An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Report | Oct. 9, 2019

Quality Control Review of the KPMG LLP FY 2017 Single Audit of the Johns Hopkins University DODIG-2020-002

Evaluations

Publicly released: October 11, 2019 

Objective

We conducted a quality control review of the KPMG LLP (KPMG) FY 2017 single audit of the Johns Hopkins University (Johns Hopkins) to determine whether the single audit was conducted in accordance with auditing standards and Federal requirements.

Background

Public Law 104-156, “Single Audit Act Amendments of 1996,” was enacted to promote sound financial management of Federal awards administered by non‑ Federal entities and to establish uniform requirements for audits of Federal awards. Title 2 Code of Federal Regulations Part 200, “Uniform Administration Requirements, Cost Principles, and Audit Requirements for Federal Awards” (Uniform Guidance), sets forth the standards for the audit of non‑Federal entities expending Federal awards.

Johns Hopkins is a private university that provides education to students, research for sponsoring organizations, and professional medical services to patients. During FY 2017, Johns Hopkins spent $2.96 billion in Federal funds, including $2.36 billion on one major program referred to as the research and development cluster. The $2.36 billion included $1.13 billion in DoD awards. Johns Hopkins engaged KPMG to perform its FY 2017 single audit.

Finding

KPMG generally complied with auditing standards and Uniform Guidance requirements when performing the FY 2017 single audit of Johns Hopkins. However, we identified deficiencies in the documentation that must be corrected in future audits. Specifically, KPMG auditors did not document:

  • an adequate rationale for sample sizes they used to test internal controls,
     
  • the sampling methodology for two audit samples they used to test the period of performance and special tests and provisions compliance requirements, and
     
  • the basis for not performing planned audit procedures on a direct and material compliance requirement.

We obtained additional explanations and performed additional analysis to verify and determine that the KPMG audit procedures provided sufficient evidence to support the audit conclusions. As a result, KPMG is not required to perform additional audit work on the FY 2017 single audit of Johns Hopkins.

Recommendations

We recommend that, for future single audits, the KPMG Partner:

  • Improve documentation of its rationale for the sample sizes used to test internal controls, including a documented assessment on the significance of the internal control being tested.
     
  • Improve documentation of the audit sampling methodology used to test internal controls and compliance for both the period of performance and the special tests and provisions compliance requirements.
     
  • Document the basis for not performing planned audit procedures on direct and material compliance requirements.

Management Comments and Our Response

The KPMG Partner agreed with our recommendations and stated that KPMG will enhance audit documentation in accordance with our finding and recommendations.

Comments from the KPMG Partner addressed the specifics of the recommendations; therefore, the recommendations are resolved but remain open. We will close the recommendations once we perform followup procedures to verify that KPMG’s corrective actions fully address our recommendations.

This report is a result of Project No. D2019-DAPOSA-0081.000.