ACUA Members Only Login
ACUA Strategic Partners Click the logos below for more information and special offers.

ACUA and Audimation Services, Inc.

ACUA Strategic Partner: Baker Tilly

ACUA Strategic Partner: Wolters Kluwer

ACUA Social Networking

Join ACUA on FacebookFollow ACUA on TwitterLink with ACUA on LinkedInACUA on YouTube

Advancing Auditing in Higher Education

Join ACUA Now

Contact ACUA

Association of College
& University Auditors
4400 College Blvd Suite 220
Overland Park, KS 66211 Phone: (913) 222-8663
Fax: (913) 222-8606

Governmental Affairs

Stay Updated


For real-time updates, please visit Connect ACUA. All updates will be prefaced with GAC. Information previously housed on this webpage prior to July 2017 can be found here.


May 2018 COGR Update:


The 2018 Compliance Supplement is now available.


2018 “Skinny” Compliance Supplement & Securing Student Information (Safeguards Rule)


OMB is still working on this and plans to only include significant updates to the 2017 compliance supplement. Both documents will need to be used together to guide audits.  As you’ll recall The Department of Education withdrew their initial plans to include audit objectives related to safeguarding data specific to an institution’s information security program from the 2017 compliance supplement. At this time, COGR does not believe it will be included in the 2018 skinny supplement either, but will likely be revisited for the 2019 version.


Controlled Unclassified Information


The Department of Defense issued draft guidance on April 24th on the implementation of NIST SP 800-171 security requirements with comments due May 31st. The draft guidance includes a DOD value to assess the degree of risk of unimplemented security requirements.


Single Audit Quality Reviews


The following Single Audit Quality Reviews have recently been released.  The first is an NSF OIG report on the PricewaterhouseCoopers FY 2016 Single Audit of California Institute of Technology. This report received a passing Quality Control Review rating. The second link is and NSF OIG report on the KPMB FY 2016 Single Audit of the Research Foundation of the City University of New York. This report received a pass with deficiencies Quality Control Review rating.



March 2018 COGR Update:


Federal Inspector General (IG) Audit Website:


This website was recommended in the February meeting as a resource for accessing public reports from the Federal Inspectors General who are members of the Council of the Inspectors General on Integrity and Efficiency (CIGIE). DOJ settlements, however, are not included.


2018 “skinny” Compliance Supplement


OMB is considering a “skinny” version of the 2018 compliance supplement that would focus only on significant changes from the 2017 document.


European Union General Data Protection Regulations (GDPR)


Mark Barnes, a partner with Ropes & Gray LLP made a presentation at the COGR board meeting in February on the GDPR which becomes effective May 25, 2018. His presentation can be located here:



February 2018 COGR Meeting:


The February COGR costing committee meeting consisted primarily of discussion related to a white paper the committee is drafting on Facilities & Administrative (F&A) Rates.


Audit Selection

  • The NSF OIG office is taking a look at its methodology for selecting audits and intends to focus more on higher risk areas rather than the previous focus of incurred costs. They are working on a risk scoring model to assist them in this revised focus.
  • They also are going to try to involve the OIG staff more in the external audits vs the heavy reliance they have traditionally had on the contracted auditors. The resources will have to be prioritized among these external audits while also completing the mandatory audits they are required to do.


Current Projects

  • The office has 22 ongoing audits of higher education, 1 large facility audit and 2 audits of nonprofit institutions.
  • Common findings of recent audits are related to allocability (no documentation of how cost benefited the award) in the areas of equipment purchases at the end of the award, equipment and supplies purchased by one award that have multiple uses, international travel not directly related to the award, and cost transfers near the end of the award.
  • Another common finding is related to improper allocation of indirect costs. Awardees are applying a different (higher) rate to awards than their federally negotiated rate. Also, indirect costs are being charged on direct costs that are not eligible for IDC.
  • The office has ongoing internal audits of sub-recipient monitoring and controls preventing misallocation of construction and operations funds for major facilities. Both audits involve audit work at the NSF and at individual institutions. The objective of the sub-recipient monitoring audit is to determine whether NSF’s monitoring procedures are effective in ensuring primes and pass-throughs are properly monitoring subs. The objective of the construction and operations audit is to ensure construction and operations expenses are allocated to the correct awards for 3 major facilities.


Audit Communication

  • The presenters briefly discussed the different types of audit communications listed in the slide presentation. For audits of the NSF (internal audits) they are moving more toward a “notification of findings” type of communication vs a discussion draft.
  • A slide was also presented regarding the external audit resolution process and timelines, including the process that is followed when the NSF disagrees with an OIG finding or recommendation.


Recent & Future Audits/Investigations

  • Planning an audit of NSF oversight of foreign awardees.
  • June 2017 audit issued on NSF controls to mitigate IPA conflicts of interest.
  • July 2017 investigation report issued on NSF responsible conduct of research requirements. This investigation was related to the America Competes Act requirement for awardees to provide training to post docs and students about responsible conduct in research.
  • A recent investigation resulted in $2.1 million recovery on fabricated time and effort reports. The Department of Justice is requiring a 5-year compliance plan from the institution.
  • A university recently self-reported $2.2 million accounting system error that resulted in erroneous charges to NSF awards.
  • A hotline report was investigated that resulted in $327,000 in undocumented expenses incorrectly charged to an NSF award resulting in removal of the PI and President at a community college.
  • A research foundation proactively returned $330,000 from a scholarship award that had been awarded to students that did not meet eligibility requirements.


Purpose of Governmental Affairs
(component of the Partnerships Committee)


  • Monitor changes and trends in federal regulations that affect higher education
  • Maintain liasons with relevant groups
  • Respond to promulgating bodies as appropriate
  • Keep the ACUA membership informed about proposed and final changes in federal regulations and emerging issues in various highly regulated areas of higher education
  • Serve as liaison to the Council on Governmental Regulations (COGR) and represent ACUA as a member of their Costing Policies Committee

Governmental Affairs Volunteers


Marion L. Candrea, CIA, CFE
Rutgers University
New Brunswick, NJ 08901-8559
(848) 932-3326



Erin A. Egan, CPA
Rutgers University

New Brunswick, NJ  08901-8559

(848) 932-3324



Partnerships Committee Chair:

Douglas D. Horr

Associate Vice Chancellor for Internal Audit

Vanderbilt University



Member Volunteers:


Amanda Dotson Texas A&M University System
Jason Farber University of Nebraska-Lincoln
Charlie Hrncir Texas A&M University System
Patrick McNamara Rutgers University
Donald Temple

State University of New York

Kayla Guilford Lackawanna College