ML22032A008

From kanterella
Jump to navigation Jump to search
DNFSB-22-A-05-Results of the Audit of the Defense Nuclear Facilities Safety Board'S Financial Statements for Fiscal Year 2021 Dated January 31, 2022
ML22032A008
Person / Time
Issue date: 01/31/2022
From: Feitel R
NRC/OIG
To: Connery J
Defense Nuclear Facilities Safety Board
References
DNFSB-22-A-05
Download: ML22032A008 (19)
v  d  e


Text

MEMORANDUM DATE: January 31, 2022 TO: Chair Joyce L. Connery FROM: The Hon. Robert J. Feitel Robert J. Digitally signed by Robert J. Feitel Inspector General Feitel Date: 2022.01.31 09:26:43 -05'00'

SUBJECT:

RESULTS OF THE AUDIT OF THE DEFENSE NUCLEAR FACILITIES SAFETY BOARD'S FINANCIAL STATEMENTS FOR FISCAL YEAR 2021 (DNFSB-22-A-05)

The Accountability for Tax Dollars Act of 2002 (ATDA) requires the Inspector General (IG) or an independent external auditor, as determined by the IG, to annually audit the Defense Nuclear Facilities Safety Boards (DNFSB) financial statements in accordance with applicable standards.

In compliance with this requirement, the Office of the Inspector General (OIG) contracted with Grant Thornton to conduct this annual audit. Transmitted with this memorandum is Grant Thorntons audit report. Grant Thornton examined the DNFSBs Fiscal Year (FY) 2021 Agency Financial Report, which includes financial statements for FY 2021. Grant Thorntons audit report contains the following:

Opinion on the Financial Statements; Opinion on Internal Control over Financial Reporting; and, Report on Compliance with Laws, Regulations, Contracts, and Grant Agreements.

Objective of a Financial Statement Audit The objective of a financial statement audit is to determine whether the audited entitys financial statements are free of material misstatement.

NRC Headquarters l 11555 Rockville Pike l Rockville, Maryland 20852 l 301.415.5930

An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation.

Grant Thorntons audit included, among other things, obtaining an understanding of the DNFSB and its operations, including internal control over financial reporting; evaluating the design and operating effectiveness of internal control and assessing risk; and, testing relevant internal controls over financial reporting. Because of inherent limitations in internal controls, misstatements due to error or fraud may occur and not be detected. Additionally, projections of any evaluation of any internal control to future periods are subject to the risk that the internal control may become inadequate because of changes in conditions, or due to deterioration in the degree of compliance with the policies or procedures.

FY 2021 Audit Results The results are as follows:

Financial Statements Unmodified opinion Internal Control over Financial Reporting Adverse opinion Compliance with Laws and Regulations No instances of noncompliance noted.

The OIG Oversight of Grant Thorntons Performance To fulfill our responsibilities under the ATDA and related legislation for ensuring the quality of the audit work performed, we monitored Grant Thorntons audit of the DNFSBs FY 2021 financial statements by:

Reviewing Grant Thorntons audit approach and planning; Evaluating the qualifications and independence of Grant Thorntons auditors; Monitoring audit progress at key points; Examining the working papers related to planning and performing the audit and assessing the DNFSBs internal controls; 2

Reviewing Grant Thorntons audit report to ensure compliance with Government Auditing Standards and Office of Management and Budget Bulletin No. 21-04; Coordinating the issuance of the audit report; and, Performing other procedures deemed necessary.

Grant Thornton is responsible for the attached auditors report, dated January 27, 2022, and the conclusions expressed therein. The OIG is responsible for technical and administrative oversight regarding the firms performance under the terms of the contract. Our oversight, as differentiated from an audit in conformance with Government Auditing Standards, was not intended to enable us to express an opinion, and accordingly we do not express an opinion on:

The DNFSBs financial statements; Effectiveness of the DNFSBs internal control over financial reporting; and, The DNFSBs compliance with laws, regulations, contracts, and grant agreements.

However, our monitoring review, as described above, disclosed no instances where Grant Thornton did not comply, in all material respects, with applicable auditing standards.

Meeting with the General Manager At the exit conference on January 21, 2022, representatives of the DNFSB, the OIG, and Grant Thornton discussed the results of the audit.

Comments of the General Manager In his response, the General Manager did not fully agree with the report. The full text of his response follows this report.

The DNFSBs Financial Statements The DNFSBs audited FY 2021 financial statements can be found in the agencys financial report.

We appreciate the DNFSB staffs cooperation.

Attachment:

As stated cc: Vice Chair Summers Board Member Roberson J. Biggins, General Manager O. Fawole, Chief Financial Officer 3

GRANT THORNTON LLP REPORT OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANTS 1000 Wilson Boulevard, 14th Floor Arlington, VA 222091 D +1 703 847 7500 F +1 703 848 9580 Joyce L. Connery, Chair Defense Nuclear Facilities Safety Board Hon. Robert J. Feitel, Inspector General United States Nuclear Regulatory Commission Report on the financial statements and internal control over financial reporting We have audited the accompanying financial statements of the Defense Nuclear Facilities Safety Board (DNFSB) (the Agency), which comprise the balance sheet as of September 30, 2021, and the related statements of net cost, changes in net position, and the statement of budgetary resources for the year then ended, and the related notes to the financial statements.

We also have audited the internal control over financial reporting of the Defense Nuclear Facilities Safety Board as of September 30, 2021, based on criteria established under 31 U.S.C. 3512 (c), (d) (commonly known as the Federal Managers Financial Integrity Act or FMFIA) and in Standards for Internal Control in the Federal Government, issued by the Comptroller General of the United States.

Managements responsibility for the financial statements and internal control over financial reporting Management is responsible for the preparation and fair presentation of these financial statements in accordance with accounting principles generally accepted in the United States of America; this includes the design, implementation, and maintenance of effective internal control over financial reporting relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error. Management is also responsible for evaluating the effectiveness of internal control over financial reporting based on the criteria established under FMFIA and its assessment about the effectiveness of internal control over financial reporting as of September 30, 2021, included in the accompanying Managements Report on Internal Control over Financial Reporting.

Auditors responsibility Our responsibility is to express an opinion on these financial statements and an opinion on the entitys internal control over financial reporting based on our audits. We conducted our audits in accordance with auditing standards generally accepted in the United States of America; the standards applicable to financial audits contained in Government Auditing Standards issued by the Comptroller General of the United States; and Office of Management and Budget (OMB) Bulletin 21-04, Audit GT.COM Grant Thornton LLP is the U.S. member firm of Grant Thornton International Ltd (GTIL). GTIL and each of its member firms are separate legal entities and are not a worldwide partnership.

Requirements for Federal Financial Statements. Those standards and OMB Bulletin 21-04 require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement and whether effective internal control over financial reporting was maintained in all material respects.

An audit of financial statements involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditors judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the Agencys preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances. An audit of financial statements also includes evaluating the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by management, as well as evaluating the overall presentation of the financial statements.

An audit of internal control over financial reporting involves performing procedures to obtain audit evidence about whether a material weakness exists. The procedures selected depend on the auditors judgment, including the assessment of the risk that a material weakness exists. An audit of internal control over financial reporting also involves obtaining an understanding of internal control over financial reporting and testing and evaluating the design and operating effectiveness of internal control over financial reporting based on the assessed risk. Our audit of internal control also considered the Agencys process for evaluating and reporting on internal control over financial reporting based on criteria established under FMFIA. Our audits also included performing such other procedures as we considered necessary in the circumstances.

We did not evaluate all internal controls relevant to operating objectives as broadly established under FMFIA, such as those controls relevant to preparing performance information and ensuring efficient operations. We limited our internal control testing to testing controls over financial reporting. Our internal control testing was for the purpose of expressing an opinion on whether effective internal control over financial reporting was maintained, in all material respects. Consequently, our audit may not identify all deficiencies in internal control over financial reporting that are less severe than a material weakness.

We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our financial statement audit opinion and adverse audit opinion on internal control over financial reporting.

Definition and inherent limitations of internal control over financial reporting An entitys internal control over financial reporting is a process affected by those charged with governance, management, and other personnel, designed to provide reasonable assurance regarding the preparation of reliable financial statements in accordance with accounting principles generally accepted in the United States of America. An entitys internal control over financial reporting provides reasonable assurance that (1) transactions are properly recorded, processed, and summarized to permit the preparation of financial statements in accordance with accounting principles generally accepted in the United States of America, and assets are

safeguarded against loss from unauthorized acquisition, use, or disposition, and (2) transactions are executed in accordance with provisions of applicable laws, including those governing the use of budget authority, regulations, contracts and grant agreements, noncompliance with which could have a material effect on the financial statements.

Because of its inherent limitations, internal control over financial reporting may not prevent, or detect and correct, misstatements due to fraud or error. Also, projections of any assessment of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.

A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis.

A material weakness is a deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the Agencys financial statements will not be prevented, or detected and corrected, on a timely basis. A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.

Opinion on the financial statements In our opinion, the financial statements referred to above present fairly, in all material respects, the financial position of the Defense Nuclear Facilities Safety Board as of September 30, 2021, and its net cost, changes in net position, and budgetary resources for the year then ended, in accordance with accounting principles generally accepted in the United States of America.

Basis for adverse opinion on internal control over financial reporting The following material weakness has been identified and included in the accompanying schedule of findings as Item I. Lack of Appropriate Management Controls over Financial Reporting.

We considered the material weakness identified above in determining the nature, timing, and extent of audit procedures applied in our audit of the 2021 financial statements, and our adverse opinion on internal control over financial reporting does not affect our opinion on the financial statements.

Adverse opinion on internal control over financial reporting In our opinion, because of the effect of the material weakness described in the Basis for adverse opinion, we also identified deficiencies in the Agencys internal control over financial reporting that we do not consider to be material weaknesses or significant deficiencies. Nonetheless, these deficiencies warrant managements attention. We have communicated these matters to management and, where appropriate, will report on them separately.

Other matters 2020 Financial Statements The financial statements and internal control of the Defense Nuclear Facilities Safety Board as of and for the year ended September 30, 2020 were audited by other auditors. Those auditors report, dated December 16, 2020, expressed an unmodified opinion on those 2020 financial statements and an unmodified opinion on internal control.

Required supplementary information Accounting principles generally accepted in the United States of America require that the information in Managements Discussion and Analysis and the schedule of budgetary resources be presented to supplement the basic financial statements. Such information, although not a required part of the basic financial statements, is required by the Federal Accounting Standards Advisory Board and OMB Circular A-136, Financial Reporting Requirements, which consider it to be an essential part of financial reporting for placing the basic financial statements in an appropriate operational, economic, or historical context. Management is responsible for preparing, measuring, and presenting the required supplementary information in accordance with accounting principles generally accepted in the United States of America. We have applied certain limited procedures to the required supplementary information in accordance with auditing standards generally accepted in the United States of America. These limited procedures consisted of inquiries of management about the methods of preparing the information and comparing the information for consistency with managements responses to our inquiries, the basic financial statements, and other knowledge we obtained during our audit of the basic financial statements. We do not express an opinion or provide any assurance on the information because the limited procedures do not provide us with sufficient evidence to express an opinion or provide any assurance.

Other information Our audits were conducted for the purpose of forming an opinion on the basic financial statements as a whole. The Table of Contents, Message from the Chair, Message from the General Manager, Message from the Chief Financial Officer, Inspector Generals Letter Transmitting Independent Auditors Report, Managements Response to Independent Auditors Report and Other Information sections are presented for purposes of additional analysis and are not a required part of the basic financial statements. Management is responsible for preparing and presenting other information included in documents containing the audited financial statements and auditors report, and for ensuring the consistency of that information with the basic financial statements and the required supplementary information. We read the other information in order to identify material inconsistencies, if any, with the basic financial statements. Such information has not been subjected to the auditing procedures applied in the audit of the basic financial statements, and accordingly, we do not express an opinion or provide any assurance on it.

Report on compliance with laws, regulations, contracts, and grant agreements and other matters As part of obtaining reasonable assurance about whether the Agencys financial statements are free from material misstatement, we performed tests of its compliance

with certain provisions of laws, regulations, contracts, and grant agreements consistent with the auditors responsibility discussed below, in accordance with Government Auditing Standards. Noncompliance may occur that is not detected by these tests.

Managements responsibility Management is responsible for complying with laws, regulations, contracts, and grant agreements applicable to the Agency.

Auditors responsibility Our responsibility is to test compliance with selected provisions of applicable laws, regulations, contracts, and grant agreements, noncompliance with which could have a direct and material effect on the financial statements, and perform certain other limited procedures. We did not test compliance with all laws, regulations, contracts, and grant agreements.

Results of our tests of compliance with laws, regulations, contracts, and grant agreements The results of our tests disclosed no instances of noncompliance or other matters that are required to be reported under Government Auditing Standards. However, the objective of our tests was not to provide an opinion on compliance with laws, regulations, contracts, and grant agreements applicable to the Agency. Accordingly, we do not express such an opinion.

Agencys response to findings The Agencys response to our findings, which is described in the accompanying Managements Response to Findings and Recommendations, was not subjected to the auditing procedures applied in the audit of the financial statements, and accordingly, we express no opinion on the Agencys response.

Intended purpose of report on compliance with laws, regulations, contracts, and grant agreements The purpose of this report is solely to describe the scope of our testing of compliance and the results of that testing, and not to provide an opinion on compliance. This report is an integral part of an audit performed in accordance with Government Auditing Standards in considering compliance. Accordingly, this report is not suitable for any other purpose.

Arlington, Virginia January 27, 2022

Schedule of Findings I. Material Weakness - Lack of Appropriate Management Controls over Financial Reporting Criteria:

In accordance with OMB Circular A-123 Managements Responsibility for Internal Control, issued under the authority of FMFIA and the Government Performance and Results Modernization Act, management is responsible for establishing and maintaining internal controls to achieve reliable financial reporting. According to the U.S. Government Accountability Office (GAO) Standards for Internal Control in the Federal Government (Green Book), management is responsible for implementing and evaluating its internal control system, including internal controls, to meet reporting objectives related to the preparation of reports for use by the Agency, its stakeholders, or other external parties.

According to GAOs Green Book, management should design control activities over the information technology infrastructure to support the completeness, accuracy, and validity of information processing. When appropriately designed and implemented, Segregation of Duties (SOD) and logical access controls protect systems from unauthorized use. Logical access controls/SOD controls require users to authenticate themselves while limiting the data and other resources that authenticated users can access and actions they can execute.

The following control weaknesses were noted related to the Agencys financial reporting process, which when considered in combination result in the reasonable possibility that a material misstatement of the DNFSBs financial statements will not be prevented or detected and corrected on a timely basis:

1. Reviews of the Service Organization Controls Reports Condition:

We inquired with DNFSB management regarding its process for reviewing the National Finance Center's (NFC) Service Organization Controls (SOC 1) Report over its Payroll and Personnel Systems. We noted the DNFSB does not have a process implemented to receive and review the SOC 1 report on an annual basis. Therefore, the DNFSB does not assess the SOC 1 report to identify control deficiencies or to determine whether the DNFSB has relevant Complementary User Entity Controls (CUECs) in place. Additionally, we inquired with DNFSB management regarding its process for reviewing the United States Department of Agriculture (USDA) SOC 1 report for the financial reporting services provided. We noted the DNFSB performs a review of the SOC 1 report and has implemented CUECs to address risks related to this relationship; however not all of the CUECs are effective to achieve the objective of the control and management does not retain evidence supporting its review of the SOC 1 report.

Cause:

The DNFSB did not identify the review of the NFCs SOC 1 report as a necessary control to ensure the DNFSBs payroll related risks are mitigated. Additionally, the

DNFSB did not design its review process for the USDA SOC 1 report to retain evidence of the reviews and approvals performed by management. Furthermore, some of the controls identified as CUECs were not effective.

Effect:

Managements lack of monitoring of the processes performed by the NFC may result in DNFSB management failing to identify unmitigated risks within its information system and implementing its own controls in response to those risks, e.g., CUECs.

Additionally, by not documenting the review of the SOC 1 report, or ensuring all CUECs are effective, there is a higher risk that misstatements will not be prevented or detected.

2. Information Technology Access and Segregation of Duties Condition:

Symplicity1 is used by DNFSB management to track financial transactions for comparison with the information recorded by the USDA within the DNFSBs general ledger system (Pegasys). We noted the DNFSB did not have comprehensive defined segregation of duties and access controls in place for users with access to the Agencys financial information. More specifically, seven (7) out of seven (7) DNFSB users with access to Symplicity were granted super user roles to the application allowing them unrestricted access to view and update the financial data. These users activity was not logged or reviewed. Additionally, the users access was not reviewed or recertified for continued appropriateness on a defined frequency.

Cause:

The DNFSB has not developed and implemented formal policies and procedures for controlling access to the Agencys Symplicity system.

Effect:

Failure to define and implement policies and procedures around user access provisioning, recertification, and segregation of duties constraints for user roles in the Symplicity system may allow users to maintain inappropriate access. This inappropriate access increases the risk that unauthorized changes could be intentionally or unintentionally made to the data maintained for reconciliation to the general ledger system (Pegasys).

3. Management Lacks Proper Review of Property Condition:

As part of our walkthroughs over financial reporting and property, we noted that managements review of internal controls over the quarter 3 financial statements and the Capitalized Property Listing did not identify the acquisition cost of a significant property addition, which occurred in a prior year, and was omitted from the General Property, Plant, and Equipment, Net balance. Additionally, we noted the related accumulated depreciation was recognized for the asset acquired and netted against the remaining General Property, Plant, and Equipment assets, while the acquisition costs were not reflected. Per further inquiry, the cost of the asset was not recorded 1 Symplicity is an external fee for service application used by DNFSB to perform reconciliations and identify potential accounting adjustments

since its acquisition in FY 2018. Furthermore, after inspection of the internal control over monthly depreciation calculations and related support provided, we noted the omission was identified and brought to managements attention as early as May 2021, but management did not resolve the issue in a timely manner. Per inspection of the September capital asset listing and September 30, 2021 balance reported for General Property, Plant, and Equipment on DNFSBs financial statements, the date placed in service was modified and the asset was fully depreciated as of the end of Fiscal Year 2021. The effect of this change was accurately reflected in the balance of General Property, Plant, and Equipment as of September 30, 2021.

Cause:

DNFSB managements review process did not detect and correct the potential misstatement within their financial statements in a timely manner. Additionally, DNFSB management communicated that the acquisition cost was not finalized, although, as stated in the condition, the related accumulated depreciation was reported.

Effect:

The omitted acquisition cost resulted in an understatement of the General Property, Plant and Equipment, Net balance reported on the DNFSBs financial statements by the amount of the acquisition cost; and an overstatement of Gross Costs in the reporting period the asset was acquired. The omission effectively created a negative asset balance. Although the balance was corrected as of September 30, 2021, if not remediated, this internal control deficiency could lead to additional misstatements of the General Property, Plant, and Equipment, Net balance in future fiscal years.

4. Lack of Payroll Reconciliation Condition:

Per inquiry with DNFSB Finance Team, we noted that for FY 2021, the DNFSB did not have a reconciliation process in place that compares the payroll information provided by the NFC to the payroll expenses recorded as a component of the DNFSBs Gross Costs within the general ledger. Although management stated there was no reconciliation of payroll expenses in response to our inquiry, it was noted that DNFSB management reviews the employee listings for names and position titles, and also reconciles the disbursements for payroll to the SF-224 report. However, there is no reconciliation in place comparing the payroll information provided by NFC to the data feeding the general ledger account ultimately informing the Gross Costs line item on the Statement of Net Cost.

Cause:

While reconciliation controls over payroll are in place, the DNFSB reconciliations are not sufficiently designed to address the risks associated with the completeness and accuracy of payroll expense transactions.

Effect:

Payroll expenses represent a significant portion (averaging 65-75%) of the Gross Costs and liabilities reported on the DNFSBs financial statements. Lack of a payroll reconciliation performed between data provided by the NFC, and the expenses

recorded in the DNFSB's general ledger, can result in an increased risk that the payroll related Gross Costs are not properly stated in the financial statements.

5. Imputed Financing Estimates and Lack of Documentation Condition:

The DNFSBs Imputed Costs consists of both employee benefits and office space utilized but not paid for by the DNFSB. Through inspection of documentation provided by DNFSB Management related to Imputed Costs, we identified that the benefits portion of Imputed costs reported in FYs 2020 and 2021 were derived by calculating the change between the prior two fiscal years and then adding the difference to the prior year total to arrive at the current year amount. The FY 2021 rent component was calculated utilizing approximately 2% (based on the prior two years projected rent rate increases).

Therefore, the updated FY 2021 Office of Personnel Management (OPM) Cost benefit factors for FY 2021 occupancy and price per square foot data were not considered when determining the amount of Imputed Costs to report in the DNFSBs financial statements. The DNFSB could not provide additional documentation or explanations on the methodology utilized.

The DNFSB does not maintain the information to properly determine the imputed costs balance at year-end. This information is currently only held with their service provider (NFC). Additionally, DNFSB management does not perform an adequate review of the calculation prepared by the accountant to identify errors.

Cause:

The DNFSB has not developed formal policies and procedures detailing how to properly calculate Imputed Costs.

Effect:

Without consideration for updated guidance and cost factors provided by the OPM for changes in staffing levels, basic pay, and benefits elections impacting the calculation of the benefits portion of Imputed Costs, or consideration of occupancy and rent increases impacting the rent component of Imputed Costs, there is an increased risk that imputed financing/costs are materially misstated within the DNFSBs Financial Statements.

6. Unfunded Leave Liability Condition:

As part of our audit procedures, we obtained the leave liability report as of September 30, 2021, from the NFC, which represents the amount the DNFSB would have to pay to each employee based on their unused leave. We compared the amount of

$1,652,564 reported in the leave liability report, which reflects the most accurate and relevant source for this liability, to the amount recorded by the DNFSB of $1,477,520.

The resulting difference is $175,044.

Cause:

Management did not consider the leave liability report to determine the amount of the unfunded leave liability with an appropriate amount of precision as of September 30, 2021.

Effect:

Managements process to determine the estimate for the unfunded leave liability resulted in a misstatement, as it did not account for all possible factors that could cause a change to the balance such as employees using more or less leave during the year. As of September 30, 2021, we determined the unfunded leave liability balance included on the federal employee and veterans benefits payable line of the Balance Sheet and gross costs on the Statement of Net Costs to be understated by

$175,044.

7. Financial Statement Preparation Condition:

Through testing of the year-end financial statements, we noted the following conditions:

  • The draft Balance Sheet was presented following the new Balance Sheet Template from the most recent OMB Circular A-136, however the balances reported for Liabilities were not presented comparatively between FY 2020 and FY 2021 as required per the circular;
  • The draft Statement of Changes in Net Position for FY 2021 included misstatements in the beginning and ending balances for Unexpended Appropriations and Cumulative Results of Operations;
  • The draft Liabilities Not Covered by Budgetary Resources note did not adequately identify and describe the specific liabilities not covered by budgetary resources, or accurately show the comparative balances for FY 2020 and FY 2021;
  • The draft Other Liabilities note did not accurately show the comparative balances for FY 2020 and FY 2021;
  • The draft Explanation of Differences Between the Statement of Budgetary Resources and the Budget of the US Government note did not adequately explain the differences identified within the note; and
  • The draft Reconciliation of Net Cost to Outlays note did not explain the purpose, nature, and significant line items in the reconciliation.

Cause:

The DNFSB does not have appropriate processes or controls in place, including monitoring of its service organization, to prevent, or detect and correct, misstatements to draft financial statements or related note disclosures, including deviations from the OMB A-136 requirements on a timely basis.

Effect:

If not corrected, the conditions noted above would have resulted in deviations from the requirements of OMB A-136 and misstated financial statement line items and related note disclosures.

Recommendations DNFSB management should consider taking all necessary actions to establish an appropriate internal control structure including the following:

1. Reviews of the Service Organization Controls Reports We recommend the DNFSB implements policies and procedures to perform monitoring of the NFC, including obtaining and reviewing the SOC 1 report and appropriately implementing CUECs, as needed. Management should maintain evidence of its review of the USDA SOC 1 report and ensure all CUECs are implemented and operate effectively.
2. Information Technology Access and Segregation of Duties We recommend the DNFSB defines and implements access and segregation of duties controls to:

2 a. Provision and periodically recertify user access to Symplicity, 2 b. Segregate the duties of users with access to the financial data in Symplicity.

3. Management Lacks Proper Review of Property 3 a. We recommend that DNFSB management implements a process to perform a more detailed review of the General Property, Plant, and Equipment, Net balance on their financial statements, as well as further develops controls to ensure the accuracy and completeness of the asset related financial data.

3 b. We recommend that DNFSB management implements a process to ensure that acquisition costs are reported at the time the asset is placed in service and capitalization has started, especially if there is a significant impact to the reported balance.

4. Lack of Payroll Reconciliation We recommend DNFSB management implements and documents monitoring controls to ensure all payroll related expenses from the pay files are properly and accurately recorded in the general ledger.
5. Imputed Financing Estimates and Lack of Documentation We recommend the DNFSB implements policies, procedures, and controls to ensure calculated imputed costs are reasonable and supportable.
6. Unfunded Leave Liability We recommend DNFSB management utilizes information more directly relevant to the line item, as available, such as on the leave liability report, in order to determine the unfunded leave liability amount to be recorded as of year-end.
7. Financial Statement Preparation DNFSB management should enhance its review control processes and monitoring over the compilation and preparation of the DNFSBs year-end financial statements to prevent and/or timely detect errors to their financial statements and the related note disclosures. The reviews of the financial statements and related note disclosures should be completed considering the latest requirements of OMB A-136.

Status of Prior Year Findings The financial statements and internal control of the Defense Nuclear Facilities Safety Board as of and for the year ended September 30, 2020 were audited by other auditors. Those auditors report, dated December 16, 2020, expressed an unmodified opinion on those 2020 financial statements and an unmodified opinion on internal control over financial reporting.

FY 2020 Significant FY 2020 Current Status Deficiency Recommendations

1. Notes to the financial 1. Develop a plan to 1. Condition #1 will not statements were not prepared as improve the financial be recurring for FY 2021 part of the June 30, 2020 (interim) reporting controls and as the DNFSB is not a reporting. process, including significant entity per identifying and training OMB A-136, or subject
2. The June 30, 2020 Fund back up staff, so that to the Chief Financial Balance with Treasury financial statements and Officers Act of 1990 and Governmentwide Accounting the related notes are not required to prepare (GWA) to general ledger properly prepared and notes on their interim reconciliation was not prepared. reviewed at interim and statements.

year-end on a timely basis;

3. The June 30, 2020 capitalized and 2. Condition #2 will not assets to general ledger be recurring for FY 2021 reconciliation was not performed 2. Prepare and review all as the GWA to general adequately as it was missing the key financial statement ledger reconciliation is Fiscal Year 2019 and FY 2020 reconciliations on a the responsibility of Property Plant and Equipment monthly basis. DNFSBs service (PP&E) additions. provider, USDA, and per our evaluation of the
4. The September 30, 2020 SOC 1, this control was capitalized assets to general tested without exception ledger reconciliation included all by the service auditors.

PP&E additions but did not include depreciation expense or 3. Conditions #3 & 4 accumulated depreciation for FY20 were not fully additions. remediated in the current year. From our

5. The September 30, 2020 attempts to reconcile the financial statements and notes capital property listing to provided by DNFSB were not the General Property, adequately reviewed by DNFSB Plant and Equipment, on a timely basis as the financial net as of June 30 and statements did not properly September 30, 2021 we account for prior year audit noted unidentified and adjustments, had footing and unresolved errors that rounding errors, and other errors were included in the which the prior year auditor material weakness.

communicated to DNFSB and DNFSB corrected. Furthermore, 4. Condition #5 will be there were multiple versions of the recurring as a result of financials provided and the agency errors we identified from financial report (AFR) was not our initial inspection of provided until December 2, 2020 the September 30, 2021 which delayed the audit. financial statements and notes.

Grant Thornton response to agency response to findings The Agencys response to our findings, which is described in the accompanying Managements Response to Findings and Recommendations, was not subjected to the auditing procedures applied in the audit of the financial statements, and accordingly, we express no opinion on the Agencys response. The comments and rationale provided by management did not impact our final conclusions including the severity of the findings presented. We evaluated the additional context provided by the DNFSB in DNFSB Comments on the 2021 Financial Statement Audit and the attached Comments on OIG Discussion Draft Report below. Our audit report was drafted in accordance with professional standards as described in the Report of Independent Certified Accountants, above. Certain Notice of Findings and Recommendations (NFRs) presented to management are not included in our report as they were not evaluated to meet the criteria to include in the Schedule of Findings, either individually or in aggregate with other findings, and will be included in a separate letter to management.

Managements Response to Findings and Recommendations DEFENSE NUCLEAR FACILITIES SAFETY BOARD Washington, DC 20004-2901 DNFSB COMMENTS ON THE 2021 FINANCIAL STATEMENT AUDIT We are pleased to have completed another annual independent review of our financial statements and internal financial controls. The independence of the review is essential to determine the integrity of our financial reporting and provide insights to risks in our internal financial controls in an effort to prevent and detect waste, fraud, or abuse of the financial resources entrusted to our agency. We agree with the conclusion of an unmodified clean audit opinion of our financial statements. While the audit confirmed for us risks in our internal financial controls, it also highlighted the difference we experience in managing a micro agency as compared to a CFO Act agency. Where larger agencies have the staff, formality, and sophistication to implement their multitude of financial controls over their larger budgets, our small budget requires a manual reconciliation of our ledgers, heavy reliance on outside service providers, and informal staff communications as part of our financial system controls. In some instances, the audit finds that our lack of sophistication is a deficiency that in aggregate the audit determines is a material weakness. However, the application of a large agency standard to a micro agency fails to recognize that when you know the name of every person in the agency and can walk down the hall to coordinate on any issue without writing a memo to file, the small size of the agency is also a strength and a control itself and provides the senior leadership visibility into all issues, large and small.

The attached specific comments on the draft audit report provide the key disagreements with the audit and its findings. What the comments do not include is the tremendous burden experienced during this audit compared to previous years. The tally of provided by client items, questions, and follow up requests this year was double that of prior years. Reliance on our service providers to generate requested reports contributed to part of the auditors delay of completion of this audit, but we do not believe justified extension into the second quarter of the subsequent fiscal year. Despite these procedural difficulties our financial management staff maintained their professionalism and focus to support the extensive effort behind this audit.

January 26, 2022 James Biggins General Manager

DEFENSE NUCLEAR FACILITIES SAFETY BOARD (DNFSB)

Comments on OIG Discussion Draft Report:

Independent Auditors Report of the Defense Nuclear Facilities Safety Board (DNFSB) FY 2021 Financial Statements Pag Reviewer Comment Rationale e

1. 3 Division of Suggest including the terminology that DNFSB To add more clarity to Budget and received unmodified clean audit opinion in the the audit report Finance opinion on the financial statements paragraph.
2. 3 Division of DNFSB disagrees with the term "material weakness" To align audit report to Budget and in the Basis for adverse opinion session. We have factual information Finance proven and confirmed that management reviewed various reports and responded to emails. We disagree with the auditors stance that an email response confirming receipt is insufficient to prove review. DNFSB has a small staff who meet regularly to discuss items, and may not necessarily confirm every action on email.

This finding should be withdrawn.

3. 7 Division of We dont necessarily agree that we need to To align audit report to Budget and segregate duties for user roles because DNFSB is a factual information Finance small agency with limited staff. There is a mechanism in Symplicity to track who enters information in the system. While others have access, we can verify that only two staff enter information.

The system can track and produce a report of changes made to data. The finding assumes that not all of our small staff need their access and presumes that we have a large enough number of staff to differentiate between roles.

This portion of the finding should be withdrawn.

4. 8 Division of We agree with the finding related to the resolution To align audit report to Budget and of this issue, but as the auditors note, the factual information Finance omission of the cost from the General Property, Plant, and Equipment, net balance of this property addition occurred in FY 2018. This reflects an internal control deficiency at that time but not necessarily justifying the recommendation

for a new internal control to ensure that acquisition costs are reported at the time the asset is placed in service and capitalization has started.

The part of the finding related to the 2018 internal control weakness should be withdrawn.

5. 6- Division of Please update NFRs 1-9 with the language in the To align audit report to 10 Budget and signed NFRs that was agreed to by management and signed NFRS.

Finance auditors. The CONDITION, CAUSE, EFFECT and RECOMMENDATION for each NFR needs to be updated including the additional two NFRs not included in the current report.

6. 10 Division of DNFSB disagrees with the Financial Statements To align audit report to Budget and Preparation finding. The financial statements and factual information Finance other documents sent to the auditors ahead of the completion of the audit process are DRAFT documents not FINAL. DNFSB has worked with the auditors to consider their proposed changes and corrections, but providing draft documents to the auditors for review should not result in a finding, nor is it inconsistent with any accounting standard.

Rather, providing draft documents is a normal part of the audit process. If changes to a draft document merit a finding, the process would result in a finding every fiscal year.

This finding should be withdrawn.

7. 3 General Because the auditors determine a material weakness To align the audit Manager in the internal financial controls that is based in part conclusion with the on incorrect conclusions regarding the agency definition of material internal controls, the determination should be weakness.

withdrawn. Separately, the degree of the risks identified do not amount to a material weakness, The facts behind the and at most, in aggregate, amount to a significant risk deficiency pursuant to the applicable definitions. conclusions/findings do Therefore, the determination of a material weakness not support the degree should be withdrawn. of auditor judgment exercised to determine The determination of the material weakness should a material weakness be withdrawn and the identified risks should be based on an reclassified at a lower risk level. aggregation of risks.

Retrieved from "https://kanterella.com/w/index.php?title=ML22032A008&oldid=3423902"