Provider Relief Fund: What does an audit mean to me?

By Venson Wallin, CPA, CGMA, CFE, CHC, CHFP, FHFMA, HCISPP

Venson Wallin (vwallin@bdo.com) is Managing Director, National Healthcare Compliance and Regulatory Leader at BDO in Chesterfield, VA.

Over the course of 2020, many providers received numerous rounds of Provider Relief Fund (PRF) money though the Coronavirus Aid, Relief, and Economic Security Act[1] as well as though the Coronavirus Preparedness and Response Supplemental Appropriations Act[2] and the Families First Coronavirus Response Act.[3] While these funds were eagerly received as a means of offsetting significant declines in operations as a result of the pandemic, providers in many cases were also agreeing to be the subject of audits on their use of the funds. A lot of those same providers have never been through an audit before and are not sure what to expect. Over the course of this article, we will discuss what an audit means and some of the issues to plan for in preparation for one.

What is an audit?

For many providers, the PRF audits will be the first time they are being audited, and that can be quite unnerving. Uncertainties such as what documentation one needs, what kind of questions the auditors ask, how long it takes, and what type of report the auditors provide are all issues that anyone who has not had an audit faces. The truth is that the types of audits that providers will be facing associated with PRF requirements are different than traditional financial statement audits, where auditors examine comprehensive documentation, such as general ledgers, individual transactions, and contracts, in order to provide an opinion on the financial results and position of the organization. The PRF audits will be singularly focused on the usage of the PRF during the period being examined (i.e., January 1, 2020, through December 31, 2020, and/or January 1, 2021, through June 30, 2021).

The PRF instructions state that any distribution exceeding $750,000 will require a single audit;[4] so what is a single audit? What many refer to as a “Yellow Book audit,” a single audit is one that is performed according to 45 C.F.R. Part 75 Subpart F—the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for the U.S. Department of Health & Human Services Awards.[5] The single audit must be performed in accordance with generally accepted government auditing standards, which are issued by the Government Accountability Office and are commonly referred to as the Yellow Book.[6] These standards include guidance on independence, required audit procedures and processes, continuing professional education requisites, supervisory guidelines, and quality control procedures. Auditors must meet all of these standards when performing an audit or risk being sanctioned by the federal government for failure to meet minimum standards. The Compliance Supplement Addendum specifically addressing the single audit requirements of the PRF can be found at whitehouse.gov.[7]

Timing

Traditionally, single audits have been due within nine months of the end of the audit period and have included financial statement audits. For June 30 fiscal year-ends, for example, that would mean the single audit would be due March 31 of the following year. Per the 2020 Compliance Supplement Addendum, however, for organizations with fiscal year-ends prior to December 31, 2020, the single audit requirement will be deferred until their fiscal 2021 year-end. Typically, single audits include both the financial statements of the auditee and the Schedule of Expenditures of Federal Awards. The PRF audits, however, may be different in that a number of PRF recipients do not have annual audits performed, so the first single audit may be limited to the PRF report required for the period ending December 31, 2020 (the first reporting period as required by the PRF instructions) in the form of a program-specific audit. As a result, it may be due September 30 of the following year.

Applicability

Nonprofit organizations meeting the $750,000 threshold will likely be required to have a single audit performed. For-profit organizations, for which single audits would be new, may choose between a single audit or a financial audit in accordance with the generally accepted government auditing standards.

Thresholds

Traditionally, auditors have looked at all governmental program funds that are closely related as a cluster of funds that are considered as one major program for threshold determinations (i.e., $750,000). This would mean that even if an organization received less than $750,000 in PRF, if it also received other similar funds in another distribution, it may meet the major program threshold if the sum of all of the similar funds exceeds $750,000.

Schedule of Expenditures of Federal Awards

It is designed to contain all of the activity related to the federal award. In the case of the PRF, this will include both the calculation of lost revenue and the COVID-19–related expenses by type of expense.

Internal control

Historically, single audits have included a review of internal controls that the organization is required to implement related to the federal program funds. These internal controls include the following components.[8]

  • Control environment: Policies and procedures that establish a foundation for the organization to implement internal controls.

  • Risk assessment: Process by which the organization determines the likelihood that an action occurs that will adversely affect the organization.

  • Control activities: Actions designed to mitigate the occurrence of adverse events affecting the organization.

  • Information and communication: Ongoing process of distributing information in support of the control activities and other internal control activities that contribute to the control environment and the organization’s goals.

  • Monitoring: Continual assessment of each of these components to determine how effectively they are being implemented on a consistent basis.

A lot of organizations receiving PRF, while having never received a financial statement audit, have also not focused on a complex system of internal controls. As a result, requiring a traditional internal review assessment as part of the single audit may not be feasible. Instead, the Compliance Supplement Addendum addresses compliance with laws and regulations, both in general and specifically related to the PRF, and while an opinion on compliance may not be required, auditors should consider compliance with such as part of their review.

What are the issues addressed in an audit, and what do I need to do?

So now that we know what an audit is, what specific issues are to be addressed during the audit? In the case of a PRF single audit (or a financial audit for those for-profit organizations choosing such), the audit will focus on the lost revenue calculation and the COVID-19–related expenses. Below are some key issues to be addressed as part of the single audit (or financial audit).

Lost revenue

The lost revenue calculation, by definition, is meant to represent the change in net patient service revenue year over year (January 1, 2020, to December 31, 2020, compared to January 1, 2019, to December 31, 2019). Reporting is to include each quarter within the time period. Auditors are likely to focus on the following areas:

  • Agreeing net patient service revenue by quarter to the amounts recorded in the general ledger/financial statements.

  • Ensuring that the net patient service revenue represents gross patient service revenue net of contractual adjustments and bad debts.

  • Reviewing the net patient service revenue does not include any settlements or receipts from third parties for patient care for any period outside of 2019 and 2020.

  • Evaluating the net patient service revenue calculation to ensure it does not include other operating revenue or any other revenue not related to patient care.

  • Assessing net patient service revenue to make sure it includes fundraising activity that is related to patient care.

COVID-19–related expenses

COVID-19–related expenses for the period from January 1, 2020, though December 31, 2020, are to be accumulated by expense type and reported. Again, reporting is for the year as a whole but is to be reported for each quarter. In the case of expenses, auditors will most likely concentrate on the following:

  • Agreeing expenses on the statement to the general ledger/financial statements or, if only a portion of overall expenses for that type, to a statement breaking down expenses between COVID-19–related expenses and non-COVID-19–related expenses that agrees to the general ledger/financial statements in total.

  • Analyzing year-over-year (2020 vs. 2019) expense variations by type to identify significant fluctuations in annual expenditures.

  • Verifying that any expense included on the statement has not been reimbursed by other sources, such as the following:

    • Paycheck Protection Program

    • Federal Emergency Management Agency’s Coronavirus Aid, Relief, and Economic Security Act

    • Coronavirus Aid, Relief, and Economic Security Act testing

    • Local/state/tribal government assistance (including state Medicaid Coronavirus Aid, Relief, and Economic Security Act monies)

    • Business insurance

    • Any other assistance

  • Examining the detail support, potentially through sampling, for each of the types of expenses included on the statement, to ensure they are incremental to normal operations or directly COVID-19 related, including the following:

    • Healthcare-related expenses: Looking at invoices or other documentation supporting expenses directly related to patient care, such as incremental purchases or services associated with personal protective equipment, sterilization procedures, etc.

    • General and administrative: For recipients of more than $500,000 in aggregate PRF payments, organizations must provide a further expense breakdown of the following:

      • Personnel. Time cards, payroll registers, or other form of documentation supporting the time worked in excess of normal work hours for company personnel (excludes time by personnel redeployed to another COVID-19 responsibility if work hours have not changed), invoices for contract personnel that were necessary to address capacity needs resulting from COVID-19, and calculations of bonuses meant to reward staff for COVID-19–related efforts.

      • Utilities. Invoices demonstrating excess utilities expenditures for facilities, equipment, etc. that were deployed to address COVID-19 needs.

      • Supplies. Invoices associated with incremental supplies purchased to address specific COVID-19 needs.

      • Equipment. Invoices or contracts related to the purchase of fixed assets that assisted or assist the organization in preparing for and/or addressing COVID-19 needs, with the entire amount being includable should the expenditure be COVID-19 related.

      • Mortgage/rent. Bills, contracts, or lease arrangements that support mortgage or rent payments for facilities that were required to be obtained to address capacity and/or patient care needs as a result of COVID-19.

Summary

For those new to the audit world, audits can be quite intimidating. The unknown of what audits are and how they are conducted can spark many questions on the part of audit novices. The important note to keep in mind for single audits and/or financial audits is that as long as organizations follow basic internal control design (segregation of duties, controls over cash deposits and expenditures, compliance with laws and regulations) and there is supporting documentation and policies and procedures supporting revenue and expenses in the general ledger, then the audit should proceed smoothly.

Single audits and/or financial audits themselves will focus on the specifics of the PRF statements. Lost revenue and COVID-19–related expenses will be reviewed for supporting documentation. Compliance with the instructions associated with the PRF and laws and regulations in general will be assessed.

As organizations begin to file their reports when the filing portal opens (originally intended for January 15, 2021, however, as of January 15, 2021, the portal was limited to provider registration, and actual reporting was extended until further guidance is issued by the Health Resources and Services Administration), they should definitely keep in mind how they will support the components of the report once an audit begins. While this article has focused on single audits and financial audits, organizations should keep in mind that just because they do not meet the $750,000 threshold, they will likely not be exempt from an audit. Those receiving significant amounts of PRF money may still be subject to U.S. Department of Health & Human Services audits, which, while not necessarily performed in accordance with the generally accepted government auditing standards, may mirror many of the steps performed in conducting a single audit or financial audit. Additionally, states that have distributed Coronavirus Aid, Relief, and Economic Security Act funds to organizations may require audits of the distributions themselves, again in a manner consistent with single audits or financial audits.

Bottom line is this: Audits are not something to be feared as long as you are prepared. Auditors are not there to play a “gotcha” game; rather, their goal is to ensure you have complied with all of the instructions required of you in conjunction with the receipt of the PRF money. Focus on doing the right thing and documenting your decisions as you go, and the audit itself should be painless. Preparation is the name of the game!

Takeaways

  • Organizations receiving Provider Relief Fund money in excess of $750,000 may be required to obtain a single audit or financial audit of Provider Relief Fund activity.

  • Those receiving less than $750,000 may still be subject to U.S. Department of Health & Human Services audits.

  • Organizations should ensure that COVID-19–related expenses are either incremental or new expenses related to COVID-19 needs, over and above the normal operating expenditures.

  • For those organizations new to audits, the key to a successful audit is preparation.

  • Organizations should review the Compliance Supplement Addendum, as it will dictate the exact guidelines for auditors to use.

 
2 Coronavirus Preparedness and Response Supplemental Appropriations Act, Pub. L. No. 116-123, 134 Stat. 146 (2020).
3 Families First Coronavirus Response Act, Pub. L. No. 116-127, 134 Stat. 178 (March 18, 2020).
4 U.S. Department of Health & Human Services, “General and Targeted Distribution: Post-Payment Notice of Reporting Requirements,” January 15, 2021, https://bit.ly/2M6hDjg.
545 C.F.R. § 75.501 .
6 United States Government Accountability Office, Comptroller General of the United States, Government Auditing Standards, 2018 Revision, GAO-18-568G, July 2018, https://bit.ly/2XGWn6s.
7 Executive Office of the President, Office of Management and Budget, “ 2 CFR Part 200, Appendix X I: Compliance Supplement Addendum,” December 2020, https://bit.ly/38XXc16.
8 United States Government Accountability Office, Comptroller General of the United States, Standards for Internal Control in the Federal Government, GAO-14-704G, September 2014, https://bit.ly/3qmkyTX.
1 Coronavirus Aid, Relief, and Economic Security Act, Pub. L. No. 116-136, 134 Stat. 281 (2020).


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook X LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings