AUDIT ACTIVITIES AND REPORTS
Sections
2.02.14 Department-wide Audits
Appendix A - Guidelines for Preparing Comments on Draft Audit Reports
Appendix B - Guidelines for Preparing
Responses to Final Audit Reports
2.02.01
PURPOSE
This subchapter outlines responsibilities and procedures for audits
of NIST activities by the General Accounting Office (GAO) and the Office
of Inspector General (OIG), Department of Commerce.
2.02.02
SCOPE
The procedures outlined in this subchapter apply to all NIST employees.
2.02.03
REFERENCES
Department Administrative Order (DAO) 213-1, General Accounting Office
Liaison and Audit Follow-up
DAO 213-2, Inspector General Inspections
DAO 213-3, Inspector General Auditing
2.02.04
POLICY
It is NIST policy to provide timely and complete responses to all audits
of NIST activities and other audit-related inquiries conducted by the GAO
and the OIG and to resolve and implement audit recommendations in a timely
manner.
2.02.05
DEFINITIONS
a. Audits - An audit is an examination or analytical review
by an independent organization such as the OIG or the GAO. There are three
types of audits:
(1) Performance Audits are reviews of the efficiency, effectiveness,
and economy of programs, activities, and information technology systems.
They may check a unit's compliance with laws and regulations, and evaluate
its success in achieving program objectives.
(2) Financial Assistance Audits are reviews of contracts, grants,
cooperative agreements, loans, and loan guaranties. They assess compliance
with laws, regulations, and award terms; adequacy of financial systems
and internal controls; allowability of costs; and the degree to which a
project achieved the intended results.
(3) Preaward Contract Audits are reviews of prospective contractors;
finances, accounting systems, proposed changes, and practices for accumulating
costs to determine whether:
(a) The contractors' finances are adequate to perform the contract;
(b) The contractors' accounting system is adequate to accumulate the type of cost information required by the contract; and
(c) There are any significant deficiencies in the cost estimates
used in the contractors' proposals.
These audits also include reviews of proposed modifications to existing
contracts.
(4) Postaward Contracts are reviews of DOC's contracts conducted
by the OIG, other federal audit agencies on a reimbursable basis, by State
and local government audit units, or by independent public accounting firms
hired by the OIG or by auditees to assess the:
(a) Adequacy of accounting and internal controls;
(b) Allowability of costs;
(c) Complicance with laws, regulations, and terms of the award; and
(d) Degree to which the project will achieve or has achieved desired
results.
(5) Financial Statements Audits are reviews required by the Chief
Financial Officers Act of 1990 where federal agencies must prepare annual
financial statements and subject them to audit. The OIG is responsible
for conducting these audits and reporting the results to the Secretary
of Commerce.
b. Inspections - An inspection is a review to evaluate
agency operations, activities, or Commerce-funded organizations. It differs
from an audit in terms of depth of inquiry and timeliness of response.
An inspection is usually unannounced to agency management until the inspection
team arrives on site and is usually completed within five days. The OIG
conducts three types of inspections:
(1) Operational Inspections are brief reviews of an activity,
unit, or office, or a contractor or organization that receives funds from
the Department, focusing on an organization, not a whole program.
(2) Program Evaluations are in-depth reviews of specific management
issues, policies, or programs.
(3) Systems Reviews are reviews of the technical, management,
and contractual issues associated with the planning, development, acquisition,
and operation of computer hardware and software, automated information
systems, computer-based communication systems, as well as other technologies.
c. Investigations - An investigation is an authorized
inquiry made by the OIG special agents to gather the facts needed to resolve
an allegation that someone has violated a federal criminal law or administrative
regulation. When investigations lead the OIG to indications of criminal
wrongdoing, they refer the case to the Department of Justice for a decision
on whether to criminally prosecute, file a civil suit, or proceed by recommending
administrative action. For federal employee cases, administrative actions
could include removal from duty, demotion, suspension, reprimand, admonition,
or monetary restitution.
d. Draft Audit Report - A preliminary report of findings and
recommendations prepared by the GAO or the OIG at the conclusion of an
audit. The draft audit report is sent to NIST for review and comment.
e. Audit Resolution - The point at which the auditing group (OIG
or GAO) and agency management agree on action to be taken on reported findings
and recommendations. In the event of disagreement, the point at which the
audit follow-up official determines the matter to be resolved. The Chief
Financial Officer and Assistant Secretary for Administration is the Audit
Follow-up Official for the Department of Commerce.
f. Final Audit Report - The report published after the NIST response
to the draft audit report has been considered. The final report must give
recognition to NIST comments, including, if appropriate, opposing views
and statements of actions that have been taken or that are proposed.
g. Audit Action Plan - A plan prepared in response to a final
audit report containing target dates for completion and implementation
of each audit recommendation.
h. Recommendation - The proposed action to correct the cause
and/or
remedy the effect of an audit finding. Recommendations also include questioned
or disallowed costs.
i. Recommendation That Funds Be Put to Better Use - A recommendation
that funds could be used more efficiently if management took action, including:
(1) Reduction in outlays;
(2) Deobligation of funds from programs or operations;
(3) Withdrawal of interest subsidy costs on loans or loan guarantees,
insurance, or bonds;
(4) Costs not incurred by implementing recommended improvements related
to the operations of the establishment, a contractor or grantee; and
(5) Any other savings which are specifically identified.
2.02.06
RESPONSIBILITIES
a. The Office of the Inspector General (OIG) oversees, coordinates,
and conducts audit activities relating to programs and operations of the
Department. The OIG's authority also extends to outside auditors. The OIG
also verifies the extent to which NIST has implemented accepted audit recommendations.
The OIG is authorized by law to have access to all records, reports, audits,
reviews, documents, papers, recommendations, and other material available
to the Department which relate to Departmental programs and operations.
b. The DOC Management Control Division, Office of Management and
Organization is responsible for audit coordination, reports clearance,
and audit follow-up for GAO audits.
c. The Director of Administration is responsible for NIST cooperation
with the GAO and the OIG in conducting an effective audit program and for
designating the NIST Audit Liaison Officer.
d. The NIST Audit Liaison Officer is the Chief of the Management
and Organization Division, who centrally manages all audit activities at
NIST, and is the primary point of contact with the Department and the Operating
Unit (OU) Audit Coordinators on all audit-related matters including initiation
and coordination of audits, audit reports and resolution, and audit follow-up
activities.
e. The OU Audit Coordinator, designated by the OU Director, serves
as the central point of contact within the OU for all audit activities
related to their OU.
f. The NIST Audit Action Official is responsible for ensuring
timely responses to all audit findings, for preparing the audit action
plan, and for implementing accepted recommendations.
(1) For performance audits, the responsible program official
for the program being audited is the Audit Action Official;
(2) For financial statement audits, the Chief, Financial Officer
is the Audit Action Official;
(3) For contract audits, the Contracting Officer is the Audit
Action Official for preaward and postaward contract audits and is responsible
for notirying the OIG of a final decision on the audit issues by providing
a copy of the price negotiation memorandum requried by the Federal Acquisition
Regulation or memorandum that the contract will not be awarded; and
(4) For financial assistance audits, the Grants Officer is the
Audit Action Official and is responsible for preparing a timely audit resulution
proposal, which addresses all findings and recommendations in the audit
report, and ensuring implementation of resolved recommendations.
g. Employees are responsible for notifying the NIST Audit Liaison
Officer, through their OU Audit Coordinator, of any contact made by the
GAO or the OIG. These included, but are not limited to, audits, studies,
surveys, inquiries, information gathering, etc., about a NIST activity
or an activity of another government agency. Employees may not release
information or enter into discussions/interviews with an auditor prior
to clearance by the NIST Audit Liaison Officer, their OU Audit Coordinator,
or, in the case of a formal audit, the entrance conference. Employees are
responsible for adhering to the policies and procedures outlined in this
subchapter. In particular, see Section 2.02.09 regarding release of information.
2.02.07
ANNUAL AUDIT PLANS
The Department of Commerce Chief Financial Officer and Assistant Secretary
for Administration sends the Director of NIST a schedule of audits to be
done by the OIG during the next fiscal year. A copy of the schedule is
sent to the OU Audit Coordinators by the NIST Audit Liaison Officer.
2.02.08
AUDIT PROCEDURES
a. The NIST Audit Liaison Officer is notified prior to the starting
date of an audit and sets up the entrance conference.
b. The purpose of the entrance conference is to discuss (1) the area(s)
to be covered by the audit; (2) the purpose and scope of the audit; (3)
the procedures for finalizing findings and recommendations, including informal
discussions, exit conference, draft report, and written comments; (4) submission
of the final report; and (5) arrangements for follow-up of recommendations
made.
c. At the conclusion of the audit, an exit conference is set up by the
NIST Audit Liaison Officer. The purpose of the exit conference is to discuss
audit results and the proposed recommendations and to provide an opportunity
to correct any misinformation or misinterpretation before the conditions
and recommendations are formalized in a report.
2.02.09
AUDIT GUIDELINES
a. NIST employees may not enter into interviews with auditors
or release any information prior to the entrance conference.
b. The NIST Audit Liaison Officer or the OU Audit Coordinator must be
notified promptly of any contacts or requests by the GAO and/or
the OIG. The OU Audit Coordinator is responsible for notifying the NIST
Audit Liaison Officer.
c. The GAO auditors and/or the OIG auditors may not be given information
about any NIST budget not yet approved by the President. Prior to release,
any budget data, including FTEs, and/or financial data requested by auditors
must be reviewed and cleared by the Chief Financial Officer to ensure correct
interpretation and accuracy.
d. Nonproprietary information may be obtained from a contractor or grantee
and released to an auditor. If the information requested is of a proprietary
nature, contact the Deputy Chief Counsel for assistance.
2.02.10
DRAFT AUDIT REPORTS
a. After the exit conference, a draft audit report is prepared by the
GAO or the OIG and sent to NIST for review and written comment.
b. The NIST Audit Liaison Officer forwards the draft audit report to
the appropriate Audit Action Official for written response.
The NIST Audit Liaison Officer sends copies of the draft audit report
to other interested organizational units for possible comments. These units
are responsible for ensuring that all comments are forwarded to the Audit
Action Official by the assigned due date.
c. Prompt and careful consideration must be given to all suggestions
and findings contained in draft audit reports.
d. Guidelines for preparing the written response to a draft audit report
appear in Appendix A.
e. A final report may be issued in lieu of a draft report when mutually
agreed to by the audit staff and NIST.
2.02.11
FINAL AUDIT REPORTS
a. The final audit report is prepared by the GAO or the OIG. The report
must give recognition to NIST comments (made to the draft report) including,
if appropriate, opposing views and statements of actions that have been
taken or that are proposed to be taken to correct cited weaknesses.
b. The NIST Audit Liaison Officer forwards the final audit report to the appropriate Audit Action Official for written response by the assigned due date.
c. Guidelines for preparing the written response to a final audit report
and for preparing the Audit Action Plan appear in Appendix B.
2.02.12
AUDIT ACTION PLANS
Audit Action Officials must act promptly to resolve audit findings
and recommendations within established deadlines and to implement corrective
actions, within six months where feasible. If the Audit Action Official
disagrees with a recommendation, the rationale, criteria, and/or legal
basis for rejection of the recommendation must be provided.
a. For Performance Audits, the designated Audit Action Official must prepare an Audit Action Plan specifying concurrence or nonconcurrence with each recommendation. This written determination presents a specific plan of corrective action, with appropriate target dates for implementing all accepted recommendations, and provides a justification for nonconcurrence with any recommendations.
b. For Financial Assistance Audits, the Audit Action Official
prepares an Audit Resolution Proposal specifying concurrence or nonconcurrence
with each recommendation. This written determination presents a specific
plan of corrective action, with appropriate target dates for implementing
all accepted recommendations, and provides a justification for nonconcurrence
with any recommendations.
c. For Preaward and Postaward Contract Audits, the Audit Action
Official is the Contracting Officer. The OIG transmits contract audit reports
directly to the Chief, AAD, who is responsible for giving full consideration
to the audit advice and for documenting the disposition of audit recommendations
and coordinating directly with the OIG.
d. Resolution of OIG performance and financial assistance audit reports
occurs with the concurrence of the Audit Action Plan by the OIG. For GAO
audits, a report is considered resolved upon submission of the Department's
response to the final report, unless GAO notifies the Department otherwise.
2.02.13
AUDIT FOLLOW-UP
An audit follow-up system must result in timely (within six months)
and proper resolution and implementation of audit findings and recommendations
contained in a final audit report.
a. Semi-Annual Progress Reports- In April and October progress
reports are required on all open recommendations, e.g., recommendations
which have not been implemented or rejected. The NIST Audit Liaison Officer
sends a request for a report on the progress of implementation of open
audit recommendations to the appropriate NIST official. A combined report,
reflecting progress on all open recommendations at NIST, is prepared by
the NIST Audit Liaison Officer and submitted to the DoC Management Control
Division.
b. Verification of Closed Recommendations - To ensure that final
recommendations are implemented, NIST must evaluate and document any corrective
action taken to implement accepted audit recommendations. This is done
by the OU Audit Coordinator in conjunction with the NIST Audit Liaison
Officer. The GAO or the OIG verifies, on a periodic sampling basis, the
extent to which corrective actions have been implemented. The auditor consults
with the NIST Audit Liaison Officer before proceeding with the verification
and reports findings to NIST promptly upon completion of the follow-up.
Recommendations which NIST has reported as closed are reopened only if
a written statement has been received from the GAO or the OIG citing evidence
that the action on the recommendation was not in fact completed.
2.02.14
DEPARTMENT-WIDE AUDITS
The OIG conducts Department-wide audits of particular functions, such
as payroll, travel, or procurement. Primary interaction is with the administrative
function under review. The OU Audit Coordinators are included in these
audit activities as necessary.