As a part of the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), issued on December 26, 2013 by the Office of Management and Budget (OMB) and effective for all new federal awards after December 26, 2014, an increased focus was placed on internal controls. This increased emphasis was added in an effort to reduce waste, fraud, and abuse of funds due to a lack of internal controls within a non-Federal entity. While internal controls should be a focal point of all organizations, the newly issued Uniform Guidance states the following:
The non-Federal entity MUST (2 CFR 200.303):
(a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in ‘‘Standards for Internal Control in the Federal Government’’ issued by the Comptroller General of the United States or the ‘‘Internal Control Integrated Framework,’’ issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
(b) Comply with Federal statutes, regulations, and the terms and conditions of the Federal awards.
(c) Evaluate and monitor the non-Federal entity’s compliance with statute, regulations and the terms and conditions of Federal awards.
(d) Take prompt action when instances of noncompliance are identified, including noncompliance identified in audit findings.
(e) Take reasonable measures to safeguard protected personally identifiable information and other information the Federal awarding agency or pass-through entity designates as sensitive or the non-Federal entity considers sensitive consistent with applicable Federal, state, local, and tribal laws regarding privacy and obligations of confidentiality.
What does this all mean? In short, this particular section of the guidance is designed to drive an organization to design, establish, and maintain effective internal controls. Previously, internal controls were mentioned primarily in conjunction with OMB Circular A-133 and stipulated that auditors were required to obtain an understanding of the non-Federal entity’s internal controls over Federal programs, and the focus was as part of the audit after the costs had been incurred rather than ahead of the costs being incurred. Additionally, it is important to note that “must” in the Uniform Guidance is a requirement and “should” is a best practice or recommendation. The changes are important to consider for all non-Federal entities that fall under Uniform Guidance, as each will need to ensure that their internal control framework is sufficient to support compliance with Uniform Guidance as defined. At most organizations, this means reviewing your internal control structure and updating controls, where necessary, but will likely not require an overhaul of the internal control structure.
See the Electronic Code of Federal Regulations (e-CFR) at www.ecfr.gov. Over the next several weeks, check back for more of Our Thoughts On the new Uniform Grant Guidance as we highlight many of the changes in the guidance that could impact your organizations.