteria appear to be consistent with the program's objectives. Similarly, the existence of documented review and approval procedures is evidence that the objectives were sufficiently clear to guide management in this area.

Related Audit Procedures

1. Examine acts or other legislation pertaining to the contribution program to determine if:
   • program objectives as described in Main Estimates are directly related to legislation or are fully justified in the legislation;
   • eligibility criteria or review and approval procedure is specified. If so is it reflected in the departments procedures?
2. Review program objectives for the purpose of ensuring that explicit benefits can be identified for each objective.
   • Are the benefits quantifiable?
   • Are the quantifications verifiable in dollar terms?
3. Verify that the review and approval procedures are consistent with the department's stated objectives.

Other concerns that could be investigated by the auditor are:

• Are program objectives compatible?
• Do program objectives duplicate?
• Do appropriate means exist for assigning responsibilities for attainment of objectives to organizational units?

b) Establishment of Terms and Conditions

Audit Criteria

Terms and conditions for contribution agreements should be:

• established;
• consistent with program objectives and the legislated mandate of the department; and
• in compliance with Treasury Board requirements.

The audit criteria require that appropriate "terms and conditions" for contributions be established and that they should reflect the requirements of central agencies. The expression "terms and conditions" has three distinct uses in the context of a contributions program. Terms and conditions may refer to:

• eligibility criteria;
• arrangements between the donor and recipient specifying restrictions on the use of the funds, conditions for payment, audit provisions, etc.;
• a Treasury Board submission required by Section 4, Chapter 9 of the Guide on Financial Administration.

In the text, therefore, the expressions "eligibility criteria", "arrangements" and "terms and conditions submission" will be used rather than the single description "terms and conditions".

Related Audit Procedures

1. To address the criteria, the auditor should obtain all documents pertaining to the eligibility criteria and arrangements for the contributions program or funding activities under the program. In some cases there may be several funding activities associated with a given program, each with different eligibility criteria and/or arrangements. The focus of the review of eligibility and arrangements should be at the smallest funding activity of a contributions program. Each of these identifiable funding activities should have a set of eligibility criteria and arrangements. These criteria and arrangements should be consistent with the program's stated objectives and the mandate of the organization. The auditor should obtain documents which describe the rationale for the eligibility criteria and arrangements for each funding activity.
2. Evidence gained in evaluating the management process for information dissemination which follows this section will aid the auditor in assessing eligibility criteria and arrangements as to clarity and content.
3. Compare terms and conditions of agreements with recipients to Treasury Board requirements regarding submissions to seek approval of terms and conditions, as noted below.

   Submissions for terms and conditions should include the following information:

   • a clear definition of the class of recipients, written in such a way as to indicate the appropriateness of the contributions to the program objectives;
   • the organizational positions to which authority is expected to be granted by the appropriate minister to sign arrangements; the maximum dollar limitation of the authority should be indicated;
   • the organizational positions to which authority is expected to be granted by the appropriate minister to approve the payment by certifying that it is in accordance with the contribution arrangement; the maximum dollar limitation of the authority should be indicated;
   • the departmental review procedure before there is a decision that a payment of a contribution be made;
   • the supporting material required in an application from a prospective recipient;
   • the maximum amount for any recipient;
   • the evaluation procedure used to determine the effectiveness of the contribution relative to the department's objectives;
   • the method of payment: in the case of contributions, on presentation of an accounting, a cash forecast, an invoice, or a progress claim; the method of making final payment should be specified;
   • in the case of contributions, the provision of advance payments or progress payments, whenever such methods of payment are necessary, and the method to be followed by the recipient in accounting for such payments;
   • in the case of contributions, the audit arrangements, including coverage and scope;
   • the number of years over which it is expected that the terms and conditions will apply and that payments will continue to be made; and
   • other factors considered appropriate in the circumstances.
4. Compare a sample of contribution arrangements (agreements) to determine if they meet the minimum requirements set out in Chapter 9 of the Guide on Financial Administration and as reproduced below.

   A contribution arrangement is an undertaking between a donor department or agency and a prospective recipient of a contribution. It is required that there shall be an arrangement for each contribution, describing the obligations of both parties and outlining the terms and conditions under which payments will be made.

   An arrangement may be formal or it may be as informal as an exchange of letters. However, it should include at least the following:

   • identification of the recipient of the contribution;
   • purpose of the contribution;
   • effective date, duration of the arrangement, and date of signing;
   • conditions attached to the contribution;
   • financial responsibilities of the donor and the recipient;
   • allowable expenditures;
   • financial limitations;
   • method of payment, i.e. on presentation of an invoice, progress claim, or cash forecast;
   • provision, if any, for advance payments and/or progress payments, and conditions for final payment;
   • provision for audit;
   • provision that any money paid in excess of that required by the recipient is an amount due to the Crown; and
   • written acceptance of the terms and conditions of the contribution arrangements by the prospective recipient.

   In some instances, items such as allowable expenditures and financial limitations are already included in brochures and other material describing the particular program. When this is the case, the provisions included in such descriptive material need not be duplicated in a formal arrangement. The descriptive material and the acceptance of the terms and conditions contained therein should, however, be considered for purposes of meeting the above requirements.

5. Verify the linkage between stated program objectives and terms and conditions to ensure the legality of contribution agreement. A small representative sample would suffice. Determine that the linkage is monitored and controlled.

Chapter 9, Section 4 of the Guide on Financial Administration from which most of the audit procedures were developed, also contains other information on contributions that should be considered in the course of the audit.

c) Information Dissemination

Information on contribution programs should be made available to potential recipients. The information should contain eligibility criteria, and directions on how to apply for the contribution.

• Methods to determine target population should be documented.
• Procedures for the dissemination of information should be documented and complied with.
• Do the procedures ensure that the required information is reaching potential clients?

Poor communication of the departmental requirements to the target population would be indicated by:

• Poor response;
• A high proportion of ineligible applications; and )
• Applications with insufficient supporting documentation.

Related Audit Procedures

1. Review a sample of applications received to:
   • compare the number of applications received to the corresponding distribution of information;
   • determine the number of improperly completed applications;
   • determine the proportion of ineligible applications;
   • determine what percentage of applications are approved.
2. Conduct performance tests to determine that procedures and methods are adequate and are being followed.
3. Determine that results of information dissemination are being monitored and results reported to a higher level management.

Some items to be considered are:

• Does the department maintain a mailing list?
  • Is it updated?
  • Adequate?
• What advertisements/brochures are used?

d) Review and Approval of Applications

Audit Criteria

Procedures should be established for the review and approval of applications for contributions:

• Procedures for processing applications should be documented and complied with.
• The procedures should ensure that the projects selected are those most likely to maximize the achievement of program objectives.
• There should be guidelines for review by selection committees, in particular guidance to ensure consistency and fairness of operations and adequate documentation of decisions is required.
• The review and approval procedure should require that other sources of funding for a particular project be disclosed.
• Approval authority should be delegated only with appropriate controls and segregation of duties.

If procedures are not in place or not being followed, long delays in the planning phase would likely lead to cost overruns and legitimate projects not being approved.

Related Audit Procedures

1. Review a sample of contribution agreement files to:
   • ensure that applications are properly completed and signed;
   • verify that the applicant meets the eligibility criteria;
2. Evaluate the method of approval for contribution projects by:
   • identifying the time lapse and sequence of each approval;
   • comparing date of final approval and project implementation;
   • recording applications withdrawn by applicants because of time delays;
   • reviewing correspondence from applicants on time delays;
   • ensuring that projects have not commenced before approval obtained.

   In developing a check list or questionnaires for this portion of the audit it would be expected that the questionnaire would cover the following areas: (This is not an all-inclusive list but an indication of the type of concerns the auditor should have.)

   • Are standard application forms used?
   • What percentage of funds are committed to multi-year projects?
   • What percentage of applications are approved for new recipients?
   • How is the application assessed for its ability to fulfill the requirements of the agreement?
   • Is there an appeal process documented and complied with?
3. Perform compliance tests to ensure policy and are being followed: 
   • central agency policy
   • departmental policy
   • departmental procedures.  procedures are adequate and

   Verifiable indicators for each project should be clearly identified and documented.

e) Funding

Audit Criteria

Contribution payments should be consistent with the level of funding approved.

• Payment should not exceed the approved level of funding.
• Signed agreements must be in existence before any outlay of funds is made.

Adequate internal financial controls must be in place to aid in the management of contribution programs.

• Delegation of signing authorities must reflect the authorities stated in the terms and conditions section.
• Payments shall be approved by persons who have delegated authority.
• Proper segregation of duties should exist.
• Control of expenditures as detailed in Chapter 9.4.4 of the Guide on Financial Administration must be complied with.

Related Audit Procedures

1. Review Main Estimates to determine that:
   • contributions under a program are indicated in the appropriate vote title;
   • table of recipient names or a description of each, class of recipient is listed;
   • a separate vote is constituted if contributions total more than $5 million for any program within the fiscal year;
   • funds are available in the budget to meet the payments.
2. Compare delegated signing authorities in existence to the delegated authorities in the terms and conditions.
   • Verify that contribution payments are properly authorized.
   • Ensure that there is no conflict of interest and a proper delegation of authorities exists.
3. Select an appropriate sample of payments and verify compliance to "control of expenditure" requirements detailed in Chapter 9.4.4 of the Guide on Financial Administration.

Other areas of financial control that should be assessed in relation to contributions are:

• Commitments
• Year-end considerations

f) Validation of Terms and Conditions

Audit Criteria

Validation procedures should exist to determine whether funds are being used by recipients in accordance with the terms and conditions of contribution agreements.

Procedures outlining the level of validation required including the selection of appropriate recipients for audit should be documented.

The results of recipient audits and management follow-up should be communicated to a higher level of management.

Related Audit Procedures

1. Review validation procedures to ensure that:
   • the validation activities are in accordance with the terms and conditions submission approved by Treasury Board;
   • specific deadlines are set for the submission by recipients of progress reports/expenditure statements and other validation activities;
   • the procedures detail how the above-mentioned reports are to be validated and what action is to be taken if the reports are not satisfactory;
   • the procedures outline the level of validation activity based on risk assessment.
2. Compare documented procedures to the actual validation activities of a representative sample of files to determine the extent of compliance in practice.
3. Examine the sample of files to determine how/when management decides on the level of validation activity.
   • verify that approval authorities have been obtained.
   • How does management determine that progress reports and claim statements are sufficient for their use?
   • Are site visits made by program officials? If so, are such visits made by program officials divorced from the contribution approval process?
   • Is the information received as a result of these visits compared to reports submitted by recipients?
   • Do contribution agreements require that the recipient's auditors provide an opinion on compliance to terms and conditions of contributions?
   • Is there evidence to indicate that the donor department has communicated their requirements to the recipient's auditors if the department is relying on their work?
   • Does the department contract with audit agents to, perform audits of recipients?
   • How are these recipients selected? Is a risk assessment made by the program manager?
4. Examine documentation on risk assessments made for the purpose of selecting recipients for audit, to determine that the following factors were considered in such assessments:
   • the significance of the activity in terms of volume and $ volume of contributions;
   • the period of funding;
   • visibility of the program in the eyes of:
     1. Parliament
     2. Public
   • verify that approval authorities have been obtained.
   • past knowledge of problems and difficulties with recipients;
   • susceptibility of the program delivery system to fraud;
   • cost of audits versus expected benefits;
   • findings of past audits.
5. To supplement risk' assessment, evaluate the following:
   • is there a proper segregation of duties to ensure that the functions of review/approval and validation are not performed by the same individuals;
   • if peer review is used (one project officer verifying the work of another) examine a sample of files to determine independence;
   • delegation of authority associated with the validation process.
6. Review a sample of recipient audit reports to:
   • assess the materiality of audit findings;
   • determine whether recommendations are acted upon;
   • determine whether claim adjustments or recoveries are current;
   • determine whether audit results are reported to and higher level of management;  considered by a
   • determine whether quality assurance controls are in place.
7. Determine the extent to which single audit plans for the audit of recipients are being formulated and the extent to which the single audit procedures of Chapters 3 and 4 are being followed.

g) Management Information System

Audit Criteria

A management information system, incorporating appropriate financial and non- financial information should be in place to provide management with timely, accurate and useful information.

Related Audit Procedures

1. Review management reports to determine content. As a minimum the system should report on:
   • the number of applications received, approved and rejected;
   • the budget allocation, current expenditures and variances;
   • the level of current and future year commitments;
   • proposed duration of support and level of funding proposed.
2. Determine whether management reports meet the needs of management by addressing the following questions:
   • Have managers at all levels specified type and frequency of the information necessary to monitor performance in their area of responsibility?
   • Have managers specified the integration they require of performance and financial information?
   • Have appropriate means been developed to provide the required information?
   • Is the information sufficiently accurate for its intended use?
   • Is information on planned outputs versus actual provided in time to be of significant use in the management decision-making process?
   • verify that approval authorities have been obtained.

h) Effectiveness Evaluation

Audit Criteria
The intended effects of contribution programs should be identified.

Actual effects should be evaluated against original objectives and their intended effects.

• Quantitative information should be collected on the effects of programs and projects.
• Independent professional opinion on effects should be sought.

The results of effectiveness measurement should be available for planning and other management decisions.

Related Audit Procedures

1. Determine the extent and adequacy of effectiveness evaluations by the program manager.
2. Verify that the program is included in the Departmental Program Evaluation Plan and that results of Program Evaluations are used in the contribution program planning and in management decisions.