E-mail a link to this directive

INSPECTOR GENERAL AUDITING

DAO 213-3: INSPECTOR GENERAL AUDITING
Number: DAO 213-3
Effective Date: 2020-10-21

SECTION 1. PURPOSE.

.01 This Order prescribes the policies and procedures of the Office of the Inspector General (OIG) for conducting and reporting on audits, inspections, evaluations and related matters.

.02 This revision generally updates the Order to reflect policies and procedures for audits, inspections, evaluations, and related matters of the OIG not previously contained in the Order.It also reflects title and function changes within the OIG, as set forth in the Department Organization Orders 10-13 and 23-1.

SECTION 2. AUTHORITY.

.01 The Inspector General (IG) has the authority to conduct and supervise audits and other activities such as inspections and evaluations relating to the Inspector General Act of 1978 as amended, 5.U.S.C. App., (the Act). All audit, inspection and evaluation activities within the Department are within the responsibility of the OIG and will be carried out by or under the direction of the Office of Audit and Evaluation (OAE).

.02 In performing the OIG’s audit, inspection and evaluation functions, the IG is authorized, under the Act, to have timely access to all records, reports, audits, reviews, documents, papers, programs and operations. Department operating units must provide OIG staff direct timely access to all pertinent records and personnel.

SECTION 3. RESPONSIBILITIES OF THE OIG.

.01 Audit, Inspection, and Evaluation Functions. OAE will perform, or arrange to have performed, and to report on audits, attestation engagements, inspections and evaluations of all operating units, programs, activities and functions of the Department. OAE may also perform audits, attestation engagements inspections, evaluations, or other reviews of contracts, grants, cooperative agreements, loans and other agreements proposed or entered into by operating units of the Department.

.02 Financial Audits. Financial audits provide an independent assessment of and reasonable assurance about whether an entity’s reported financial condition, results, and use of resources are presented fairly in accordance with recognized criteria.

a. Financial Statement Audits: The primary purpose of a financial statement audit is to provide reasonable assurance through an opinion (or disclaim an opinion) about whether the financial statements of an audited entity’s financial statements are presented fairly in all material respects in conformity with generally accepted accounting principles (GAAP), or with a comprehensive basis of accounting other than GAAP.

b. Other types of financial audits: Other types of financial audits under generally accepted Government Auditing Standards provide for different levels of assurance and entail various scopes of work, including (1) providing special reports, such as for specified elements, accounts, or items of a financial statement; (2) reviewing interim financial information; (3) issuing letters for underwriters and certain other requesting parties; (4) reporting on the controls over processing of transactions by service organizations; (5) auditing compliance with regulations relating to federal award expenditures and other governmental financial assistance in conjunction with or as a by-product of a financial statement audit.

c. Financial Audits and Attestation Engagements Performed by Others: OIG will rely on financial audits and attestation engagements of Department-funded organizations, programs, activities and functions performed by state and local government audit organizations or independent public accountants, under provisions of applicable Office of Management and Budget (OMB) Circulars, to the fullest extent possible, provided that:

1. The audit and attestation reports and working papers are available for review by OIG;

2. The audits and attestation engagements are performed in accordance with generally accepted auditing standards (including the government auditing standards issued by the Comptroller General of the United States) and with applicable OMB guidance; and

3. The audits and attestation engagements otherwise meet the requirements of the Department of Commerce OIG.

d. Other Responsibilities: The Chief Financial Officers Act of 1990, as amended by the Government Management Reform Act of 1994, requires the annual preparation and audit of organization-wide financial statements of 24 executive branch departments and agencies. To fulfill this requirement, the OIG may perform the audit of the Department’s consolidated financial statements, as well as audits of selected bureaus of the Department, or may contract with an independent certified public accounting firm (or multiple firms) to conduct any of such audits. In addition, the Federal Financial Management Improvement Act of 1996 requires that the report on these audits state whether the agency financial management systems comply substantially with federal financial management systems requirements, applicable federal accounting standards, and the U.S. Government Standard General Ledger at the transaction level.

.03 Performance Audits. Performance audits are defined as engagements that provide assurance or conclusions based on an evaluation of sufficient, appropriate evidence against stated criteria, such as specific requirements, measures, or defined business practices. Performance audits provide objective analysis so that management and those charged with governance and oversight can use the information to improve program performance and operations, reduce costs, facilitate decision making by parties with responsibility to oversee or initiate corrective action, and contribute to public accountability. Performance audit objectives may vary widely and include assessments of program effectiveness, economy and efficiency; internal control; compliance; and prospective analyses. These objectives are not mutually exclusive, and a performance audit may have more than one objective.

Compliance audit objectives relate to compliance criteria established by laws, regulations, contract provisions, grant agreements, and other requirements that could affect the acquisition, protection, use, and disposition of the entity’s resources and the quantity, quality, timeliness, and cost of services the entity produces and delivers.

.04 Attestation Engagements. Attestation engagements can cover a broad range of financial or nonfinancial objectives and may provide different levels of assurance about the subject matter or assertion depending on the users’ needs.

.05 Inspections and Evaluations. As used in this DAO, the term “inspection and evaluation” includes evaluations, inquiries, and similar types of reviews that do not constitute an audit or a criminal investigation. An inspection is defined as a process that evaluates, reviews, studies, and/or analyzes the programs and activities of a Department/Agency for the purposes of providing information to managers for decision making; making recommendations for improvements to programs, policies, or procedures; and identifying where administrative action may be necessary.

.06 Quality Standards for Audits, Inspections, and Evaluations. OAE manages its activities using a quality control system designed to assure that established professional standards, policies, and procedures are adhered to in the conduct of audits, inspections and evaluations, the preparation and issuance of reports, the resolution of contested findings, and the performance of all other aspects of its assigned duties. OAE complies with standards established by the Comptroller General for audits and attestation engagements of federal entities, organizations, programs, activities, functions, and of government contractors, non-profit entities, and other non-government entities. In addition, OAE takes appropriate steps to assure that any work performed by non-federal auditors complies with the standards established by the Comptroller General and with OMB guidance. For inspections and evaluations, OAE complies with the Quality Standards for Inspection and Evaluation issued by the Council of the Inspectors General on Integrity and Efficiency.

.07 Risk Assessments and Other Reviews. OAE may also conduct risk assessments and other reviews as appropriate. These reviews may address any issue within the OIG’s purview. The product of such reviews may include memoranda or flash reports. In order for these reviews to be responsive to the relevant stakeholders, comments from the operating unit may be required on an expedited basis.

SECTION 4. RESPONSIBILITIES OF DEPARTMENT OFFICIALS AND EMPLOYEES.

.01 General. Secretarial officers and the heads of operating units are responsible for ensuring compliance with Department policies; establishing and executing plans, procedures, and internal controls for preventing fraud, waste and abuse in their programs and operations; extending full cooperation to OAE in implementing an effective audit, inspection and evaluation program; and objectively reviewing and evaluating audit, inspection and evaluation findings and recommendations. Although the Secretarial officers and heads of operating units do not have to accept all audit recommendations, in accordance with Section 9 of this Order and DAO 213-5, they must take timely action on all accepted recommendations and provide justification for any rejected recommendations.

.02 Agency Liaison. Each Secretarial officer or the head of each operating unit shall appoint a senior official as Agency Liaison who will be the primary contact between OIG and the Department office or operating unit at the headquarters level for the conduct of audits, inspections and evaluations. The same person should be the Agency Liaison for all audit, inspection and evaluation matters, including the handling and resolution of Government Accountability Office (GAO) reports and recommendations and the resolution of OIG audit, inspection and evaluation recommendations. The Agency Liaison will also keep the OIG informed of changes within the departmental agency or operating unit that may affect audit, inspection, and evaluation planning, e.g., changes in organization, legislation, program emphasis, and funding. The appointment of an Agency Liaison does not restrict OIG’s timely access to records and personnel.

.03 Cooperation with the OIG. It is Department policy that all employees fully cooperate with OAE so that audits, inspections and evaluations may be conducted and brought to a prompt and appropriate conclusion. Department officials shall make every effort to assist OAE in achieving the objective of effective audits, inspections and evaluations.

To carry out its statutory required functions, the OIG necessarily requires on a regular basis, information and assistance from Department managers and staff. It is imperative that, upon request, Department personnel provide OIG auditors, inspectors, and evaluators with full and unrestricted timely access to personnel, facilities, records, and other information or material that OIG needs to accomplish its mission. Managers and staff are required to expeditiously provide information responsive to an OAE request in the manner requested, rather than through an intermediary for review prior to disclosure.

Department of Commerce Agency Liaisons, managers and staff may not impose burdensome administrative requirements or screening procedures that could impede OIG timely access to employees and materials. Management should not attempt to control or influence the free flow of information to and from OAE or to frustrate the full and unfettered exchange between Department personnel and OAE during active audits, inspections and evaluations.

Department managers and staff are required to provide complete cooperation promptly upon OAE requests for information. Department staff are not required to obtain permission from, or inform, Department managers or lawyers before they speak with OAE representatives during audits, evaluations, inspections or other OIG reviews. Staff may, at their own discretion, contact Department managers and lawyers with any questions regarding their responsibility to cooperate with OAE. Managers and staff will respond to OAE requests for interviews in a timely manner.

.04 Access to Records. Each Department office or operating unit and each employee shall furnish to OAE, and to any contractor hired by OIG to audit the Department’s financial statements, upon request, timely access to and copies of all records, reports, audits, reviews, documents, papers, recommendations, or other materials available to it. Department management and staff will promptly provide materials responsive to a request and other relevant information even if not specifically requested. Requested materials should be produced directly to OAE immediately upon request.

Department employees should advise OAE when materials provided contain privacy-protected, classified, attorney-client privileged, deliberative, and other sensitive information, or materials from agencies outside the Department. OAE will handle Department records and other materials consistent with all current laws and regulations protecting the confidentiality of the information. In conformity with law, Department officials shall also provide the necessary authorizations for OAE timely access to computer and other data or records when such are kept by another government agency or by any outside contractor, grantee or other recipient of Department assistance.

.05 No Reprisals. No employee or official who has authority to take, direct others to take, recommend or approve any personnel action shall direct any employee to refrain from making a complaint or reporting information to OIG. Further, no employee or official shall take or threaten any action against any employee as a reprisal for making a complaint or disclosing information to OIG, or for evidencing an intention to do so, unless the complaint was made, or the information disclosed with the knowledge that it was false or with willful disregard for its truth or accuracy.

Department management and Agency Liaisons should respect employee’s duties and rights to speak directly and confidentially with OIG in accordance with legal requirements and should refrain from activities that might interfere with an employee’s, contractor’s, or grantee’s communication or cooperation with OIG.


SECTION 5. PROCEDURES FOR AUDITS, INSPECTIONS, EVALUATIONS OR OTHER REVIEWS FOR ENTITIES WITHIN THE DEPARTMENT.

.01 Requests for OIG Audit Activities. Department officials may request specific audits by contacting the IG or Deputy IG. The OIG will consider such requests but retains discretion as to the subject matter and timing of all audit activities.

.02 Advance Notification. OAE will generally give advance notification to appropriate Department officials for survey and audit, inspection and evaluation work.

.03 Entrance Conference. With the exception noted in section .02, at the start of an audit, inspection or evaluation, OAE will arrange to discuss with officials responsible for the organization, program or function to be audited or reviewed, the objectives and general scope of the audit, inspection or evaluation; the anticipated completion date, and other relevant matters. Department officials should take advantage of this opportunity to assure that they have a clear understanding of the objectives of the audit, inspection or evaluation and to inform OAE of areas of activities needing special attention and any other pertinent information that would assist in planning the audit, inspection or evaluation.

.04 Conduct of Fieldwork. In conducting an audit, inspection or evaluation, OAE may undertake one or more of the following activities:

a. Survey of the program entity or function to be audited, inspected or evaluated. The survey is an initial analysis of the organization, methods, and internal controls governing the operations of the entity being audited.

b. At the completion of survey work, at the discretion of the OIG, any potential findings that have been identified in the survey will generally be discussed with officials of the organization to determine whether, without additional audit work, agreement can be reached between OIG and the office or operating unit as to the existence of the findings and the support for them. If agreement is reached, a report will generally be furnished in accordance with paragraph 5.07 of this Order.

c. Interview officers and employees of the agency or operating unit;

d. Interview individual outside the agency or operating unit, as necessary and appropriate.

These may include users or beneficiaries of the organization’s programs or services, contractors, grantees, and individuals in other organizations that work with the organization, program or operation being audited or reviewed;

e. Conduct on-site surveys of the organization, program or operation being audited or reviewed;

f. Examine selected documents and records, as necessary;

g. Test computer or other operating systems or procedures to identify vulnerabilities or other problems; and

h. OIG may issue a preliminary report or management advisory memorandum before completing the full audit, inspection or evaluation when significant findings require immediate management action to curtail or prevent fraud, waste or abuse, or to address other time-sensitive issues.

.05 Progress Briefings. During an audit, inspection, evaluation, or other review, OIG will generally hold periodic meetings with officials of the organization being audited, inspected or evaluation to discuss the progress of the audit, inspection or evaluation and identify issues being developed. During these meetings, Department officials are encouraged to express their views on the preliminary findings and to provide any information that may have been overlooked by the audit, inspection or evaluation team that could alter or impact its conclusions.

.06 Exit Conference. Upon completion of the audit, inspection, evaluation, or other review, the OIG will hold one or more exit conferences with officials responsible for the operating unit, program or operation under review in order to discuss the results of the audit, inspection or evaluation and proposed recommendations, except for specific matters which, pursuant to applicable audit or investigations policy, may not be disclosed.

a. Upon completion of an on-site visit for an audit, inspection or evaluation, the OIG team leader may provide an exit briefing to the official in-charge on the preliminary findings.

b. At the conclusion of the audit, inspection or evaluation, the OIG team leader will arrange, through the Agency Liaison, for OIG officials to brief senior agency officials on the results of the audit, inspection or evaluation. This briefing is intended to convey timely information to managers and to provide a forum to discuss the findings, sensitive issues, and proposed recommendations.

c. Open and candid discussion of the results of the audit, inspection or evaluation during an exit conference is encouraged in order to ensure that final reports are factual and that the team's conclusions and recommendations are sound and reasonable.

.07 Issuance of Audit. Inspection, Evaluation, or Other Reports

a. Preliminary Reports. OIG may issue a preliminary report or management advisory memo before completing the full audit, inspection or evaluation when significant findings require immediate management action to curtail or prevent fraud, waste or serious abuse, or to address other time-sensitive issues.

b. Draft Reports. After the exit conference, the OIG will generally furnish a draft report to the Department officials who have responsibility for taking action on the reported matters. Where appropriate, agency efforts to correct identified problems during the course of the audit, inspection or evaluation will generally be recognized by OIG in its reports.

1. Within a period of time designated by the OIG, which will generally be between 14 days to 30 days after the transmittal of the draft report, Department officials must submit written comments responding to the issues and recommendations raised in the draft report. However, the appropriate Assistant Inspector General (AIG) may require Department officials to comment on the draft report in less than 14 days if the OIG determines that it is necessary to ensure that fraud, waste or serious abuse is prevented or curtailed or that immediate management action is taken to address time sensitive issues. If Department officials do not submit comments within the period of time designated by the OIG, the OIG may issue a final report.

2. The agency’s reactions to the findings and recommendations of the audit, inspection or evaluation are an important part of the audit. Agency officials should respond to the report and specifically:

i. State concurrence or reasons for non-concurrence with, and make other pertinent comments about the findings; and

ii. Briefly indicate the action taken or proposed to be taken regarding the recommendations.

c. Agency officials may request, and the OIG may approve, an extension of the due date for the agency’s response to the draft report. Such requests should be directed to and approved by the appropriate AIG.

d. In the final report, the OIG will generally include comments received from Department officials, including opposing views and statements of actions that have been taken or are proposed. OIG may, as appropriate, include a rebuttal in the final report. Copies of final reports will be sent to those Department offices concerned with the activity audited, inspected or evaluated.

SECTION 6. PROCEDURES FOR EXTERNAL AUDITS.

.01 Audit Workload and Priorities. OAE will plan and conduct audits of Department contracts, grants, cooperative agreements, loans and other financial agreements. Contracting officers, grant administrators, and other designated officials may, from time to time, request special audits of contracts, agreements, cost proposals, or cost and pricing data, in addition to scheduled audits. Such requests may be directed to the IG or Deputy IG and the OIG will determine, depending on the priority of the matter and the availability of resources, the extent to which such special audits will be made and the timing thereof.

.02 Audits Performed by OAE. The following procedures will apply to external audits performed by OAE.

a. OAE staff will notify the contractor, grantee, borrower or other recipient to be audited (i.e., the auditee) of the intended starting date for the audit and other arrangements necessary to expedite the audit. The appropriate contracting officer grant officer or other designated official also will be notified of the intended audit and the estimated completion date.

b. At the beginning of each audit, an entrance conference will be conducted to discuss the following with the auditee: the purpose of the audit; the expected scope of the review; the anticipated ending date; and other pertinent matters.

c. During the course of an audit, a discussion of the findings will be conducted with the auditee to the fullest extent feasible. At the conclusion of each audit, and except where deemed inappropriate, an exit conference will be conducted with the auditee to discuss and obtain concurrence in findings and possible disallowances and to obtain a clear statement of the position taken by the auditee on the findings and possible disallowances. At the end of the audit, OAE will provide the results of the audit to the contracting officer, grants officer, or other designated official.

d. Final OAE reports will be addressed to the grant recipient so that the recipient can review the report and develop a response to the findings and recommendations. The final OAE report will also be sent to the contracting officer, grants officer, or other designated official within the Department. It is the responsibility of the designated Departmental official to consider the response from the grant recipient and issue an action plan on the findings and recommendations.

.03 Audits Performed by Others. OAE will obtain or conduct quality control reviews on selected non-federal audits of Commerce awards and provide the results to appropriate organizations.

a. Independent Public Accountants. Independent public accountants engaged to perform audits in accordance with Government Auditing Standards including attestation engagements of Department-financed organizations must be either Certified Public Accountants or public accountants licensed on or before December 31, 1970, by state regulatory authorities. Government Auditing Standards, often referred to as the “Yellow Book” or Generally Accepted Government Auditing Standards (GAGAS), is issued by the Comptroller General of the United States. GAGAS contain requirements and guidance dealing with ethics, independence, auditors’ professional competence and judgment, quality control, the performance of field work, and reporting.

SECTION 7. REFERRALS TO THE OFFICE OF INVESTIGATIONS.

Indications of fraud or other criminal activity discovered during the conduct of an audit, inspection or evaluation will be referred to the Assistant Inspector General for Investigations (AIGI). Audit, Inspection and Evaluation reports will not be issued until matters under investigation either have been resolved or issuance of the report is cleared by the IG. When the audit, inspection or evaluation is being performed at the request of a program official, contracting officer, grant administrator, or other designated Department official, OAE will notify the requestor that the matter has been referred to the AIGI, unless the IG or the AIGI determines that such notification would interfere with an investigation or prosecution.

SECTION 8. HANDLING OF AUDIT, INSPECTION, EVALUATION OR OTHER REPORTS.

.01 Dissemination of Audit, Inspection, Evaluation, or Other Reports. Audit, inspection and evaluation reports will be submitted to Department officials who have responsibility for taking action on the results and recommendations of the audit. Copies of the reports may be furnished to other Department officials who have a need for the report in the course of performing their official duties.

External reports involving matters other than the review of contracts, loans or loan guaranties will be provided to the auditee or the auditee’s representative, except as provided in Section 7 of this Order or in the GAO standards for government auditing. Any further dissemination of audit, inspection or evaluation reports must be coordinated with the OIG.

a. The OIG reviews final audit, inspection and evaluation reports for public release. On occasion, other types of final reports may also be reviewed for public release. Reports cleared for public release will generally be made available on the OIG website at www.oig.doc.gov or may be obtained from OIG.

b. The availability of any report in response to a Freedom of Information Act (FOIA) or Privacy Act request will be reviewed and determined by the OIG. All requests for copies of reports should be promptly referred to the OIG FOIA Officer in accordance with applicable Department procedures.

.02 Security of Reports. Reports will be marked with appropriate labeling when the OIG determines the reports contain controlled but unclassified information.

.03 Inquiries Concerning Audit Work. Inquiries to a Department office or operating unit concerning internal OIG audit, inspection or evaluation work, whether contemplated or in progress, shall be referred to the IG or Deputy IG. Inquiries concerning external audit work shall be referred to the IG or Deputy IG.

SECTION 9. ACTION ON AUDIT, INSPECTION OR EVALUATION REPORTS.

.01 Follow-up on Reports. OAE is responsible for following up on all unresolved audit recommendations, which have been identified to the Office of the Secretary, as they relate to the Department or entities funded by the Department.

.02 Audit Resolution Responsibilities. Secretarial officers, heads of operating units, contracting officers, grant administrators, and other designated officials are required by OMB Circular A-50 to:

a. make final written determinations of the action to be taken on audit report recommendations;

b. initiate action to assure that such determinations are carried out;

c. assure that final resolution proceeds as rapidly as possible; and

d. assure that resolution actions are consistent with law and regulations, including written justification or legal basis for rejecting any recommendations and decisions not to seek recovery of amounts due as a result of audit reports. The designated Agency Liaison (see paragraph 4.02 of this Order and DAO 213-5) shall be the point of contact within the organization on matters concerning unresolved audit recommendations and costs questioned.

.03 Audit Resolution Procedures. Detailed procedures for resolving audit recommendations, costs questioned, and funds put to better use are contained in DAO 213-5, including requirements for assuring that final written determinations are made within a maximum of six months from issuance of the report, and formally resolved as rapidly as possible, as mandated by applicable OMB Circulars

.04 Inspection, Evaluation, or Other Review Resolution Procedures. Department policy requires Secretarial officers, heads of operating units, contracting officers, grant administrators, and other designated officials, to follow the same procedures in making determinations, initiating action, and resolving OAE Inspection and Evaluation recommendations as are required with respect to audit recommendations in subsections .02 and .03.

SECTION 10. EFFECT ON OTHER ORDERS.

This Order supersedes Department Administrative Order 213-3, dated October 19, 2006 and supplements the information in DAO 213-5.

Signed by: Secretary of Commerce

Questions and Comments

Send Questions or Comments on the Commerce Directives Management program to Directives@doc.gov.

Office of Privacy and Open Government
Office of the Chief Financial Officer and Assistant Secretary for Administration
U.S. Department of Commerce

 

Page last updated: October 29, 2020