Code of Maine Rules
10 - DEPARTMENT OF HEALTH AND HUMAN SERVICES
144 - DEPARTMENT OF HEALTH AND HUMAN SERVICES - GENERAL
Chapter 30 - MAINE UNIFORM ACCOUNTING AND AUDITING PRACTICES FOR COMMUNITY AGENCIES
Section 144-30-03 - AUDIT REQUIREMENTS

Universal Citation: 10 ME Code Rules ยง 144-30-03

Current through 2024-38, September 18, 2024

SUMMARY: This section presents requirements to community agencies and IPAs for audits of community agencies under these rules and to Department audit personnel for Department examinations of community agency agreements.

A. AUDIT RESPONSIBILITIES OF COMMUNITY AGENCIES

Community agencies and IPAs must understand the requirements of both Federal and Department audit requirements and they are as follows:

1. Federal Audit Requirement

Community agencies are responsible for obtaining audits that satisfy Federal audit requirements in accordance with OMB Circular A-133. All Federal audits for community agencies will be performed by a qualified IPA. Department auditors will be responsible for providing the necessary oversight of these audits to assure adequate coverage of pass-through Federal awards to community agencies.

If the community agency can satisfy its Federal audit requirement through a program-specific audit as specified in OMB Circular A-133, §__.235, and its Federal funds are the only agreement amounts awarded by the Department, that audit will satisfy the audit requirement of these rules.

2. Department Audit Requirement

All community agencies within Tier 2 (or within Tier 1 but opting for a Tier 2 audit) are required to have a qualified IPA conduct an audit in accordance with these rules. The Department will be responsible for providing the oversight of the community agency report submission.

(a) Financial statements: The IPA shall determine whether the financial statements of the community agency are presented fairly in all material respects in conformity with Generally Accepted Accounting Principles. The IPA shall also determine whether the SEDA is presented fairly in all material respects in relation to the community agency's financial statements taken as a whole.

(b) All audits shall be conducted in accordance with auditing standards generally accepted in the United States of America and the standards applicable to financial audits contained in Government Auditing Standards (the Yellow Book) issued by the Comptroller General of the United States.

(c) In addition to the requirements of the Yellow Book, the IPA shall perform procedures to obtain an understanding of internal controls over Department programs sufficient to plan the audit to support a low assessed level of control risk for all programs tested.

(d) Except as provided in paragraph 2(e) of this section, the IPA shall plan and perform testing of internal controls over programs tested to support a low assessed level of control risk for the assertions relevant to the compliance requirements for each program tested.

(e) When the internal control over some or all the compliance requirements for a program is likely to be ineffective in preventing or detecting noncompliance, the planning and performing of testing described in 2(d) of this section are not required for those compliance requirements. However, the IPA shall report a significant deficiency (including whether any such condition is a material weakness), assess the related control risk at the maximum, and consider whether additional compliance tests are required because of ineffective internal control.

(f) In addition to the requirements of the Yellow Book, the IPA shall determine whether the community agency has complied with laws, regulations, and the provisions of contracts or grant agreements that may have a direct and material effect on any of its programs.

(g) The compliance testing shall include tests of transactions and such other auditing procedures necessary to provide the IPA sufficient evidence to support an opinion on compliance.

3. Upon request, the IPA shall send to the Department copies of audit working papers, reports, letters and correspondence. The IPA shall also cooperate with the Department in the conduct of quality control reviews of an audit made under these rules.

B. DEPARTMENT AUDIT REPORTING STANDARDS

The IPA will issue the following reports as a result of audits of community agencies in accordance with these rules.

The IPA's reports may be in the form of either combined or separate reports and may be organized differently from the manner presented in this section. The IPA's report shall state that the audit was conducted in accordance with this part and include the following:

1. Independent Auditors' Report on the entity-wide financial statements of the community agency for the fiscal year. The audit should be conducted in accordance with Generally Accepted Auditing Standards and Government Auditing Standards. The report should also include an opinion (or disclaimer of opinion) as to whether the Schedule of Expenditures of Department Agreements is presented fairly in all material respects in relation to the financial statements taken as a whole.

2. Report on Internal Control Over Financial Reporting and on Compliance and Other Matters Based on an Audit of Financial Statements in Accordance with Government Auditing Standards. This report is required for all audits performed in accordance with Government Auditing Standards.

3. Report on Compliance with Requirements That Could Have a Direct and Material Effect on Each Major Program and on Internal Control Over Compliance in Accordance with Maine Uniform Accounting and Auditing Practices for Community Agencies. This report is modeled after the report required by Federal Circular OMB A-133.

4. Schedule of Findings and Questioned Costs shall include the following four components:
(a) A summary of the IPA's results which shall include:
(i) The type of report the IPA issued on the financial statements of the community agency (i.e., unqualified opinion, qualified opinion, adverse opinion, or disclaimer of opinion).

(ii) Where applicable, a statement that significant deficiencies in internal control were disclosed by the audit of the financial statements and whether any such conditions were material weaknesses.

(iii) A statement as to whether the audit disclosed any noncompliance which is material to the financial statements of the community agency.

(iv) Where applicable, a statement that significant deficiencies in internal control over programs tested were disclosed by the audit and whether any such conditions were material weaknesses.

(v) The type of report the IPA issued on compliance for programs tested (i.e., unqualified opinion, qualified opinion, adverse opinion, or disclaimer of opinion).

(vi) An identification of all programs tested.

(b) Findings relating to the financial statements, which are required to be reported in accordance with Government Auditing Standards.

(c) Findings and questioned costs for Department agreements which shall be presented in sufficient detail for the community agency to prepare a corrective action plan and take corrective action to allow the Department to issue a management decision regarding the corrective action. Findings shall include the following detail:
(i) Name: Department program name as identified on the contract and agreement number.

(ii) Criteria: The criteria or specific requirement upon which the audit finding is based, including statutory, regulatory, or other citation.

(iii) Condition: The condition found, including facts that support the deficiency identified in the audit finding.

(iv) Known Questioned Costs: Identification of all questioned costs equal to or exceeding $1,000 and how they were computed.

(v) Likely Questioned Costs: Identification of all likely questioned costs equal to or exceeding $1,000 and how they were computed.

(vi) Context: Information to provide proper perspective for judging the prevalence and consequences of the audit finding, such as whether the audit finding represents an isolated instance or a systematic problem. Where appropriate, instances identified shall be related to the universe and the number of cases examined and be quantified in terms of dollar value.

(vii) Cause: A brief explanation of what caused the finding should be detailed.

(viii) Effect: The possible asserted effect, to provide sufficient information to the community agency and the Department to permit them to determine the cause and effect to facilitate prompt and proper corrective action.

(ix) Recommendation: Recommendations to prevent future occurrences of the deficiency identified in the audit findings.

(x) Management response/corrective action: Views of responsible officials of the community agency detailing corrective action taken or planned by the community agency. Elements should include corrective action taken or planned, estimated dates the corrective action was taken or planned,and the official responsible for the corrective action.

(d) Prior year items - The IPA will include a presentation of the status of findings and questioned costs from prior year. If there were no findings in the prior year, the schedule must state there were none.

C. AUDIT COMPLIANCE TESTING STANDARDS

This standard applies to IPAs in the performance of audits of community agencies in Tier 2 and those in Tier 1 opting for audits under this rule.

1. Testing of Agreements and 50% Rule
(a) All agreements selected for testing must be tested for compliance and internal control over compliance.

(b) The determination of which agreements to test must be based on the expenses identified in the SEDA. The IPA, at a minimum, must perform compliance testing on agreements that make up 50% of the total expenditures claimed. If the auditee meets the criteria in Section .03 C. 2. for low-risk auditee, the auditor need only audit as major programs Department programs with awards expended that, in the aggregate, encompass at least 25% of total Department awards expended. The IPA shall use a risk-based approach to determine which Department agreements should be selected for testing. This risk-based approach shall include consideration of current and prior audit experience, oversight by Federal and State agencies, and the inherent risk to the Department agreements.

(c) All major agreements must be tested at least once every three years. If the inclusion of these agreements significantly raises the percentage tested, the IPA and the Division of Audit can agree, in writing, on a plan of action.

(d) For Department agreements that do not reconcile to the agency's fiscal year end (stub agreement) where there is a preceding or subsequent agreement that purchases the same service(s) (continuation agreement), the expenditures for these agreements must be combined and considered in the major agreement determination.

2. Criteria for Low-Risk Auditee

An auditee which meets all of the following conditions shall qualify as a low-risk auditee and be eligible for reduced audit coverage in accordance with Section .03 C. 1.(b).

(a) MAAP audits were performed on an annual basis in accordance with the provisions of this part and submitted by the due date to the Division of Audit for the last two years.

(b) The auditor's opinions on the financial statements and the SEDA were unqualified for the last two audits. However, the Division of Audit may judge that an opinion qualification does not affect the management of Department awards and provide a waiver.

(c) There were no deficiencies in internal control which were identified as material weaknesses under the requirements of GAGAS for the last two audits. However, the Division of Audit may judge any indentified material weaknesses that do not affect the management of Department awards and provide a waiver.

(d) None of the Department programs had audit findings from any of the following in either of the preceding two years in which they were classified as a major program:
(1) Internal control deficiencies which were identified as material weaknesses

(2) Noncompliance with the provisions of laws, regulations, contracts, or grant agreements which have a material effect on the major program; or

(3) Known or likely questioned costs that exceed five percent of the total Department awards expended.

(e) The agency had no findings for the last two examination reports issued by the DHHS Division of Audit or the DOT Office of Audit. However, the Division of Audit may judge any finding issued as not significant and provide a waiver.

3. Materiality - Materiality for compliance testing is based at the agreement budget level.

For cost settled agreements, total expenses in the categories of personnel and all other should not exceed the budgeted amount for that category by 10% or $10,000, whichever is greater.

For cost settled agreements, total expenses in the category of equipment should not exceed the budgeted amount by 10% or $1,000, whichever is greater.

For cost settled agreements, total expenses per subcontract should not exceed the budgeted amount by 10% or $1,000, whichever is greater.

4. Compliance Criteria - The compliance criteria to be tested are those specified in the agreement compliance section and Section .04 of these rules.

5. IPA's Reports - The IPA's report on compliance must encompass each agreement tested in accordance with the standards of Section .03 C.

6. IPA's Workpapers - The IPA must, at a minimum, maintain workpapers that are available upon request by the Division of Audit that document testing of the community agency's administrative controls and compliance requirements in the following areas:
(a) The community agency has knowledge of Federal and Department regulations and has procedures in place to safeguard Department funds (administrative controls).

(b) Costs are in accordance with the applicable Federal circulars, MAAP regulations, and any exceptions identified in the agreement award.

(c) The allocation of costs either directly or indirectly is equitable (if cost settled).

(d) The final costs claimed by the community agency are within the thresholds related to budget revisions (if cost settled).

(e) The community agency has a system in place to monitor agreement advances and ensure interest from advances is reimbursed to the Department in accordance with applicable federal circulars.

(f) All obligations due the Department are liquidated within 90 days after the termination of an agreement.

(g) Costs are for the services identified in the agreement program (if cost settled).

(h) Services are only provided to eligible clients (if applicable).

(i) Match commitment meets the requirement of the federal circulars and the agreement award (if applicable).

(j) Reports are submitted to the Department timely.

(k) Subrecipient agreements are properly monitored (if applicable).

(l) The community agency has adhered to any special conditions identified in the agreement.

D. DEPARTMENT EXAMINATIONS

The Department may require or perform Department examinations of community agencies under the following circumstances:

1. As a result of the risk pool process.

2. At the request of the community agency.

3. At the request of a State department as a result of an audit report or findings which indicate material weaknesses in internal controls, lack of compliance with agreement conditions, or other matters which indicate lack of controls over agreement funds or assets.

4. As a result of desk reviews or quality control reviews of audit reports that indicate substantial inadequacies exist with the audit. However, inadequacies in entity-wide audits are expected to be resolved by the community agency in conjunction with its IPA.

5. As a result of State recognition of potential irregularities or illegal acts.

6. At the request of a department for a limited-purpose review not covered in the scope of a financial and compliance audit.

Field visits shall be coordinated for community agencies funded by both DHHS and DOT.

Disclaimer: These regulations may not be the most recent version. Maine may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.