Title: | Audit Resolution and Follow-up | Publication date: | 8/8/2022 | Effective date: | 8/8/2022 |
POLICYA. PurposeThis policy defines the requirements and responsibilities for reporting, tracking, resolution, and closure of all audit findings and recommendations (internal and external) at Lawrence Berkeley National Laboratory (Berkeley Lab). B. Persons AffectedAny employee responsible for Berkeley Lab audit-related activities, including corrective actions (internal and/or external) C. ExceptionsNone D. Policy Statement1. General
Audits, including inspections, investigations, and advisory reviews, are management tools used to detect fraud, waste, and abuse; validate program compliance, internal controls, and financial position; and promote effective risk management. Audit resolution, closure, and follow-up are critical to ensure that Berkeley Lab continuously employs best practices and complies with Department of Energy (DOE) Contract 31 and University of California (UC) directives. Berkeley Lab management must ensure appropriate corrective actions are implemented to resolve and complete audit findings, observations, and recommendations, as appropriate, in accordance with established target due dates. Drafts of internal and external audit reports are typically issued for management review and comment. When appropriate, management must submit its formal responses on findings and recommendations to the originating audit agency or department in accordance with an established due date. The response must include a targeted completion date for any findings or recommendations that warrant corrective actions. Targeted completion dates should be realistic and achievable. The Laboratory will track corrective actions in accordance with the standards set forth by the Laboratory's Office of Institutional Assurance and Integrity. This includes identifying, recording, and managing audit recommendations and associated corrective actions from inception through resolution in the Berkeley Lab Corrective Action Tracking System (CATS). In addition, IAS will independently track all internal audit findings and recommendations and coordinate follow-up on external audit findings and recommendations as required by UC policy and business practice. 2. Corrective Action Resolution and ClosureA distinction is made between the closure and resolution of corrective actions (see Glossary). - Closure: Closure occurs when the proposed corrective actions are completed and concurrence is obtained from the originating audit agency or department. Closure of external audits should generally take no longer than one year after issuance of the final report. Closures scheduled to take longer than one year require a written justification submitted to DOE and entered into DARTS.
- Resolution:
- Office of Inspector General (OIG) Audits: For audits and inspections conducted by the DOE OIG, resolution occurs when DOE management and the OIG agree on corrective actions to be taken on reported findings and recommendations. Resolution shall be made within a maximum of six months after issuance of a final report; see Office of Management and Budget (OMB) Circular A-50, Paragraph 8.b. (2).
- Government Accountability Office (GAO): Resolution is defined as the point at which the audit organization and agency management or contracting officials agree on actions to be taken on reported findings and recommendations; or, in the event of disagreement, the point at which the audit follow-up official determines the matter to be resolved; see OMB Circular A-50, Paragraphs 6.b.
E. Roles and ResponsibilitiesRole | Responsibility |
Laboratory Divisions
| - Ensure management responses are submitted by the required due dates.
- Update the CATS database to include all division action items in relation to audit recommendations, as appropriate.
- Complete action items and upload evidence of completion, as appropriate, in accordance with established target due dates.
| Internal Audit Services | - Assists Berkeley Lab management at all levels in assessing financial and administrative risks and controls.
- Berkeley Lab's internal audit function is conducted in accordance with DOE Contract 31; International Standards for the Professional Practice of Internal Auditing, which is promulgated by the Institute of Internal Auditors; and under the general guidance of UC's Office of Ethics, Compliance and Audit Services.
- Provides external audit coordination with various agencies in their review of Berkeley Lab's financial data and administrative controls.
| LBNL Audit Advisory Committee | - Serves in an advisory capacity to the Laboratory Director in providing overall guidance and oversight of the Internal Audit function. The UC Regents Audit Committee provides independent oversight.
- Is chaired by the Laboratory Director and includes additional members from the executive and managerial ranks at the Laboratory and University of California Office of the President (UCOP) representatives.
- Meets at least annually to review and provide input to the risk assessment process, which is the basis of the Annual Audit Plan, as well as to review Berkeley Lab audit results and the status of recommended corrective actions.
| Office of Institutional Assurance and Integrity | Manages and maintains CATS to track corrective actions and analyze trends resulting from assessments and/or inspections. |
F. Definitions/AcronymsTerm | Definition | Audit Closure | The proposed corrective actions of the audit are completed and the auditor agrees that actions taken satisfactorily address the deficiency identified. Closure of external audits should generally take no longer than one year after issuance of the final report. Exceptions require a written justification be submitted to DOE, entered in DARTS, and be subject to audit. | Audit Finding | A program or performance deficiency where there is a noncompliance with an established external or internal requirement. It is a generic term used to refer to programmatic or performance deficiencies, nonconformances, regulatory or procedural noncompliances, procedure inadequacies, assessment findings, external oversight findings, and associated actions that require formal corrective action. This includes but is not limited to a failure, defect, deviation, malfunction, deficiency, or nonconformance of plant equipment, materials, or procedures; or personnel safety concerns or events that have or could have an effect on the safe, reliable, or efficient operation of the Laboratory, or which involve a failure to be in compliance with requirements. | | Audit Observation | A practice or condition that is not technically noncompliant with an external or internal regulation or requirement, but could lead to noncompliance if left unaddressed. | Audit Observation | A practice or condition that is not technically noncompliant with an external or internal regulation or requirement, but could lead to noncompliance if left unaddressed. | Audit Recommendation | Auditor-suggested course of action to address issues, concerns, deficiencies, and improvements described in the audit finding or observation. | Audit Resolution | An agreement between the primary organization (auditee) and the auditor on corrective actions to be taken for audit findings and recommendations (i.e., management concurs with the findings and recommendations, or a management decision is issued indicating concurrence and expected completion dates). | Audit Response | A written comment by management indicating agreement or disagreement on reported findings and recommendations. Comments indicating agreement on draft reports must include planned corrective actions and dates for achieving such actions. Comments indicating disagreement should fully explain the reason(s) for disagreement. Disagreements on internal audit findings and recommendations should be resolved before issuance of the final report. | Corrective Action | An action that addresses a deficiency and/or the cause of an issue or audit finding and prevents or significantly reduces the likelihood of the same problem occurring again |
G. Recordkeeping RequirementsNone H. Implementing DocumentsI. Contact InformationChief Audit Executive J. Revision HistoryDate | Revision | By Whom | Revision Description | Section(s) Affected | Change Type | | 8/8/2022 | 4 | A. Flores | Periodic review: minor updates on the resolution process, R&Rs and SRDs. | D.1.2; E; SRDs | Minor | | 12/17/2020 |
| D. Soustin | Updated Contract 31 I clause numbers as per mod 1105 | Source Requirement Documents | Editorial | 6/1/2019 | 3 | T. Carlson/A. Flores | Revise policy to have institutional focus (not just financial); remove process info | All | Major | 5/22/2012 | 2 | M. Mock | Updates to policy | A, D, E, F, H, I | Minor | 1/2/2012 | 1 | M. Mock | Re-format for wiki | All | Minor |
|