Transcript E-rate Audits... Are You Prepared?
E-rate Audits... Are You Prepared?
Presented by: Julie Tritt Schell Pennsylvania E-rate Coordinator February 8, 2009
Handouts
Annual E-rate Document Checklist Attachment A: Due in 15 days Attachment B: Due upon auditor arrival Attachment C: Internal Controls Questionnaire Attachment D: Assertions Letter Oddball Auditor Questions/Requests 2
Who has been through an E-rate Audit?
3
Why So Many Audits?
Atlanta School District
CEO of Multimedia Communications Services Corporation ("MCSC") had been sentenced on December 22nd to five years in federal prison in connection with the payment of over $230,000 in bribes to the technology director of Atlanta Public Schools.
Atlanta Schools' technology director is currently serving a three year prison term and his wife, a consultant, is currently serving a two year term. 5
Judy Green
Judy Green, a former education consultant from California, was sentenced on March 19, 2008 to serve 7 1/2 years in prison for bid rigging and defrauding the E-Rate program. She was sentenced in the U.S. District Court after a jury found her guilty on 22 counts of fraud, bid rigging, and conspiracy to commit wire fraud at schools in seven states. 6
Tucson Unified School District
State investigators detailed "pervasive and continuing problems" with the District's purchasing procedures, saying employees and vendors rigged bids and violated conflict-of interest laws. Investigators noted the District paid $40,000 for consultant services that yielded no results, spent nearly $350,000 on goods and services without competitive purchasing and allowed $150,000 worth of technology equipment intended for Tucson High Magnet School to sit in a warehouse for a year because it was never installed, even though a consultant was paid to do so. "The district does not seem to recognize that accepting gifts and gratuities from vendors is improper," the report states. 7
Why Conduct Audits?
Ensure compliance with FCC Rules Recover funds for rule violations Prevent, detect and deter waste, fraud, and abuse Ensure public confidence in the efficiency of the federal universal service programs Audits come in many shapes & sizes....
8
Pre-Commitment Reviews
PIA reviews every line of every Form 471 application for E-rate compliance committed before funding is Eligible services, eligible entities, validated discount for each building Some applicants receive ‘Selective Reviews’ which require: Competitive bidding/vendor selection documentation Proof of ability to pay non-discounted share Proof that applicant has hardware, software, professional development, electrical capacity, and maintenance to make effective use of the requested discounts Or ‘Cost Effectiveness Reviews’ which require: Applicants to prove that the service they selected is the most cost effective solution for the population being served.
9
Form 486 Audit:
Technology Plan Compliance Must provide SLD with: Technology plan Tech plan approval letter Date your tech plan was created (be sure that date is before the date you submitted your 470 for that particular funding year) If you can’t find tech plan or approval letter, contact me or Office of Ed Tech at PDE. If you’re unsure of what date to use for your tech plan creation date, contact me.
10
Post-Commitment Audits
After funding has been committed, four types of audits exist to ensure E-rate rule compliance:
Invoice Audits Site Visits USAC IAD Audits FCC OIG IPIA Audits
11
Invoice Checks or Audits
Established for ‘certain’ applicants before BEARs or SPIs will be paid.
For a SPI USAC will require the vendor to produce a certification from the applicant that the invoiced services were delivered and installed, the check number and check date of the applicant’s payment for the non-discounted portion of the service, as well as a copy of the vendor’s invoice to the applicant.
For a BEAR USAC will require the applicant to produce a copy of the vendor invoice, front and back of the check used to pay the invoice, and detailed spreadsheet justifying the BEAR.
If these documents are not produced, BEAR or SPI will not be paid and funding is essentially denied.
12
Site Visits
Random selection, but weighted more heavily to larger $ applicants Typically last 3 hours 2 hours of interview / 1 hour of actual school building visit Contacted 2-3 weeks before visit USAC selects 1 recently-paid invoice and 1 school contained on that FRN Contact Julie if selected USAC says it is not an audit, but it IS. Anything you say can and will be used against you. All about site visits: www.universalservice.org/sl/about/site-visits/default.aspx
13
USAC Internal Audit Division Audits
Targeted based on Specific request from USAC management or FCC Media report or credible whistleblower complaint IAD risk assessment Assess compliance with FCC Rules Conclusion is Compliant, Generally Compliant and Not Compliant 14
But the audits you’ve heard so much about are....
FCC OIG Audits
15
FCC Office of Inspector General IPIA Audits
IPIA = Improper Payments Information Act Per Office of Management and Budget, an erroneous or improper payment is: “any payment that should not have been made or that was made in an incorrect amount under statutory, contractual, administrative, or other legally applicable requirements.” Under IPIA standards, a program is at risk if the erroneous payment rate exceeds 2.5% or the amount of erroneous payment exceeds $10 million.
16
FCC Office of Inspector General IPIA Audits
Compliance attestation examinations Performed at the direction of and with oversight from the FCC Office of Inspector General (OIG) Managed by USAC IAD Auditees are randomly selected from statistically valid sample (weighted by funding disbursement) Conducted by 12 external accounting firms Audits conducted annually between November and July 31 Conducted in accordance with Government Auditing Standards (GAGAS) 17
FCC Office of Inspector General IPIA Audits
We are in Round 3 of IPIA Audits Improper payments in Round 2 were $232.7 million or 13.8% That’s up from $210 million or 12.9% in Round 1 8 PA applicants audited in Round 2 (2008) 6 being audited in Round 3 (2009) More will be contacted soon (I estimate 4-5 more will be contacted in PA) 18
This is not your typical business/finance audit... it is a full E-rate compliance audit.
Applicants should care as much about whether they can pass an audit as whether they receive their original funding commitment.
19
OIG Audits: Notification
Round 3 is auditing disbursements made July 1, 2007 – June 30, 2008 This does not mean these are FY 2007 FRNs If a vendor submitted a FY 2005 invoice in June 2007 and funding was disbursed to them in July 2007, it will be included in this audit It’s very likely that audits will span multiple funding years In which case all documentation will be required for each funding year. For example...
20
Example of audited FRNs
Audited FRNs corresponds to when $ disbursed Round 3 = July 2007 – June 2008 FY 2005, $ disbursed to vendor July 2007 for equipment invoiced June 07 FY 2006, $ disbursed to applicant for all BEARs submitted in Sept 2007 FY 2007, $ disbursed to vendor for SPIs submitted April, May, June 2008 21
OIG Audits: Notification
Notification of audit given to applicant via initial 23-28 page letter, e-mail and call Certain documentation required to be submitted within 10 business days of notification letter Attachments A and C in handouts Other documentation required to be available on the first day of the on-site audit – or before Attachment B in handouts Documents required vary by auditing firm 22
OIG Audits: Notification
Typically the on-site audit will commence 3-4 weeks after notification and last for 2-4 weeks Depends on size of FRNs being audited and availability of documentation requested Audit firm will confirm that those dates work for the key contacts at the District Audit begins with entrance conference w/key individuals Superintendent, business manager, technology director, and E-rate contact are encouraged to attend 23
Advice....
The day you receive your audit letter, schedule a meeting with key district officials: Business office Technology office Superintendent’s office Decide who will coordinate audit documentation Assign responsibility for each document requested and deadline for submission to person chosen to coordinate
DO NOT PROCRASTINATE
24
Attachment A:
Initial Documents
1.
2.
3.
4.
Technology plan and approval letter related to the Funding Year(s) identified in the notification letter If not evident from the plan, also provide a statement describing who was involved in its preparation.
Technology budgets for FY in audit Copies of audited financial statements for FY in audit and copy of the most recent statements A copy of each OMB Circular A-133 audit reports for FY in audit 25
Attachment A:
Initial Documents
5.
6.
Method used and documentation supporting the discount calculation Identify each entity included in your supporting documentation with the E-rate Entity Number, as is included in your Forms 471.
General description of the information technology environment and a high-level network diagram Description should include how E-rate funding is being used in the IT environment 26
Attachment A:
Initial Documents
7.
Internet Safety Policy
The Internet safety policy must address the following components: Access by minors to inappropriate matter on the Internet and World Wide Web. The safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications. Unauthorized access including "hacking" and other unlawful activities by minors online. Unauthorized disclosure, use, and dissemination of personal information regarding minors. Measures designed to restrict minors' access to materials harmful to minors. 27
Attachment A:
Initial Documents
8.
Fixed asset or other records listing reflecting E-rate equipment acquired which was reimbursed under the selected FRNs Should send asset inventory even if just receiving P1 funding 9.
List of all individuals or consulting firms that assisted in the preparation of E-rate documentation Including phone numbers and business addresses 10.
Record Retention Policy (i.e., that applies to and/or was followed for E-rate related documentation.) 28
Attachment A:
Initial Documents
11.
12.
Names, titles and mailing addresses of Head of Beneficiary (Superintendent) and Board Members Completed Internal Control Questionnaires (Attachment C) 29
Attachment C:
Internal Control Questionnaires
• • Must answer Yes, No, or N/A and then provide a description of the Control.
Copy in handouts. Attachment C Property Management Questions related to physical assets in District How are they tracked?
Can inventory be tracked back to invoice?
Is equipment protected from theft?
Do you include tracking ID numbers on equipment? Do you maintain any excess inventory of E-rate-funded assets in a secure environment? (be careful!) 30
Attachment C:
Internal Control Questionnaires
Accounts Payable/Cash Disbursements Do you maintain a file for each Form 472, which includes: vendor invoice or a worksheet supporting the claim, proof of payment to the service provider, and correspondence with vendor regarding payments of the related invoices?
Do you have a process to identify and remove non E-rate eligible charges on invoices before submitting each FCC Form 472?
When receiving discounted invoices, do you maintain: vendor invoice or reconciliation worksheet supporting the undiscounted portion of the S&L Program expenditure, proof of payment for the undiscounted portion, support that the discounted services billed were received and were approved by the Funding Commitment Letter, and if possible, copies of the invoice submitted by the service provider to the Schools and Libraries Division?
31
Attachment C:
Internal Control Questionnaires E-rate Application and Contracting
Who is responsible for E-rate? Are the FCC Form 470 and FCC Form 471 reviewed and approved by an appropriate official?
Do you maintain a file that contains all E-rate related documentation, including, copies of all bids, bid evaluation, copies of all related contracts, copies of all service provider invoices?
32
Attachment B: Documentation When Auditors Arrive * Specific documentation for each audited FRN Form 470 Form 471, Item 21 attachments, FCDL Form 486 Form 472 and BEAR Notification Letter (if you paid your bills in full and then received reimbursement) Form 474 SPI (if you received discounted bills, vendors submit Form 474 to receive reimbursement. Form 500 (if you submitted one) Bid evaluations 33
Attachment B: Documentation When Auditors Arrive * Specific documentation for each audited Service Substitution Letters and approval letters, etc. (if applicable).
Proof of deposit of BEAR reimbursement checks (deposit slip, bank statement) RFP (If one was developed and indicated on your Form 470) All bids received – winning and losing All correspondence with potential service providers during competitive bidding process, service issues, etc.
Contracts (if you indicated it was a contracted service on your 471) SPIN change letters/equipment transfer letters 34
Attachment B: Documentation When Auditors Arrive * Specific documentation for each audited FRN Documentation verifying the date of receipt of equipment/services All invoices and supporting documentation for the above FRNs Copies of cancelled checks (front and back) validating payment to the Service Provider Policies and meeting notices regarding the application and procurement process Copies of local and state procurement regulations as they relate to the contracting for the purchases of E-rate eligible services 35
Attachment B: Documentation When Auditors Arrive * Specific documentation for each audited FRN Copy of all Board minutes for relevant funding year and 6 months prior (i.e., to identify discussions of E-rate-related activity). Copy of all Board resolutions for each awarded E-rate contract Copy of relevant meeting minutes where the E-rate program was an agenda item Copies of technology protection measure (internet filter) contracts and invoices for audited funding years Attachment E (required from some auditors) Spreadsheet for each company showing bill amounts, check numbers, check amounts, etc.
36
During the Audit...
Ask the auditor if you don’t understand a question or documentation requested. Be extremely courteous to the auditors. If a question doesn’t sound right, contact Julie for clarification.
Understand that the auditors typically don’t understand E-rate or technology, and many believe that applicants have not complied with program rules and are trying to find what that noncompliance is.
37
During the Audit...
Auditors do not have to stick to the FRNs being audited, or the funding years. If they find a suspected problem, they will follow the trail.
Auditors should be in touch with you during audit if they identify problems so there are no surprises at the end.
Understand that they need to be able to attest that you are doing everything 100% correct. So sometimes they ask for documents that you don’t have, but perhaps you have other documentation that will help them make their attestation.
Ask for questions to be submitted in writing.
38
During the Audit...
ZIP IT
(Don’t chat with the auditors) They take notes of all oral conversations and those comments are included in their Management Reports Auditors are not your friends 39
OIG Audits: Exit Meeting
At end of audit, there will be an exit meeting where auditors will present their initial findings to the District. Report may cite potential $ risk You will be asked to sign Assertions Letter (attachment D) Form letter asserting that you have complied with all E-rate rules Some auditors want signed letter without modification. Others will permit you to modify it (which I suggest) If you are already aware that you have not complied with a certain rule, modify the letter to reflect that instead of asserting that you are 100% compliant 40
OIG Audits: After They Leave
The auditors will present their findings via a Management Report a few weeks after the visit Other questions or requests for documentation are typically requested after auditors leave District will then have 10 days to present their formal Management Response Letter to challenge findings (if any). Defend vigorously against any audit findings Don’t just say that you will change your ways Hire an attorney if significant funding is at risk This is your only chance to defend yourself before the audit is finalized 41
OIG Audit Examination Outcomes
Unqualified opinion - “clean” Management assertions of compliance are fairly stated Can have non-material non-compliance reflected in separate letter to company management Qualified opinion - “except for” Adverse opinion - negative opinion Disclaimer - unable to express an opinion Disclaimers driven by lack of supporting documentation result in 100% of disbursements being considered improper 42
OIG Audit Examination Outcomes
Can be based on inadequate documentation Per OMB, “when an agency’s review is unable to discern whether a payment was proper as a result of insufficient or lack of documentation, this payment must also be considered an error.” 43
Most Common Audit Findings
Copies of contracts could not be provided upon request. Winning and losing bids could not be produced Entities receiving services were not listed on the FCC Form 471 Customer bills did not support the requested reimbursement amount on the BEAR Customer bills could not be provided upon request Invoice items didn’t match Item 21 attachments 44
Most Common Audit Findings
Service providers had not remitted BEAR payments to the applicant The non-discount portion of the cost of services provided was not paid The applicant paid its bill late Eligible equipment could not be identified because fixed asset details were insufficient to identify specific equipment The capability and cost of equipment was far in excess of what would be considered appropriate for the facility Equipment was not installed 45
Most Common Audit Findings
Tech plan approval letter could not be provided Implementation of the technology plan was not being monitored No budget could be provided to support the plan 46
OIG Audit... Next steps
The auditor’s Management Report and District’s Management Response will then be presented to USAC staff They will determine if they agree with the findings or if the auditors misinterpreted the rules or documentation.
A final report for each audit is presented to the USAC Board of Directors for their determination whether funding must be recaptured (and by which party – the vendor or the District.) 47
Examples of rule violations that warrant recovery
Violations of competitive bidding process Insufficient documentation of the competitive bidding process Service received not approved during PIA review (and that would not meet criteria established in the rules) Failure to pay non-discounted share Discount calculation violation Services not provided for full funding year Failure to have an approved technology plan by July 1 Failure to have a technology plan written before Form 470 is filed Tech plan doesn’t contain 5 elements CIPA violations Equipment or service used for ineligible purpose
It is important to know who violated the rule
USAC seeks recovery from the party or parties in the best position to prevent the rule violation USAC must determine whether the applicant, service provider, or both are responsible for the rule violation
How does USAC determine the responsible party?
Service Provider recovery situations: Failure to properly bill for supported services Failure to deliver services within the relevant funding year Delivering services that were not approved on FCC Form 471 School or Library recovery situations: Violation of the competitive bidding requirements Insufficient resources to make use of the supported services Incorrect calculation of the discount percentage Failure to pay the non-discount portion BEAR amount exceeds amount of invoices received from service provider Either party: Invoicing for services which were not or would not have been approved as service substitutions Invoicing of duplicative services
RIDFs and COMADs
A RIDF ( R ecovery of I mproperly D isbursed F unds) is where USAC discovers that funds were disbursed in error, but the decision to commit the funds was correct. USAC will seek recovery, however, the commitment amount will not be adjusted. A COMAD ( Com mitment Ad violation of program rules justment) is where USAC determines that funds were committed in When a COMAD is discovered, USAC must then adjust those funding commitments If the amount of the revised commitment (original commitment less COMAD amount), is less than the disbursed amount, then USAC will seek recovery of the difference
Recoveries and Appeals
Auditees have 60 days from the date of the COMAD or RIDF Letter to appeal decisions made or actions taken by USAC (47 C.F.R. §§ 54.719, 54.720) Always appeal, first to USAC, then to FCC Most appeals are pending for years No repayment required during appeals If you don’t appeal and don’t repay, you are put on Red Light Status The Red Light Rule requires the FCC to withhold action on applications and other requests for funding when the entity seeking funding is delinquent in debts owed to the FCC All pending applications are dismissed or denied if the delinquency is not resolved
Oddball Questions/Requests
Network Traffic Report Actual NSLP forms returned by students E-rate-specific Document Retention Policy Proof that cell plans not over subscribed Proof of public hearing for CIPA Documentation showing who is authorized to sign E-rate forms Deposit slips showing BEAR checks were deposited Cell phone policy and whether it restricts personal usage Internet filter logs showing it failed Documentation that the public school is tax exempt 53
Considerations for IUs
Can only request discounts for staff providing services for K 12 services Must cost-allocate if you have staff serving adult ed (GED OK) List every building you provide service to if you’re paying for the service to that building, even if the bill comes to the main IU office This may be dozens of buildings at each IU Be sure your 471 type matches the services you’re requesting Are you acting as an admin building?
Are you acting as a consortia leader?
Are you acting as a school with students providing instruction?
If you’re a consortia leader, are your members: Tech plan compliant? Do you have proof?
CIPA compliant? Do you have proof?
Have 479s been collected?
Have LOAs been collected?
54
What I see as most common problems...
Applicants not receiving BEAR checks BEARs not calculated with actual bills Applicants not removing ineligible charges Applicants not keeping cancelled checks in central location Invoices from vendors are inaccurate No document retention policy Or not as strict as E-rate rules Or not being followed Applicants forgetting to submit BEARs 55
What I see as most common problems...
Applicants believing that the hard part is filling out the applications and going through PIA review and after funding is committed, they’re done.
56