<DOC> [106th Congress House Hearings] [From the U.S. Government Printing Office via GPO Access] [DOCID: f:62468.wais] SINGLE AUDIT ACT AMENDMENTS OF 1996 ======================================================================= HEARING before the SUBCOMMITTEE ON GOVERNMENT MANAGEMENT, INFORMATION, AND TECHNOLOGY of the COMMITTEE ON GOVERNMENT REFORM HOUSE OF REPRESENTATIVES ONE HUNDRED SIXTH CONGRESS FIRST SESSION __________ MAY 13, 1999 __________ Serial No. 106-81 __________ Printed for the use of the Committee on Government Reform Available via the World Wide Web: http://www.gpo.gov/congress/house http://www.house.gov/reform ______ U.S. GOVERNMENT PRINTING OFFICE 62-468 CC WASHINGTON : 2000 COMMITTEE ON GOVERNMENT REFORM DAN BURTON, Indiana, Chairman BENJAMIN A. GILMAN, New York HENRY A. WAXMAN, California CONSTANCE A. MORELLA, Maryland TOM LANTOS, California CHRISTOPHER SHAYS, Connecticut ROBERT E. WISE, Jr., West Virginia ILEANA ROS-LEHTINEN, Florida MAJOR R. OWENS, New York JOHN M. McHUGH, New York EDOLPHUS TOWNS, New York STEPHEN HORN, California PAUL E. KANJORSKI, Pennsylvania JOHN L. MICA, Florida PATSY T. MINK, Hawaii THOMAS M. DAVIS, Virginia CAROLYN B. MALONEY, New York DAVID M. McINTOSH, Indiana ELEANOR HOLMES NORTON, Washington, MARK E. SOUDER, Indiana DC JOE SCARBOROUGH, Florida CHAKA FATTAH, Pennsylvania STEVEN C. LaTOURETTE, Ohio ELIJAH E. CUMMINGS, Maryland MARSHALL ``MARK'' SANFORD, South DENNIS J. KUCINICH, Ohio Carolina ROD R. BLAGOJEVICH, Illinois BOB BARR, Georgia DANNY K. DAVIS, Illinois DAN MILLER, Florida JOHN F. TIERNEY, Massachusetts ASA HUTCHINSON, Arkansas JIM TURNER, Texas LEE TERRY, Nebraska THOMAS H. ALLEN, Maine JUDY BIGGERT, Illinois HAROLD E. FORD, Jr., Tennessee GREG WALDEN, Oregon JANICE D. SCHAKOWSKY, Illinois DOUG OSE, California ------ PAUL RYAN, Wisconsin BERNARD SANDERS, Vermont JOHN T. DOOLITTLE, California (Independent) HELEN CHENOWETH, Idaho Kevin Binger, Staff Director Daniel R. Moll, Deputy Staff Director David A. Kass, Deputy Counsel and Parliamentarian Carla J. Martin, Chief Clerk Phil Schiliro, Minority Staff Director ------ Subcommittee on Government Management, Information, and Technology STEPHEN HORN, California, Chairman JUDY BIGGERT, Illinois JIM TURNER, Texas THOMAS M. DAVIS, Virginia PAUL E. KANJORSKI, Pennsylvania GREG WALDEN, Oregon MAJOR R. OWENS, New York DOUG OSE, California PATSY T. MINK, Hawaii PAUL RYAN, Wisconsin CAROLYN B. MALONEY, New York Ex Officio DAN BURTON, Indiana HENRY A. WAXMAN, California J. Russell George, Staff Director and Chief Counsel Bonnie Heald, Director of Communications/Professional Staff Member Mason Alinger, Clerk Faith Weiss, Minority Counsel C O N T E N T S ---------- Page Hearing held on May 13, 1999..................................... 1 Statement of: Lee, Diedre A., Acting Deputy Director for Management, Office of Management and Budget; David L. Clark, Director, Audit Oversight and Liaison, General Accounting Office; and Auston G. Johnson, State auditor of Utah and chairman, single audit committee, National State Auditors Association 3 Letters, statements, et cetera, submitted for the record by: Clark, David L., Director, Audit Oversight and Liaison, General Accounting Office, prepared statement of........... 16 Horn, Hon. Stephen, a Representative in Congress from the State of California, prepared statement of................. 2 Johnson, Auston G., State auditor of Utah and chairman, single audit committee, National State Auditors Association: Advirosy circular of FAA................................. 61 Prepared statement of.................................... 34 Lee, Diedre A., Acting Deputy Director for Management, Office of Management and Budget, prepared statement of............ 6 Sonntag, Brian, Washington State auditor, prepared statement of......................................................... 41 Turner, Hon. Jim, a Representative in Congress from the State of Texas, prepared statement of............................ 12 SINGLE AUDIT ACT AMENDMENTS OF 1996 ---------- THURSDAY, MAY 13, 1999 House of Representatives, Subcommittee on Government Management, Information, and Technology, Committee on Government Reform, Washington, DC. The subcommittee met, pursuant to notice, at 10 a.m., in room 2247, Rayburn House Office Building, Hon. Stephen Horn (chairman of the subcommittee) presiding. Present: Representatives Horn and Turner. Staff present: J. Russell George, staff director and chief counsel; Randy Kaplan, counsel; Matthew Ebert, policy advisor; Bonnie Heald, director of communications; Mason Alinger, clerk; Faith Weiss, minority counsel; Mark Stephenson, minority professional staff member; Ellen Rayner, minority chief clerk; and Earley Green, minority staff assistant. Mr. Horn. The Subcommittee on Government Management, Information, and Technology will come to order. Today we will discuss the status of the implementation of the Single Audit Act Amendments of 1996. The Single Audit Act of 1984 replaced a desperate and unmanageable approach to audits of State and local programs that receive Federal funding. Prior to its passage, there existed a system of multiple grant-by-grant audits. This created a scenario in which an organization that received Federal funds from more than one Federal agency could find itself spending vast amounts of time and resources managing several different Federal audits. In the early 1990's, three separate studies were conducted to determine the effectiveness of the act. These studies conducted by the General Accounting Office, and the President's Council on Integrity and Efficiency, and the National State Auditors Association prompted legislation to amend the Single Audit Act. Early in 1996, that legislation was moved by this subcommittee. In June 1996, Congress passed the Single Audit Act Amendments of 1996, which was subsequently signed into law on July 5, 1996. Today, we will explore how well the Federal, State, and local governments and their auditors are doing in implementing those amendments, and whether Congress needs to consider any further changes in the Single Audit Act. I welcome our distinguished panel, and I look forward to your testimony. [The prepared statement of Hon. Stephen Horn follows:] [GRAPHIC] [TIFF OMITTED]62468.001 Mr. Horn. Our witnesses today will be Ms. Deidre A. Lee, Acting Deputy Director for Management, Office of Management and Budget; Mr. David L. Clark, Director, Audit Oversight and Liaison, General Accounting Office; Mr. Auston G. Johnson, State Auditor of Utah, and chairman of the Single Audit Committee of the National State Auditors Association. Some of you know the routine here. Let me just repeat it for some of the newcomers. We are a subcommittee of the full Committee on Government Reform. All our witnesses are sworn witnesses in terms of their testimony. When we call on you, it will be generally in line with what the agenda states there. Your full statement will be in the record. We would like you to summarize the statement. With three witnesses, we don't have to rush ourselves today. So, if you want to go through more than a summary, that's fine. What we like to do, however, is have a dialog between the members of the subcommittee once all three witnesses have spoken. And, you are certainly welcome when another witness has said something you don't agree with or you do agree with, feel free to comment on that. This isn't strictly one-way dialog, not just a train where cars pop off into the siding and we never see them again. So, if you will all three stand, raise your right hands. [Witnesses sworn.] Mr. Horn. We will start with Ms. Deidre Lee, the Acting Deputy Director for Management of the Office of Management and Budget, known to all as OMB. STATEMENTS OF DIEDRE A. LEE, ACTING DEPUTY DIRECTOR FOR MANAGEMENT, OFFICE OF MANAGEMENT AND BUDGET; DAVID L. CLARK, DIRECTOR, AUDIT OVERSIGHT AND LIAISON, GENERAL ACCOUNTING OFFICE; AND AUSTON G. JOHNSON, STATE AUDITOR OF UTAH AND CHAIRMAN, SINGLE AUDIT COMMITTEE, NATIONAL STATE AUDITORS ASSOCIATION Ms. Lee. Good morning, Chairman Horn. I appear before you today to discuss the Single Audit Act Amendments of 1996, and I would like to thank you, Mr. Chairman and members of the subcommittee, for your continued efforts to improve financial management throughout the Federal Government. The Single Audit Act of 1996 is one of several laws this subcommittee has used to promote financial accountability in government. The key financial management legislation of recent years, the Chief Financial Officers Act of 1990, the CFO Act, and the Government Management and Reform Act of 1994, which we refer to as GMRA, together require the Federal Government to prepare and have audited agency and governmentwide financial statements. These have received important support from the subcommittee. The interrelationship of these legislative initiatives becomes more apparent as the government gains experience in preparing audited financial statements. To make the CFO Act and the GMRA financial statement process work, the government relies on a single audit process to provide assurance over more than $300 billion in Federal funds which are expended annually by States, local governments, and nonprofit organizations. You very clearly outlined the background of this act and, of course, the history of the single audit amendment process. As you mentioned, one of the reasons behind this was to have some uniform audit requirements to reduce the burden on the governments and those that participated in the audits and also to have a more effective use of audit resources. Key features of the 1996 amendment included extending the coverage to all nonprofits as well as State and local governments which administer Federal programs; raising the threshold for the audit to $300,000; and authorizing a risk- based approach in selecting programs for testing. We also accelerated the time period through which a single audit was due after the close of the entity's fiscal year and increased some administrative flexibility, primarily through use of pilot projects, and an increase in the threshold when it was appropriate. So what has been done so far in the last 3 years? Certainly we have now--and I have it here--another update of A-133. We have the A-133 compliance document, which is a very collaborative process that we worked on to provide guidance for single audit processes. It identifies compliance requirements as well as specific program guidance, and there are some 120 programs that it addresses, which are about 90 percent of the dollars expended by these entities. Additionally, we've developed a governmentwide single audit data base, and we have the clearinghouse so we can look across and get, in fact, more consistent information on single audits. That is a work in process. I'll mention later some things that we are still working on. And additionally, one of the very fine things about this act has been the professional approach. We have worked with the American Institute of CPAs, the GAO, the grantmaking agencies themselves, the PCIE, the President's Council involving the IGs, and they are providing training for the State auditors and the entities that are involved in this as well as preparing guidelines which will be ready in July 1999. So a lot has been done. Additional future work including compliance updates: One of the things that the amendments mentioned is that the compliance supplements need to be kept current to provide people the guidance they need. As new programs or changes to the grants occur, we need to ensure they're picked up in the compliance supplement so the auditors can use them appropriately, and we are doing that. Also, we're trying to improve the clearinghouse with on- line forms that will aid in self-editing so we can assure that people can easily respond to the requirements of the act. Additionally, we're coordinating with GAO in ensuring that additional audit requirements don't burden the single audit process, and I know that Mr. Clark will talk about that a little bit further. And we're working with the IGs, the PCIE, to ensure that we have some quality assurance procedures for these audits. We also just last week, with concurrence of the Congress, authorized a pilot program for the State of Washington where they're going to look across the State at statewide education programs at approximately 200 local education entities. They think that this pilot program is going to help the State to be able to look at the effectiveness of their programs and find out what the single audit tells us about the actual results of that education program. And we're working with the Department of Education on that. So certainly significant progress has been made. Implementation continues, and we look forward to furthering this process. And I thank the members of the subcommittee for their interest in financial management. Mr. Horn. Well, we thank you. [The prepared statement of Ms. Lee follows:] [GRAPHIC] [TIFF OMITTED]62468.002 [GRAPHIC] [TIFF OMITTED]62468.003 [GRAPHIC] [TIFF OMITTED]62468.004 [GRAPHIC] [TIFF OMITTED]62468.005 [GRAPHIC] [TIFF OMITTED]62468.006 Mr. Horn. Mr. Turner, the ranking minority member, has joined us. Mr. Turner, would you like to submit your statement or read your statement? We have plenty of time this morning. Mr. Turner. I'll submit it for the record. Thank you, Mr. Chairman. Mr. Horn. Without objection, please submit Mr. Turner's prepared statement and put it in as if read. Thank you. [The prepared statement of Hon. Jim Turner follows:] [GRAPHIC] [TIFF OMITTED]62468.007 [GRAPHIC] [TIFF OMITTED]62468.008 Mr. Horn. We now go to Mr. Clark, the Director of Audit Oversight and Liaison for the General Accounting Office. Mr. Clark. Mr. Clark. Thank you, Mr. Chairman. I'm pleased to be here this morning to discuss the refinements to the single audit process called for in the Single Audit Act Amendments of 1996. The refinements along with OMB's implementing guidance, such as the compliance supplement, provide the underpinnings to improve the auditing for the more than $300 billion annually of Federal financial assistance provided to non-Federal entities. The refinements were developed through the collaborative efforts of the many stakeholders in the single audit process, including, for example, OMB and State auditors, the AICPA, and us. This subcommittee has played an important role in supporting the refinements. This hearing should help to keep attention on the refinements and ensure that the momentum achieved thus far in implementing them continues. This morning I would like to briefly highlight seven of the refinements and some of the actions taken to date to implement them. First, the refinements expand the act to cover all recipients of Federal financial assistance. Previously the act covered State and local governments, but not colleges, universities, hospitals, or other nonprofit organizations. OMB has helped implement this refinement by issuing one circular. Before we had two. That now provides consistent audit requirements for all recipients. Second, the refinements raise the threshold for which recipients must obtain a single audit. Previously, many small recipients were required to obtain single audits, even though collectively they accounted for a very small percentage of overall Federal financial assistance. The new threshold eliminates single audit requirements for many small recipients while still maintaining audit coverage for at least 95 percent of all Federal financial assistance. In Pennsylvania, for example, the new threshold eliminates single audit requirements for approximately 1,200 smaller entities. Third, the refinements allow auditors to use a broader risk-based approach for determining which programs to test in detail in their audits. Previously, dollar size drove the determination of programs to be tested. That resulted in the same programs being tested every year and other programs never being tested. Today, other factors, such as a program's inherent risk or vulnerability to fraud or other problems, also help to drive the determination of what programs are selected for detailed testing. This results in a better mix of testing. Fourth, the refinements reduce the timeframes for single audits to be completed and submitted to the Federal Government. Program managers and others had identified this refinement as critical to being able to use single audit reports effectively. The timeframe is now 9 months, or will be 9 months when it is phased in, and it is our hope that single audits in the future can be completed even faster than that. Fifth, and my personal favorite, the refinements call for auditors to provide a summary of their single audit results, thereby allowing readers to focus on the message and critical information resulting from the audits. Both OMB and the public accounting profession have now issued guidance to auditors on how to better summarize the reports. Today, I believe, the reports are much easier to follow. Six, the refinements spurred the creation of a Federal automated data base of all single audit results. The Bureau of Census, which was designated by OMB as the Federal clearinghouse for all single audit reports, has made great progress in developing an automated data base. When fully up and running, the data base will greatly enhance users' ability to quickly and accurately analyze single audit results and should help to better focus other Federal monitoring and oversight efforts. And seventh, the refinements provide the opportunity for pilot projects to test ways to further streamline the single audit process and to make single audit reports more useful. The Washington State auditor, in his written comments provided for this hearing, discusses a pilot project which we believe has great potential to improve the single audit process and lead to greater accountability. Mr. Chairman, because of the phased-in effective dates in the law and OMB's implementing guidance, it's too early to fully assess the effectiveness of all the refinements. Nevertheless it's important to underscore the significant steps that have already been taken and, as I mentioned, the importance of ensuring that the momentum achieved thus far continues. I want to note that GAO is committed to overseeing the continued successful implementation of refinements, including assurances that there are no future conflicts with the Single Audit Act. We intend to work closely with all stakeholders as we have over the last few years in the single audit process to identify any implementation issues that may arise, to help develop and propose solutions, and to keep this subcommittee and the Congress fully informed on those actions and the progress being made. This concludes my summary. Mr. Horn. We thank you for that very helpful testimony. [The prepared statement of Mr. Clark follows:] [GRAPHIC] [TIFF OMITTED]62468.009 [GRAPHIC] [TIFF OMITTED]62468.010 [GRAPHIC] [TIFF OMITTED]62468.011 [GRAPHIC] [TIFF OMITTED]62468.012 [GRAPHIC] [TIFF OMITTED]62468.013 [GRAPHIC] [TIFF OMITTED]62468.014 [GRAPHIC] [TIFF OMITTED]62468.015 [GRAPHIC] [TIFF OMITTED]62468.016 [GRAPHIC] [TIFF OMITTED]62468.017 [GRAPHIC] [TIFF OMITTED]62468.018 [GRAPHIC] [TIFF OMITTED]62468.019 [GRAPHIC] [TIFF OMITTED]62468.020 [GRAPHIC] [TIFF OMITTED]62468.021 [GRAPHIC] [TIFF OMITTED]62468.022 [GRAPHIC] [TIFF OMITTED]62468.023 [GRAPHIC] [TIFF OMITTED]62468.024 Mr. Horn. Our last witness will be Mr. Auston G. Johnson, the State Auditor of Utah. He is also the chairman of the Single Audit Committee of the National State Auditors Association. Besides his remarks going into the record at this point, we will also attach with them the statement from Brian Sonntag, the Washington State auditor. It's roughly 12 or 13 pages, and that will go following Mr. Johnson's testimony. Mr. Johnson. Mr. Johnson. Thank you, Mr. Chairman. I appreciate the opportunity to be here today and to address this subcommittee. The State audit community is basically where all of the theories and philosophies of the Single Audit Act come together. It's where the rubber hits the road, I guess you'd say. We are the ones who try to implement all of the provisions that have been delineated in the different documents, and try to make the Single Audit Act work. In the broadest terms, the Single Audit Act has been a tremendous success. The act of 1984 was great in moving forward the overall auditing of Federal programs, and the refinements that came about in the 1996 amendments went a long way to taking care of some of the problems. Mainly the problem with auditing of the major programs is that we were auditing the same programs over and over every year because we were only auditing the largest programs. With the risk-based approach, we were able to look at problems that we were able to identify from a lot of work we had done at States that had a greater risk than some of the larger programs that had been audited for 10 years at that time. We have had some concerns with the Single Audit Act, the implementation, but those concerns are in the written statement that I've submitted, and in actuality they seem a lot worse in writing than they really are. Whenever you have a new program in its implementation process, you're going to have problems, and this one has created problems. I think there's been some Federal departments that have jumped the gun a little bit and have put some pressure on us to do things that would have been better left a couple of years until we could get a better handle on this, but those things are being worked out through cooperative efforts with the State auditors, the GAO, OMB, mainly through the intergovernmental audit forums where we can meet with the Inspectors General of the various departments and work through these issues, and we have solved a lot of the issues that have come up, and I think we will continue to solve the issues. There is one situation that I think is beyond what we can do through the forums, and that is going to take a legal or a legislative action, and that would be access to records. And quite frankly, some of this is outside the realm of a single audit, but I think as State auditors we see the expenditure of all tax dollars, whether they be State or Federal, as our responsibility. And in doing single audits, we have access to a lot of records that we would like to check against other records, and with computers available to us, we can do that, but there are different privacy acts that are in place, confidentiality acts, department by department, that don't allow us to cross-match records from one Federal department to another. And we think that there could be some benefit gained by being able to do that, but like I say, in some cases it is outside the realm of the Single Audit Act, but we would like to pursue that, and it might take some clarifications in the law that would allow us access to those records. Actually, we do have access to the records. We just don't have the ability to use them in auditing other programs. Mr. Horn. You make an excellent point, and I think when we discuss the privacy bill a few months from now, maybe that's where we could tuck it in, because you're absolutely correct. You ought to have that cross-reference. Mr. Johnson. I think we could do some great things. It may make some people nervous, but I think we could do some great things in being able to do that. Some of the things that need to take place are, first of all, we need to have continued support of the intergovernmental audit forums, the ability to sit down and openly and clearly, honestly discuss issues and bring them to a conclusion that's mutually beneficial to everyone. The compliance supplement needs to continue to be updated annually. When the compliance supplement was first put together--I think we got it in August, June, or August--it was way too late for us to use. We're up to the point now where it's dated May 1. The efforts of OMB, I think, have been tremendous in being able to get that document out in the timeframe that's beneficial to State audits. Most States have a fiscal year end of June 30, and in order for us to really make use of that document, we need it in March in order to assist in our planning, and I think it's getting closer. That will continue to improve. I think there's over 100 programs, 118 programs, I think, now in the current supplement. There can't be that many more programs that are significant, so I think we've hit the point where it will be easier to update that thing each year, and the problem of timeliness will go away. And we need GAO to continue to review legislation so that individual audit requirements don't creep into legislation for specific departments that would conflict with the Single Audit Act without a real open public debate between State auditors, GAO, OMB, and the department on why that has to be. And that, Mr. Chairman, would conclude my remarks. Mr. Horn. Well, thank you very much. [The prepared statements of Mr. Johnson and Mr. Sonntag follow:] [GRAPHIC] [TIFF OMITTED]62468.025 [GRAPHIC] [TIFF OMITTED]62468.026 [GRAPHIC] [TIFF OMITTED]62468.027 [GRAPHIC] [TIFF OMITTED]62468.028 [GRAPHIC] [TIFF OMITTED]62468.029 [GRAPHIC] [TIFF OMITTED]62468.030 [GRAPHIC] [TIFF OMITTED]62468.031 [GRAPHIC] [TIFF OMITTED]62468.032 [GRAPHIC] [TIFF OMITTED]62468.033 [GRAPHIC] [TIFF OMITTED]62468.034 [GRAPHIC] [TIFF OMITTED]62468.035 [GRAPHIC] [TIFF OMITTED]62468.036 [GRAPHIC] [TIFF OMITTED]62468.037 [GRAPHIC] [TIFF OMITTED]62468.038 [GRAPHIC] [TIFF OMITTED]62468.039 [GRAPHIC] [TIFF OMITTED]62468.040 [GRAPHIC] [TIFF OMITTED]62468.041 [GRAPHIC] [TIFF OMITTED]62468.042 [GRAPHIC] [TIFF OMITTED]62468.043 Mr. Horn. Mr. Turner, do you wish to start the questioning? Mr. Turner. No, you can go ahead, Mr. Chairman. Mr. Horn. Mr. Johnson, in your written testimony, you stated there were initial problems with the submission of the data collection form. You stated that some reports indicated that more than 90 percent were rejected, and that this was caused in large part because of the rush to get something on the street even though we appreciate what OMB did when we're talking about the guidelines. So, would you first describe for us the purpose of the data collection form? Mr. Johnson. Yes. The data collection form, in all the time we've been doing single audits, we've never actually accumulated data on what was happening, what programs were being audited, what was the extent of coverage of Federal dollars out there. And the data collection form allowed--will allow the collection of data that will be beneficial in setting parameters for future single audits or amendments to single audits again. The form is just a way for the auditee and the auditor to put down information, findings that were issued, question costs that were a result of the audit, the programs that were audited, the type of opinion that was given, that type of information. I think the reason we had problems with submission is that the form was being formulated and put together at the same time that the compliance supplement was being put together, and we were running up against deadlines to submit reports, and something had to be put out, and it came out. And I think it was very confusing because it asked questions that auditors and auditees never had to answer before. It showed that there was some gaps in knowledge out there about oversight agencies and cognizant agencies and different fine points of the Single Audit Act, and because of that--and I think also it was because of the way the clearinghouse was tasked in entering the data. They were not doing desk reviews. They weren't correcting anything. If there was the slightest error at all, it was rejected and sent back for resubmission. I think that's why it added to the large number of problems there, the rejections in the first go-around, but I understand it's getting better, and I think it will continue to get better as people become aware of how that form is supposed to work. Mr. Horn. So you're optimistic about it. Mr. Johnson. Oh, yes. Mr. Horn. Ms. Lee, do you have any comments on that? Do you agree with that? Ms. Lee. The group is working together. This is a very collegial group. One of the things they're trying to do is make the form electronic, which in itself will have some self-edit. The person trying to enter it, if they try to enter it incomplete--or with wrong data, they will immediately know that they need to make some changes. There won't be this frustration of, ``I sent in and I get it back.'' So I think that's an improvement that's going to work. Mr. Horn. Mr. Clark, do you have any comment on that? Mr. Clark. I want to underscore the importance of it, and I think what we're seeing is a product of the recognition that the data collection form and the creation of the data base really has a lot of potential, and I'm glad that we're dealing with the problems now. I think it's worth the investment, and the progress, I think, is fine. The first year there were problems, but again, going back to the audit forum process, those problems were identified immediately. The right stakeholders got together and worked on it. I think it's been solved fairly fast. Mr. Horn. Just as a general question, is there anything now that you've had some experience with the single audit that you feel we should add to the law, or can it all be done by regulation, and if so, what are the things--now that you've experienced this, we missed? Mr. Johnson. I think the one that I brought up about access. Mr. Horn. That's a good point. Mr. Johnson. Information, the ability to cross-test would be nice. If it was in the Single Audit Act, I think it would clarify the issue if that was able to supersede some of the privacy acts. And we understand as State auditors that we would be subject to the same confidentiality, but we handle confidential records all the time, so it's not an issue, I don't believe. Otherwise I think the Single Audit Act pretty well covers everything we need. I think everything else can be handled through regulation working with GAO and OMB on this. Mr. Horn. Mr. Clark, do you have any suggestions on this after you sort of lived reviewing this? Mr. Clark. I have lived most of my life doing this. If we go back to the 1996 amendments, that was a product of a 6-year effort. Every stakeholder was involved. The State auditors had done a study of the single audit. The Inspectors General had done a study of the single audit. We took our time, and we did it right. I think when the amendments passed, we had more than consensus. I think we almost had unanimity on what needed to be done. We have this phase-in approach, as I mentioned. We're going to be beginning some studies. We're going to be looking to see how this is working; whether, in fact, everything everybody wanted is being achieved. The act provides a lot more flexibility--the amendments provide a lot more flexibility to the act than it did before, things like the pilot program. OMB has some authority to raise the threshold. I would like to keep that current. There may be a point a few years down the road where, based on reviews that we may have done or issues identified by the people, that a consensus will begin to emerge, or maybe something will need to be done. But at this point I'm not aware of anybody coming to the table and saying there's something about the act, or about the amendments or, about OMB's role that needs to be addressed. Mr. Horn. Ms. Lee, do you have anything after you have gone through this comma by comma or semicolon? Ms. Lee. Just again, on the threshold, I anticipate we need a couple of years, 2 years, before we will look at that threshold and say is that still the appropriate threshold. I think, again, the collection of data and the clearinghouse is going to give us a lot of information to show us what programs were looked at to what level, to what degree, and from there then we probably will get back congenially and say, OK, are we about right on the threshold? Is there more time? Where should we be? But we've got that flexibility in the act. Mr. Horn. Well, let's get back a minute to the sensitive bit and the crosstabs and all the rest. To what degree do State auditors generally transfer their responsibility on an audit of an agency or a Federal grant program to that agency with a public accounting firm rather than with their own State personnel, and would that be a problem? I will ask all three of you in terms of, say, a contract for an audit with a private firm as opposed to government auditors of State, Federal Government, local, regional, special district, whatever. How do you feel about that? Is there a problem there? Mr. Johnson. I don't believe there would be, the reason being in the early stages of the single audit, we almost had to fight with some CPA firms to get them to release records to the Federal Government. I think that there is that client/auditor relationship that requires confidentiality on their part the same as it would on anyone handling those records. If there was, it would be a matter of putting it in contract and making sure that they understood their responsibilities. We have never had a problem in access to, as I said, State records of any kind and Federal records as long as we used them in testing that Federal program. The issue we had specifically was that we wanted to look at unemployment records and student records at the universities. We wanted to run a test to see how many students were full-time students and collecting unemployment. As long as we used student records to test student programs, there was no problem with access. We had everything we needed. As soon as we wanted to take it outside of higher ed programs, that was where the problem came up. Mr. Horn. The clientele, let's say, of a social service agency, is that what we're thinking of? Mr. Johnson. Right. For instance, you have USDA that runs commodity programs and food stamp programs and those types of things, and HHS runs several other social assistance programs. It would be nice to be able to cross-match some of those records to see if eligibility income limits for people receiving different programs were reported the same. It would be nice to run Social Security Administration records against welfare records to see if we're paying dead people, those types of things. Mr. Horn. You're not even near Chicago. I think you make a very good point. When L.A. County welfare went to pictures, photographs, an identification card, 1,000 people dropped off the welfare rolls voluntarily. But I think you're right on that. The gentleman from Texas, Mr. Turner. Please proceed. Mr. Turner. In terms of questions, let me followup, Mr. Chairman, on this privacy issue. Perhaps Ms. Lee is the right one to ask to kind of get an administration perspective. It seems to me in terms of the privacy issue, maybe where it ought to be dealt with is on the front end. If someone applies for a government benefit, I assume that under existing law, they don't sign any form or any waiver of any privacy rights, but perhaps they should. That is to say when a person receives a benefit from the Federal Government, whether it's a student loan or welfare benefit, perhaps it should be incumbent upon them at the same time to waive access to certain other records so that it can be verified that they're eligible. Do we do that now, and if not, do you think we should be doing it? Would that be a more appropriate way to deal with the privacy issue than simply on the back end to give auditors the authority to look into it when the recipient hadn't had any role in that process at all? Ms. Lee. Mr. Turner, as you're so familiar, the whole issue of privacy--confidentiality of records and access to records, who has access to them and what their uses are is a large issue that we're working together on. We want to try to figure out what the best solutions are. I believe you're correct in saying that currently there's an issue now if an individual says, ``You're going to use my data for this and only this.'' We cannot use it for other purposes, so we need to get all those issues straightened out and determine whether or not it's appropriate to tell the recipient up front what the uses are or whether we can make a determination that that's appropriate. It's privacy, confidentiality, and it's a pretty sticky wicket right now, but I know you're working on issues. Mr. Turner. Do you think it makes sense to try to catalog the types of information that an auditor would need to verify that an individual is, in fact, eligible for certain government programs and then to put in the statute a provision that says when a person applies for that particular benefit, they sign a waiver allowing certain auditors to have access to that information for that specific purpose? Ms. Lee. I think that's a possible solution. The data issue goes beyond just auditing. I think it goes into eligibility for some programs. It cross-cuts many of the programs. Right now we're discussing what records you can access to determine if a person is eligible for particular programs, in particular your tax records. Mr. Turner. I guess the thing that concerns me about it if we simply say in law that auditors, State auditors, can have access to certain information, once you get the information and you determine there's some perhaps fraud involved, it seems like then you're obligated to do something with that information, and that's when it seems to me to become a more significant problem for the recipient, and it just might be better if we required recipients of government loans and benefits up front acknowledge that certain people will have access to certain records of theirs relating to their receipt of that benefit and really kind of pin it down so everybody knows up front what they're getting into, and it might have a deterring effect to ensure that there's not fraud on the front end by an applicant for a government benefit. Are there any problems with that? Ms. Lee. I think there's certainly an option. Right off the top of my head, I can't tell you how many programs that would mean and whether or not we want to do that only for the States; or whether there are other programs that we need to look at beyond just the State auditing, Federal programs, or other local programs. I think we need to look at the whole package. Mr. Turner. Mr. Johnson, do you have any comment on that? Mr. Johnson. Just on your initial question are there releases on the forms now. From personal experience I have a son that just qualified for SSI and Medicaid, and there's a statement on that form that says, don't worry, this will be kept confidential and not released to anybody else for any reason. So it's just the opposite, at least on those programs. Mr. Turner. There may be legitimate reasons for that person to not want that information to be released. It just seems to me addressing it on the front end--and I didn't realize we are doing exactly the opposite now, advising people that this is confidential. Mr. Johnson. And I don't know if that's true in all programs, but it was on those. Mr. Turner. That statement that you just referred to appears to be sort of a blanket assurance that nobody is going to get ahold of it for any reason, and it seems to me that perhaps there are some legitimate reasons for making certain information available that may be--if it were specifically set forth, then the recipient signs, acknowledges they understand up front that particular entity will be able to get that information about them. Mr. Johnson. I think it's certainly something to look at to see if that would work. Mr. Turner. Mr. Clark, is my idea off base here? Mr. Clark. This is an issue that I personally have not looked at. I don't know whether GAO has a position on it. I would like to make a comment, though, with respect to the single audit process and whether you all want to look at this issue as part of the Single Audit Act or in another vehicle. Single audit is not designed to be an absolute thorough determination of the actual extent of compliance with any particular program. That's not its purpose. We like to say there's not enough audit resources to go around. We need to allocate those resources. The single audit sets up a foundation or a starting point. I'll try to use a simple example here one that I always use. If I'm a program person, and I have $100, and I send $1 to each of 100 recipients, I, of course, would like to know the absolute extent to which each of those recipients spent my dollar and all the bells and whistles and requirements that come with it, but that's very costly. So I would like to be a little smarter and maybe a little more rational. So single audit comes back and says to me as a program person, if done right through an automated data base, we're going to tell you, Mr. Clark, as a program person which of your recipients appear to have good financial management, which one of them appear to have good controls, which ones appear to be struggling, which ones can't put statements together, which ones have system problems. We're going to give you a sense of which recipients are experiencing compliance problems. And I may get the single audit reports back, and I may say, OK, looks like I have a success story with 80, but with 20 there's a problem. Single audit becomes the foundation for me as a program person to begin targeting all the tools that I may have, including this very sensitive, powerful issue of computers and matching and the like. I think then we might have a better determination of the extent to which we want to give these powers to the Federal Government, State auditors, the public accounting profession, and put in the necessary safeguards. Mr. Turner. Thank you, Mr. Chairman. Mr. Horn. OK. Let me, Mr. Johnson, pursue in just a little more detail--for the record. It's in your statement, but you noted there's a couple of examples of additional audit requirements, and one was the Environmental Protection Agency. Another was the Federal Aviation Administration. Could you sort of spell out now what was your concern on those? Mr. Johnson. With the Environmental Protection Agency, they came out with a statement that basically said, we will not accept the single audit. It doesn't meet our needs. We want separate audits done of the clean water funds and now the drinking water funds in States, and that will be separate financial statements for those programs with an auditor's opinion on them done on an annual basis. Mr. Horn. So separate statements are for the water program? Mr. Johnson. Yes. The clean water---- Mr. Horn. Clean Water Act. Mr. Johnson. And also the Drinking Water Act. So there are actually two programs now that require separate audits. In the act itself and also in the circular it says that if the single audit doesn't meet the needs of an agency, they can request additional auditing that they would have to pay for the add-on auditing. That is the loophole that EPA has gone through, although I don't know why at this point they need separate financial statements on their programs with separate opinions. When this came out, that position--where they said you must do that, they modified that slightly and said that where States won't do it, we will come in and do it, and I'm not sure of the numbers though, but I think there are roughly 12 to 14 States who do not audit the programs where EPA sends their own auditors in to audit that program on an annual basis. Even though--an example, our State, the State revolving fund is a major program, and it has been audited on an annual basis. We do look at compliance. They come in and do a separate audit, issue separate financial statements with a separate opinion on them. It seems like a real duplication of effort in that. We need to sit down, put a work group together with State auditors, OMB, GAO, EPA, find out why they can't accept the single audit and what type of adjustments need to be in the regulations so that they can accept it. Mr. Horn. How can we deal with that, Ms. Lee? Do you get them all in around your desk? Ms. Lee. Well, I agree we need to put a group together and find out what the issues are. We have authority in the act to make changes as appropriate, or even use a pilot program if there's a need. Also, from an OMB standpoint, we have a way of encouraging the agencies through the President's Management Council. So as we identify these kinds of issues, we can take it to that group and say, here are some issues. Part of what Mr. Clark mentioned for this act, we had a fairly good consensus and the agencies agreed that the Single Audit Act would work for them. We have to find out why it is and then take appropriate action. Mr. Horn. You'll followup on this? Ms. Lee. Yes, sir. Mr. Horn. Then we'll know that it is in good hands. Mr. Johnson, that State revolving fund is also related to the Clean Water Act, is it? Mr. Johnson. There are two separate programs, but I think they address basically the same---- Mr. Horn. It will get bigger and bigger, and I sit on that subcommittee also. I will be watching for it when it comes through to see what, if anything, can be put in that language. Mr. Johnson. Mr. Chairman, it may very well be that they do need a separate audit, but given the fact that the amendments just passed in 1996, and immediately this requirement came out, the concern is that the act wasn't given a chance. One of the major ideas behind the amendments in 1996 were that we would go to risk-based auditing and that we would look at programs that have demonstrated a risk, whether that be designated by Federal Government or through audit experience. When any department comes through and automatically declares a separate audit, or designates a major program under any circumstances, it takes away from that very basic idea of what we're trying to accomplish, and I think from the State audit community, we would have liked to have gone through some of these situations before they were mandated to us. Mr. Horn. Do we know if EPA had their own staff of auditors? And, this would sort of put them out of business if the State audited it and they didn't? Mr. Johnson. I don't think any department's auditors would be out of business. One of the ideas behind the single audit is that, as Mr. Clark pointed out, the single audit identifies broad problems, or it can question costs, findings that are there, weaknesses in internal controls where the Federal departments can then come in and find out the extent of the problem and deal with it specifically and resolve the problem with the auditee. There's no way that the single audit will ferret out all the problems or get to the root cause of all the problems. I don't think there's a danger of losing auditors in any departments. Mr. Horn. Ms. Lee is going to solve that one. How about the Federal Aviation Administration? What's that situation? Mr. Johnson. Federal Aviation Administration--and this was or may have been just a timing issue here because their advisory came out in 1996, but it says that they had concerns about diversion of funds within airports, and that whenever their program was audited as a major program as part of the Single Audit Act, there had to be a separate review of the diversion of funds and an opinion given on that review. Mr. Horn. Could this be under the trust fund, the Aviation Improvement Act? Is the adding of a runway or improving the infrastructure at a particular airport the type of thing we're thinking of from them, or is there a separate pot of money somewhere for something else? Mr. Johnson. Mr. Chairman, I have never audited an airport. We don't have those. This came to me as a---- Mr. Horn. You simply ski in Utah? Mr. Johnson. That's right. Mr. Horn. I watched those planes going into Salt Lake City. You've got a great skiing---- Mr. Johnson. That's Salt Lake City, and Salt Lake City audits that, so I've never dealt with this problem. It came to me as a request to add it into the testimony from another State, so I really can't comment on exactly what the program is or exactly what the problem is. I hope somebody else here could specify on it, but it was an add-on problem. Mr. Horn. Apparently some of your colleagues have had that problem. Could we sort of get a document we can put in the record at this point if you can phone up a few of your State counterparts and say, hey, what were the questions, what was the problem? Mr. Johnson. I will do that. Mr. Horn. We'd just sort of like to round it out here if you wouldn't mind. Mr. Johnson. Yes, I will do that. [The information referred to follows:] [GRAPHIC] [TIFF OMITTED]62468.044 [GRAPHIC] [TIFF OMITTED]62468.045 [GRAPHIC] [TIFF OMITTED]62468.046 [GRAPHIC] [TIFF OMITTED]62468.047 Mr. Horn. Now, Mr. Clark, the General Accounting Office has the responsibility to review provisions requiring financial audits of non-Federal entities; is that correct? Mr. Clark. That is correct. Mr. Horn. Do you agree that the EPA requirements contradicted the intent of the Single Audit Act? Mr. Clark. If I could back up and then answer that question. First, to be fair here, I do want to say that the EPA issue and the FAA issue were a problem. And I think the timing was horrible, close to when the amendments were passed. We had two Federal agencies who, by the way, were not evil. They honestly wanted accountability over their funds. They're in a hurry. They were getting a lot of pressure, and they wanted to get going, and sometimes they want everything audited, and so they went ahead. And I think from the State auditors perspective--and again, if I were a State auditor, I'd have the same concern--State auditors, I think, may, if I can speak for you, Auston, look at the Federal Government as one and count on OMB, GAO and the IGs working together to communicate. When an agency on its own, like EPA or FAA, goes out with an action like this without it being announced, without it being floated through the audit forums, and all the other mechanisms we had to do that, there's perhaps a sense of distrust. It is important to look at the EPA and the FAA issues. I would like to say, though, these are exceptions. I think the norm is that we do a very good job. We monitor. We are required under the law to monitor all legislation. Technically the amendments tell us to identify legislation as reported out of a committee, and then we have some requirements to notify. We actually get involved now much earlier in the process. We try to identify any bill that's introduced, and with 5,000, 10,000 bills being introduced every Congress, this is an enormous effort. We're trying to involve everybody in the process here, and, before we get to the point where we have legislation and we have a conflict, we can look at what everybody's purpose is, what they're tying to accomplish. We've had a lot of success stories here of sitting down with program people, with IGs, with the State auditors, listening to what is needed and fashioning a solution that is less than the legislative issue. Once the FAA issue was put on the table, I think we struck a compromise from that point forward, struck an excellent compromise, and still stayed within the constraints of the Single Audit Act. Again, as I said in my statement, we're going to continue to do this monitoring effort. It is taxing, it is tedious, but it is rewarding, because I think in the end we have everybody on the same page. Mr. Horn. Let me go back a minute to the attachment I put in the record that Mr. Johnson had from his colleague in the State of Washington, Mr. Brian Sonntag, the State auditor, the State of Washington. Unfortunately, he couldn't be here. He was able to submit a statement, and I think as Ms. Lee pointed out in her testimony, the State of Washington has submitted a proposal for a pilot project under the act, and the amendments of 1996 give OMB that authority to authorize pilot projects. Have you received any other proposals besides Mr. Sonntag's? Ms. Lee. Not that I'm aware of. Mr. Horn. Is there anything that OMB or Federal agencies could be doing to promote more interest in pilot projects? Ms. Lee. I think that we should continue to work in the groups and as people identify potential pilots, to encourage them. There's also a lot of people looking to this pilot program in Washington and saying, ``OK, what happens here.'' I think we'll have some further requests or further ideas from this very pilot program. Mr. Horn. Mr. Johnson, do you have any thoughts on why there have not been more pilot projects from the State auditor community in particular? Mr. Johnson. I think the newness of the program. We've been busy just getting our arms around what we have to do, not looking at ways to improve. I do think the State of Georgia was looking at a very similar project to what Washington was, and I think they're just waiting to see what happens with the one in Washington. But they had the same issue on auditing school districts on a statewide basis. Mr. Horn. What's the sort of feeling, Ms. Lee, that you have in OMB on what type of projects we are looking for? Ms. Lee. I think we're just looking for anything that will meet the needs of the act: the reduced burden, more accountability, good insight. One of the pieces of the act that hasn't really been exercised yet, but I think is going to come into fruition, is the program accountability. You know, right now we're doing the consistency audits and the financial background, but now there's still another piece of the act which is going to evolve, which is actual programmability. This is going to tell us something about the programs themselves. Mr. Horn. Is there any movement to have, say, simplification of what might have been a very complex approach to something? Ms. Lee. Just as it evolves from these groups from their ideas on that, and from working with the circular, and from this particular test program. But as far as a big rush to further simplify, it's not there yet. Mr. Horn. You're very good with that demonstrative pile. Ms. Lee. I'd love to leave this with you, sir. Mr. Horn. No, I want you to stay awake at night and use it for curing insomnia, but, that looks frightening to say the least. Mr. Johnson. Mr. Chairman, if I might, there have been big advances in that document from when it started. There's been some matrixes added, some clarifications. OMB has done a great job in getting rid of--I hesitate to use the word ridiculous, but unnecessary audit requirements that some departments wanted. It has been simplified and has been streamlined a great deal, and it's a much more useful document than when we first started. Ms. Lee. And we're putting it on the Internet now so everybody can access it easily. Mr. Horn. Given that proposal in front of you, is OMB committed to reviewing proposals in a timely way? Ms. Lee. Yes, sir. In fact, I'm interested in trying to move it up a month so it is more useful. Mr. Horn. Mr. Turner doesn't have any more questions. I don't have any more questions. And I must say this is about the most civilized group I've ever had in a hearing. One, we're getting out of here in 51 minutes; and No. 2, everybody is so nice to everybody else. Nobody is shouting and saying, that's the craziest idea I've ever heard. So, we thank you all three for coming, and obviously you have all the knowledge in your brains. We don't. But we welcome you to work together as you have been and keep this thing moving, because I think it's in all of our interest to do that as long as we can catch fraud, waste, and abuse in the process. So no more questions. We adjourn this hearing, and we thank you all for coming. I want to thank the staff in particular that put this together. Mr. George is over there with the phone in his ear. That's because he's from New York, and everybody has a phone in their ear in New York. He's staff director and general counsel. Bonnie Heald is in the back of the room probably, the director of communications. And I regret to say that the gentleman to my left and your right, Larry Malenich, is from the General Accounting Office, and he will be leaving us after this assignment. And we thank him for all that he's done. He and other GAO people have just done a terrific job for the Congress. And I thank Mason Alinger, our faithful clerk here; and Faith Weiss, the minority counsel; and Earley Green, the minority staff assistant. And the court reporters this morning are Julia Thomas and Laurie Harris, and we thank you all. With that we are adjourned. [Whereupon, at 10:53 p.m., the subcommittee was adjourned.] -