Thank You!

You are attempting to access subscriber-restricted content.

Are You Ready to Experience Everything Internal Auditor (Ia) Has to Offer?

​Internal Audit Considerations for the "Spend Now" Public Sector

Unprecedented U.S. infrastructure funding is coming, and internal auditors must help ensure government entities spend it appropriately.

Comments Views

​U.S. news outlets are currently detailing what exactly is in the historic $1.2 trillion infrastructure bill that President Joe Biden signed in November. A significant portion of the bill is dedicated to federal government contracts, and the inevitable spending spree may soon be keeping public sector internal auditors very busy.

Although the level of spending is unprecedented, the situation itself is not. Internal audit can learn much from studying the successes and failures of the last major influx of funding seen in the public sector.

History Repeats Itself

For the U.S. public sector, 2009 was a landmark year. In the wake of the housing market crash that triggered a new recession, there was a desire to inject a large amount of funding into the public sector quickly. This desire manifested in the American Recovery and Reinvestment Act of 2009, which provided approximately $831 billion (PDF) in stimulus for a wide range of recipients and uses. According to reports, $275 billion of these funds were allocated to federal contracts, grants, and loans.

All at once, public sector entities had a substantial amount of money and little guidance on how to use it. "The regulations, unfortunately, took a long time to follow," says Mark Maraccini, Public Sector Internal Audit Lead Partner at Crowe and the speaker for The IIA Public Sector Audit Center's Dec. 10 webinar, "Equity in Procurement: How Auditors Balance Assessing DE&I Strategic Initiatives Within Procurement Processes, While Safeguarding Against Fraud, Waste, and Abuse." "The federal government essentially said, 'We need to spur the economy to spend, spend, spend, spend.' This created an environment fraught with risk, and it wasn't until 2010 or 2011 that auditors started to get involved and ask questions."

At the time, audit clients were taken aback by the sudden scrutiny they were placed under, Maraccini recalls. "They said, 'What do you mean guidance?'" he says. "'You didn't tell me there were all these caveats, restrictions, and requirements.'"

Same Risk, Different Year

Fast forward to 2021 and history appears to be repeating itself, although in response to a very different crisis. In the U.S. alone, the death toll from the COVID-19 pandemic is more than 805,000, and the number of recorded COVID-19 cases is over 49 million. Additionally, the pandemic and the policies enacted in response to it have had profound effects on the U.S. economy. At its worst point, 17 million people lost their jobs in a single month, and the gross domestic product declined by $2.1 trillion.

Continued recovery from the pandemic, from both an economic and health and safety standpoint, were core tenets of President Biden's presidential campaign. To that end, the infrastructure package is the largest single investment in U.S. infrastructure in decades. Roughly $240 billion will go toward building or rebuilding roads, bridges, public transit, airports, and runways. Another $150 billion will be used for climate change-related projects such as electric vehicle charging stations, updating energy grids to work better with renewable energies, and making public transit more sustainable.

Much like in 2009, however, with a massive influx of funding and limited guidance on where it is supposed to go, public sector organizations have a complex road before them. "This creates a split inference between what the government is telling organizations to do and what organizations know will eventually happen," Maraccini says. He notes that all federal grants have requirements and processes, and contractors have controls to ensure they are followed. "Eventually, the auditors are going to start asking questions to check that funding was spent in accordance to released guidance," he says.

In this environment, public sector contractors will turn to internal auditors to help avoid past mistakes, even without a clear picture of what the regulatory environment will look like. "What internal audit can do now is help balance messaging to ensure, even in an environment that is saying 'spend and spend now,' organizations remain responsible," Maraccini explains. "They should follow the same controls, processes, and procedures they were already following and not go too outside the box in their spending initiatives."

Internal Audit Value

The primary tool internal audit has to provide such messaging is an audit of procurement activities. These activities are detailed in The IIA's latest Supplemental Guidance Practice Guide, Auditing Procurement in the Public Sector. The guide also recommends ways internal auditors can add value to public procurement by providing independent assurance and advice.

According to the Practice Guide, internal audit assurance regarding procurement activities typically addresses:

  • The adequacy and effectiveness of governance and oversight.
  • Compliance objectives, including those related to public reporting and disclosure.
  • The organization's ability to measure its procurement performance, recognize deficiencies, and take corrective actions.
  • The integrity of the procurement process and the achievement of the desired objectives.
  • Process efficiencies and improvements.
  • Information systems specific to procurement processes.


According to Maraccini, audit engagements in this environment must happen in real time. "We want management to have internal audit feedback regarding its decisions in the present, not after the decisions have already been made," he explains. "We want all organizational stakeholders confident that we have a good process to gauge spending, sound controls, and that the organization is still maintaining a high level of ethical behavior with every step it takes."

A Collaborative Mentality

Although internal audit's role in managing procurement funding risk is significant, it shares this burden with operational management, quality assurance, and compliance, according to the Practice Guide. To provide true, comprehensive assurance, collaboration is essential.

 From internal audit's perspective, collaboration takes many forms, including inquiring about recent risk assessments and risk occurrences, and having the chief audit executive share information and coordinate activities when appropriate. Internal audit also should communicate whether procurement business units "are organized and … sufficiently skilled and qualified to navigate the complex legalities of public procurement," the Practice Guide advises. Moreover, internal audit can interact with external audit — in conformance with Standard 2050: Coordination and Reliance — to ensure that assurance work is not duplicated and provisions for assurance and advice are maximized.

"Internal audit should be starting communications just to understand how departments are handling purchases, as well as what controls were added or taken away in response to the pandemic," Maraccini says. "This isn't to be accusatory; rather, it's just asking questions around how we're doing this, and if we are doing anything different with these types of funding. Everyone must be on the same page."

According to Maraccini, some questions internal audit could ask include:

  • How are decisions for purchases being approved, and has the workflow approval process changed?
  • Is the organization getting requests for more emergency purchases under this new approval process?
  • Is the organization now doing things it hasn't done before such as applying funding back to previous periods or allocating costs it normally wouldn't?


Maraccini emphasizes that such questions are designed to acquire information outside the traditional audit process. "This is about getting recommendations to management now with key action steps," he says. "You can call it a 'current state assessment.'"

Balancing Action With Caution

Most of the new infrastructure bill's federal investments will be dispersed over the next five years, CNN reports. During this period, to mitigate the substantial risk public organizations face from regulators without detailed guidance, internal audit can remain an arbiter between the desire for spending action and the desire for caution. Somewhere in between these two desires lies a suitable path forward, and internal audit is positioned to light the way.

Logan Wamsley
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to remove comments.

About the Author

 

 

Logan WamsleyLogan Wamsley<p>​Logan Wamsley is associate manager, Content Development, at The IIA.<br></p>https://iaonline.theiia.org/authors/Pages/Logan-Wamsley.aspx

 

Comment on this article

comments powered by Disqus
  • AuditBoard-January-2022-Premium-1
  • CIA-January-2022-Premium-2
  • 2022-GAM-January-2022-Premium-3

 

 

Stopwatch Auditinghttps://iaonline.theiia.org/blogs/jacka/2021/Pages/Stopwatch-Auditing.aspxStopwatch Auditing
Thanks, We Already Know Thathttps://iaonline.theiia.org/blogs/jacka/2020/Pages/Thanks-We-Already-Know-That.aspxThanks, We Already Know That
Remember the 98 Accounthttps://iaonline.theiia.org/blogs/jacka/2021/Pages/Remember-the-98-Account.aspxRemember the 98 Account
Hidden Goalshttps://iaonline.theiia.org/blogs/jacka/2021/Pages/Hidden-Goals.aspxHidden Goals