posted November 1, 2017
USFR Compliance Questionnaire Updates Impacting Your District's 2016-17 Audit
by Jennifer L. Shields, CPA, CGFM, Audit Partner
If you have never been through an audit before, you might wonder whether an audit is similar to a closed book test or an open book test. The answer is both! There are some things you will always have to provide during an audit, such as a bank reconciliation or a selection of payroll and accounts payable transactions, making these items part of the open book portion of the audit. Then there are some audit procedures that vary depending on a variety of circumstances, which is more like a closed book test. Further, there are also procedures for Arizona school districts that are performed in accordance with the Uniform System of Financial Records (USFR), which are again like an open book test. The Office of the Auditor General has statutory responsibility for prescribing minimum internal control policies and procedures that must be implemented and followed by Arizona School Districts. The manner in which compliance with these policies and procedures is monitored is through the use of the Uniform System of Financial Records Compliance Questionnaire (USFR CQ).
The USFR CQ that will be used in the fiscal year 2016-17 audits was released in September 2017 and it contained only one new question but several other areas were enhanced for clarity as well. The newest question appears in the cash and revenues section and auditors will be required to answer the question of whether debit cards were prohibited as a form of payment associated with all district bank accounts. It should be noted that the use of debit cards are prohibited for all districts, including those who assume accounting responsibility as allowed by statute.
As we consider the reasons for this prohibition against the use of debit cards, it should go without saying that having a debit card associated with a district bank account poses a serious risk of potential misuse of funds to a district. Cash withdrawals could be executed with a debit card or unauthorized purchases could be made.
Shifting our focus away from internal controls over cash, another area of the compliance questionnaire with a significant number of enhancements was the section on information technology. Coming hot on the heels of a number of high profile technology breeches, it should be no surprise that districts should constantly evaluate and improve security over computer programs and data, especially considering the amount of sensitive data collected and stored by districts.
Other items of note for districts include instructions to auditors which require sufficient evidence of approval for transactions, including the notion that this means signatures or initials and dates should be present. Also, when auditors are reviewing the establishment of policies and procedures, the auditor is required to evaluate whether those policies are followed and whether they were systematically communicated to employees. This means that simply having a policy or procedure is not enough and the District should ensure policies are communicated to employees and be able to demonstrate to auditors how this happens. For example, many policies and procedures are covered when employees are initially hired during orientation. However, a district should consider how often policies are provided to and reviewed with existing employees. A best practice would be to cover important topics on an annual basis, and this could be completed along with annual contract renewals, with annual changes to federal withholdings for tax purposes, or at an annual back to school type of orientation held for employees.
We recommend the USFR and USFR CQ be reviewed periodically to assist your district in passing the open book part of the audit. You can download the complete USFR CQ at www.azauditor.gov.
The content of these pages is for general information purposes only and does not constitute advice. Heinfeld, Meech & Co., P.C. tries to provide content that is true and accurate as of the date of writing; however, we give no assurance or warranty regarding the accuracy, timeliness, or applicability of any of the contents.