HCCA Research Compliance Conference
June 5-8, 2016
One Rule, Two Rule
Red Rule, Blue Rule
June 7, 2016
YOUR MISSION | OUR SOLUTIONS
© Huron Consulting Group Inc. All Rights Reserved.
Huron is a management consulting firm and not a CPA firm, and does not provide attest services, audits, or other engagements in accordance with the AICPA's Statements on Auditing Standards.
Huron is not a law firm; it does not offer, and is not authorized to provide, legal advice or counseling in any jurisdiction.
Agenda
• Red vs. Blue: Definition and Background
• Uniform Guidance: Setting the Red and Driving the Blue Rules
• Implementing the Uniform Guidance: Applying Red and Blue Rules
• Blue Rules: Establishing Internal Controls
2
1
HCCA Research Compliance Conference
June 5-8, 2016
Red vs. Blue:
Definition and Background
Definition and Background
RED VS. BLUE
Rules (and regulations) drive the way we live:
•
•
•
•
Legal: Stop at a red light
Policy: Provide a photo-ID when writing a check
Custom-based: Say “please” and “thank you”
Experience-based: Don’t drink expired milk
Think of rules in two categories…
RED RULES
Rules that cannot be broken
BLUE RULES
Rules to keep operations
running smoothly
4
2
HCCA Research Compliance Conference
June 5-8, 2016
Definition and Background
A FOCUS ON THE BLUE
Red Rules are easy… Thank you government, health, safety, etc.
Blue Rules are different, these rules can, and sometimes should be,
broken (or changed!).
A real-life example of applying (and bending) Blue Rules:
• Office dress code has a business formal dress code
• A Chicago winter deep freeze strikes
• Snow pants (and long underwear!) become advisable
5
Definition and Background
RED VS. BLUE IN SPONSORED PROJECT ADMINISTRATION
Mandatory, driven by
regulations and terms and
conditions
SPONSORED PROJECT
RED RULES
• Protect the federal government from risk of waste, fraud and abuse
“Records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report….”
Uniform Guidance
6
3
HCCA Research Compliance Conference
June 5-8, 2016
Definition and Background
RED VS. BLUE IN SPONSORED PROJECT ADMINISTRATION
SPONSORED PROJECT
BLUE RULES
Institutionally-driven, may
have a degree of flexibility
• Protect the institution, its resources and its people from these same
risks
• Facilitate the management of sponsored awards
• Make it easier to follow the Red Rules….
• Other reasons????
“(Institutional policy requires) All sponsored research proposals submitted to federal funding agencies become part of the University’s permanent records.”
Institutional Policies and
Procedures
7
Definition and Background
A FOCUS ON THE BLUE IN SPONSORED PROJECTS
What are these “other reasons”?
Workflow
frustration
Level of
trust
Risk
tolerance
History
• Proposals are submitted to our central office on a more timely basis if
our policy is to not submit any received less than 5 days in advance.
• PIs are always trying to shift charges around, so we require internal
review and approval of all cost transfers.
• We don’t want an audit finding, so all administrative salaries must be
review and approved by the sponsor in advance.
• We’ve always done it this way.
8
4
HCCA Research Compliance Conference
June 5-8, 2016
Uniform Guidance:
Setting the Red and Driving the Blue Rules
Uniform Guidance
TRANSLATING INTO RED AND BLUE RULES
Uniform Guidance Objective: Provide increased flexibility for and
accountability by grantees.
What does this mean?
The Uniform Guidance focuses on the core Red Rules – what standards does
the government need to set to ensure federal awards receive the right level of
federal oversight and that waste, fraud and abuse are mitigated.
Institutions have the flexibility to determine the right Blue Rules for them to
ensure compliance with the Red Rules without hindering other institutional
objectives (such as success and growth in sponsored projects).
OLD Circulars: The letter of the law.
Uniform Guidance: The intent of the law.
10
5
HCCA Research Compliance Conference
June 5-8, 2016
Uniform Guidance
FLEXIBILITY AND CHOICE
FLEXIBILITY = CHOICE in setting your institution’s Blue Rules.
When implementing the Uniform Guidance at your institution, where do
you want to fall on the Blue Rule Spectrum?
i.e. What is your institutional compliance environment?
Soft Blue Rules
•
•
•
•
Hard Blue Rules
More ad hoc decision making and enforcement
(Possibly) Greater efficiency
Less administrative time and effort
(Possibly) Greater risk
• Less independent judgement calls
• More administrative oversight (and time and
effort)
• Less upfront audit risk (maybe)
11
Uniform Guidance
IMPLEMENTATION APPROACH
The implementation of the Uniform Guidance has many institutions
reviewing and re-evaluating their internal policies and procedures.
Ask yourself the following questions of your internal policies:
What is the nature
of the rule?
• Is this a Red or
a Blue Rule?
(Red rules
come directly
from the
Uniform
Guidance.)
• In this a
process-related
rule (Blue) or a
principle-related
rule (Red)?
What is the reason
for the rule?
• Does the rule
ensure
compliance with
the federal
regulations?
• Does the rule
make the
process easier
for your staff?
What are the consequences
of bending, or changing, the
rule?
• Will this “open
the flood
gates”?
• What are the
financial
implications?
• Is this a major
auditor red
light?
12
6
HCCA Research Compliance Conference
June 5-8, 2016
Uniform Guidance
IMPLEMENTATION APPROACH
And now think about procedures and the exception circumstances.
• When can the rule be broken?
• How can it be broken and by whom?
RED RULES
BLUE RULES
13
Implementing the Uniform Guidance:
Applying Red and Blue Rules
7
HCCA Research Compliance Conference
June 5-8, 2016
Applying Red and Blue Rules
TIME AND EFFORT REPORTING
Red Rule: Charges to Federal awards must be based on records that
accurately reflect the work performed. Records must:
• Be supported by a system of internal controls that provides reasonable
assurance about the accuracy, allowability, and proper allocation of the charges
• Be incorporated into the entity’s official records
• Reasonably reflect the total activity for which the employee is compensated by
the entity, not exceeding 100% of compensated activities, or Institutional Base
Salary
• Encompass both Federally assisted and all other activities compensated by
the institution on an integrated basis, i.e. reflect 100% of the employee’s activities
• Comply with the entity’s established accounting policies and practices
• Support the distribution of the employee’s salary and wages among specific
activities or cost objectives if the employee works on multiple activities
15
Applying Red and Blue Rules
TIME AND EFFORT REPORTING
Examples of Blue Rules:
• Institution will generate payroll activity reports on a semi-annual basis
• Reports must be certified by the individual and the principal
investigator
• All reports must be signed (in ink) and returned to the Post-Award
Office within 30 days of receipt
• Any salary on any sponsored project not supported by a signed effort
report will be transferred off the award and onto a departmental
account
So what Blue Rules (policies and procedures) should your institution
implement to be in compliance with the Red Rules?
16
8
HCCA Research Compliance Conference
June 5-8, 2016
Applying Red and Blue Rules
TIME AND EFFORT REPORTING
Policy Point: Required PI signature on all employees charging time to
the PI’s projects:
What is the nature
of the rule?
• Blue Rule – not
one required by
the UG
• Used to be
“more Red” –
suitable means
of verification
What is the reason
for the rule?
What are the consequences
of bending the rule?
• Ensure
reasonableness
and allocability
of staff salaries
• Ensure PIs are
integrated into
processes
impacting the
financial status
of awards
• Inaccurate
salary
allocation for
staff (maybe – if
payroll
distributions are
not regularly
updated)
What would you do?
17
Applying Red and Blue Rules
PROCUREMENT
Red Rule: Small purchase procedures require price or rate quotations
from an adequate number of qualified sources.
• Relatively simple and informal procurement methods for securing services,
supplies, or other property that do not cost more than the Simplified Acquisition
Threshold
• Simplified Acquisition Threshold = $3,000 - $150,000
• “Qualified Source” is not specific but is plural (great than 1)
18
9
HCCA Research Compliance Conference
June 5-8, 2016
Applying Red and Blue Rules
PROCUREMENT
Examples of Blue Rules:
• Price/rate quotations must be received directly from the Vendor
• At least 3 quotations must be obtained
• Departments submit all quotations to central procurement office for
review and approval prior to acquisition
• Procurement Cards cannot be used for purchases above $3,000 on
federal awards
So what Blue Rules (policies and procedures) should your institution
implement to be in compliance with the Red Rules?
19
Applying Red and Blue Rules
PROCUREMENT
Policy Point: All price quotations be submitted centrally for verification
and retention prior to procurement:
What is the nature
of the rule?
• Blue Rule – not
one required by the
UG
• Transitions
accountability from
investigators to
central oversight
offices
What is the reason
for the rule?
• Ensure
PIs/departments
follow the Uniform
Guidance
requirements
• Ensure institutional
ability to provide
back-up
documentation, if
required, by
sponsors/auditors
What are the consequences
of bending the rule?
• Potential audit
findings and
associated
financial
repercussions
• Process
inconsistencies
and variations
What would you do?
20
10
HCCA Research Compliance Conference
June 5-8, 2016
Applying Red and Blue Rules
SUBRECIPIENT MONITORING
Red Rule: Monitor the activities of the subrecipient to ensure that
the subaward is used for authorized purposes, in compliance with
Federal statutes, regulations, and the terms and conditions of the
subaward; and that subaward performance goals are achieved.
• Review financial and performance reports required by the pass-through entity
• Follow-up on timely and appropriate action on all deficiencies pertaining to the
subaward detected through audits, on-site reviews, and other means
• Issue a management decision for audit findings pertaining to the subaward
21
Applying Red and Blue Rules
SUBRECIPIENT MONITORING
Examples of Blue Rules:
• Require all subrecipients to complete a detailed questionnaire prior to
issuing subawards
• Require only subrecipients who do not receive a Single Audit to
complete a detailed questionnaire
• Review subrecipient financial statements on an annual basis
• Require back-up documentation (receipts and/or certified effort reports)
for all subaward invoices
So what Blue Rules (policies and procedures) should your institution
implement to be in compliance with the Red Rules?
22
11
HCCA Research Compliance Conference
June 5-8, 2016
Applying Red and Blue Rules
SUBRECIPIENT MONITORING
Policy Point: Conduct Desk Audits within your central office for all nonSingle Audit subrecipients:
What is the nature
of the rule?
What is the reason
for the rule?
• Blue Rule – not
one required by
the UG
• Increases the
scope of pass
through entity
“monitoring”
What are the consequences
of bending the rule?
• Ensure all
subrecipients
receive a
thorough review
with sponsored
programs in
mind
• Respond
consistently to all
risk evaluations
• Subrecipients
not appropriately
spending pass
through funds
• Less visibility to
appropriately
apply sanctions
What would you do?
23
Blue Rules:
Establishing Internal Controls
12
HCCA Research Compliance Conference
June 5-8, 2016
Establishing Internal Controls
THE REQUIREMENT
Maintain internal controls = Establish the right Blue Rules
Evaluate internal policies and procedures, make sure the right Blue
Rules have been implemented to integrate internal controls.
Conduct business in an orderly and efficient
manner
Safeguard assets and resources
Blue Rules
(Required reviews,
approvals, reporting,
workflow):
Deter and detect errors, fraud, and theft
Ensure accuracy and completeness of accounting
data
Produce reliable and timely financial and
management information
Ensure adherence to policies and plans
25
Establishing Internal Controls
THE CHOICE
• Remember, the Uniform Guidance is focused on setting the Red
Rules.
• Blue Rules represent a CHOICE when balancing several factors:
• But remember, you are audited against your own Blue Rules
What is your institution’s tolerance for risk (financial and compliance)?
What is the capacity of your institution’s infrastructure?
What is the culture of compliance at your institution?
How does your institution implement and accept change?
26
13
HCCA Research Compliance Conference
June 5-8, 2016
Contact Information
Contact Information
HURON CONSULTING GROUP
Matthew Staman
Managing Director
Office 312-583-8742 | Mobile 312-804-8475
[email protected]
Marisa Zuskar
Director
Office 312-880-3393 | Mobile 708-921-1917
[email protected]
28
14