Jump to Main Content
USA flagAn Official Website of the United States Government
OIG Article

External Quality Control Review - Auditing, 10/1/06

UNITED STATES RAILROAD RETIREMENT BOARD
OFFICE OF INSPECTOR GENERAL

December 1, 2006

The Honorable Eric M. Thorson
Inspector General
U.S. Small Business Administration
409 3rd Street, SW
Washington, DC 20416

Subject: Report on the External Quality Control Review of the U.S. Small Business Administration's Inspector General Audit Organization

Dear Mr. Thorson:

This report presents the results of our External Quality Control Review of the U.S. Small Business Administration's Inspector General Audit Organization. Your response to the draft report is included as Exhibit B with excerpts incorporated into the relevant sections of the report.

We agree with your proposed corrective action to the recommendations. We thank you and all of your staff that we dealt with for your assistance and cooperation during the conduct of the review.

Sincerely,
Martin J. Dickman
Inspector General

UNITED STATES RAILROAD RETIREMENT BOARD
OFFICE OF INSPECTOR GENERAL

December 1, 2006

The Honorable Eric M. Thorson
Inspector General
U.S. Small Business Administration
409 3rd Street, SW Washington, DC 20416

Dear Mr. Thorson:

We have reviewed the system of quality control for the audit function of the U.S. Small Business Administration (SSA) Office of Inspector General (OIG) in effect for the year ended March 31, 2006. A system of quality control encompasses the OIG's organizational structure, and the policies adopted and procedures established to provide it with reasonable assurance of conforming with generally accepted government auditing standards (GAGAS). The elements of quality control are described in GAGAS, promulgated by the Comptroller General of the United States. The design of the system, and compliance with it in all material respects, are the responsibility of the SBA's OIG. Our objective was to determine whether the internal quality control system was adequate as designed and complied with to provide reasonable assurance that applicable auditing standards, policies, and procedures were met. Our responsibility is to express an opinion on the design of the system and the OIG's compliance with the system based on our review.

Our review was conducted in accordance with the guidelines established by the President's Council on Integrity and Efficiency and the Executive Council on Integrity and Efficiency. In performing our review, we obtained an understanding of the system of quality control for the OIG. In addition, we tested compliance with the OIG's quality control policies and procedures to the extent we considered appropriate. These tests included the application of the OIG's policies and procedures on selected audits.

Because our review was based on selective tests, it would not necessarily disclose all weaknesses in the system of quality control or all instances of lack of compliance with it. Nevertheless, we believe that the procedures we performed provide a reasonable basis for our opinion.

Because there are inherent limitations in-the effectiveness of any system of quality control, departures from the system may occur and not be detected. Also, projection of any evaluation of a system of quality control to future periods is subject to risk that the system of quality control may become inadequate because of changes in conditions, or because the degree of compliance with the policies or procedures may deteriorate.

Our scope and methodology appears as Exhibit A. Your response to the draft report is included as Exhibit B.

In our opinion, the system of quality control for the audit function of the SBA's OIG in effect for the year ended March 31, 2006, has been designed to meet the requirements of the quality control standards established by the Comptroller General of the United States for a Federal Government audit organization and was complied with during the year ended to provide the OIG with reasonable assurance of conforming with applicable auditing standards, policies, and procedures.

We noted, however, conditions that warrant your attention though they did not impact our opinion. These matters are described in the Findings and Recommendations that follow.

Findings and Recommendations

Finding 1. Independence ~ Required Independence Certificates Were Not Obtained.

The OIG's policies and procedures require, that at the start of each audit assignment, every auditor and manager assigned to the project will sign a certificate that they are free of personal and external impairments to independence with respect to the subject of the audit. It is the policy of the OIG to have 'all members who are assigned to and involved in supervision of audits to sign a Certificate of Independence. This includes the auditors, program analysts, Audit Managers, and Group Directors. Certificates of Independence were obtained from auditors preparing working papers, supervisors, and managers but were not obtained from four of the five auditors who referenced draft and final audit reports for the six audits selected for the peer review. OIG managers stated that they did not think independence certificates were required for the auditors who referenced reports. Based on discussions with the auditors who referenced the reports, we concluded that no actual impairments existed.
Recommendation - The OIG should clarify its policy on independence certificates to require the certificate~ from auditors who reference audit reports.
Views of Responsible Officials - Concur. The OIG issued an Auditing Staff Memorandum requiring annual certifications of independence from all OIG auditing staff (including referencers).

Finding 2. Quality Assurance -All Required Quality Assurance Reviews Were Not Completed.

OIG policies and procedures require at least one completed audit conducted by each of the Audit Managers will be selected for a review each fiscal year to determine adherence to OIG policies and procedures that are not covered during the independent referencing process. Another Audit Manager, independent of the selected audit project, is to perform the review. Audit Managers did not complete four of the seven quality assurance reviews required for fiscal year 2005. These reviews were not completed because the OIG did not have an 'effective control to identify and 'assign audits for the quality assurance reviews.
Quality assurance reviews are designed to assess whether the OIG carries out its work in accordance with established policies and procedures, including Government Auditing Standards, applicable Office of Management and Budget and Government . Accountability Office guidance, and statutory provisions applicable to the OIG. When these reviews are not performed, the OIG loses a valuable measurement of compliance with established policies and procedures.
Recommendation -The OIG should establish a control to ensure that quality assurance reviews are performed in accordance with established policies and procedures.
Views of Responsible Officials - Concur. The OIG revised its process for conducting quality assurance reviews. These reviews are now managed centrally within the Auditing Division's Audit Support Group to ensure that the required number of quality assurance reviews is completed.

Sincerely,
Martin J. Dickman
Inspector General

Exhibit A

Peer Review Scope and Methodology

We tested compliance with the Office of Inspector General's system of quality control to the extent we considered appropriate. These tests included a review of 6 of 32 audit reports issued during two semiannual reporting periods covering April 1, 2005 through March 31, 2006. In addition, we reviewed the OIG's monitoring activities covering the FY2005 financial statement for the Small Business Administration that was performed under contract by Cotton & Company LLP. We also reviewed the internal quality control reviews performed by the Small Business Administration Office of Inspector General.

OIG Offices Reviewed

We visited the Washington, D.C. office of the Small Business Administration.

Audit Reports Reviewed

REPORT NUMBER

REPORT DATE

REPORT TITLE

5-20 05/20/2005 Audit of the Contract Bundling Process
5-21 07/15/2005 Audit at SBA-Guarantied Loan to L.I.C. Auto Sales, Inc. dba King Bear
6-09 12/23/2005 Audit of SBA's Administration of the Supplemental Terrorist Activity Relief (STAR) Loan program
6-14 03/02/2006 Audit of SBA-Guarantied Loan to Ford's Plumbing
6-15 03/16/2006 Audit of Monitoring Compliance With 8(A) Business Development Regulation's During 8(A) Business Development Contract Performance
6-17 03/20/2006 Audit of SBA-Guarantied Loan to ScapeArt Inc.
6-04 11/15/2005 Audit of SBA's FY2005 Financial Statements

Exhibit B

U.S. Small Business Administration
Washington, DC 20416
November 17, 2006

Honorable Martin J. Dickman
Inspector General
U.S. Railroad Retirement Board
844 North Rush Street
Chicago, Illinois 60611-2092

Dear Mr. Dickman,

We have reviewed your October 24, 2006, report on the results of your review of the system of quality control for our office’s audit function, for the year ended March 31, 2006.

We are pleased you found that our system of quality control for the audit function has been designed in accordance with the quality standards established by the Comptroller General of the United States and complied with during the review period.

We concur with your recommendations to require independence certificates from auditors who reference reports and to ensure that quality assurance reviews are performed in accordance with established policies and procedures. To this end, we issued Auditing Staff Memorandum No. 2007-GA-1, which will be incorporated in our audit manual, that requires annual certifications of independence from all OIG auditing staff (including referencers). We have also revised our process for conducting quality assurance reviews. These reviews are now managed centrally within the Auditing Division’s Audit Support Group to ensure that the required number of quality assurance reviews is completed.

I want to thank you and your staff for the professionalism shown in completing the external peer review.

Sincerely yours,
Eric M. Thorson
Inspector General

File Attachments: 
Attachments Size
External Quality Control Review - Auditing, 10/1/06 38Kb