Deploying Research Compliance Analytics: Turning an Audit Into an Asset
Marisa Zuskar, Anne Sullivan Pifer
Data analytics plays an increasingly important role within research organizations. It can be used as a proactive tool for self-governance, or it can be used as a reactive one in response to an audit. In both instances, this maxim holds true: Knowledge is power.
The National Science Foundation's (NSF) deployment of the Data Analytics Audit is a prime example of the increased prevalence of data analytics in research administration compliance.
An analytics "audit," whether initiated by a regulatory agency or proactively by the institution itself, has the potential to offer prescriptive insights. Drawing upon best practices developed through supporting top research institutions with the Data Analytics Audit process, Huron leverages the use of data analytics to strengthen and fortify research compliance, while also promoting favorable audit outcomes.
Identify the Red Flags
Throughout the sponsored award lifecycle, there are dozens of financial and regulatory risks1, and institutions must consider how to identify and monitor them effectively. To start, there are a couple key questions to consider:
- What are the highest risk areas for grants administration?
- How can an organization set up automated controls or monitoring mechanisms to identify risky patterns or detect transactions that may spark heightened scrutiny?
But before thinking about the second question, consider some of the areas that have been highlighted as findings in recent NSF Office of Inspector General (OIG) Data Analytics Audits. These findings correspond to unallowable, unallocable or unreasonable costs, or inadequate documentation. In particular, some of the recurring questioned costs in draft audit reports included transactions or expenditures related to the following:
- Senior personnel salaries and the "Two-Month" rule
- Summer salary
- Cost transfers
- Participant support costs
- Travel (meals, conferences and foreign travel)
Knowing what costs are most likely to raise red flags, and their prevalence and patterns within an institution's research portfolio, empowers that institution to get a head-start on preparing a compelling audit response. Further, understanding an institution's risk "heat map" allows leadership and research administration management to target training of researchers and staff, focusing resources and prioritizing the areas with the highest risk, thereby proactively mitigating risk across the entire institution.
Understand Compliance Trends: Data Analytics Audits
It's instructive to have an understanding of the various factors impacting the use of data analytics in today's current research compliance environment and of the role they will play moving forward.
The OIG for sponsoring federal agencies, including the NSF and Department of Health and Human Services (HHS), continually modifies auditing practices to keep pace with regulatory trends. Some of the management challenges from federal sponsors include2:
- Improving grant administration
- Misuse of grant funds
- Encouraging ethical conduct of research
The NSF responded to these challenges by developing and deploying the Data Analytics approach to audits. If an institution is flagged via an algorithm as having atypical spending patterns, it may be selected for a more thorough audit, where 100 percent of costs incurred are tested. Using data analytics, the NSF auditors run transactional reports to identify questionable spending patterns and quickly detect costs that are more difficult to support as direct charges, or tend to require more supporting documentation to prove allowability or allocability.
Every expense and operational decision is subject to review, and even the most diligent of institutions can be caught off guard by what the findings reveal about their true practices and operations. Further, time spent preparing a response and managing the audit process poses a significant burden to the auditee, in addition to the possibility of potential findings and required paybacks.
Of note, it the debate within the research community over the NSF's use of data analytics as an audit approach. High-profile cases illustrate significant discrepancies between the initial findings and final resolutions, leading interest groups, including the National Academy of Sciences (NAS), to call for greater oversight and controls for the audit process and an appeal to Congress to intervene.
Institutions have objected to the NSF's practice of publicly posting initial findings, claiming that final resolutions often result in only a minimal portion of the original findings upheld by the NSF and rarely receive the same visibility or publicity, thereby impacting an institution's reputation.
Despite the controversy, the NSF remains committed to its use of data analytics in the interim and continues to adjust and improve its algorithms. The agency has made one significant concession, however. In the NSF Semiannual Report to Congress, released in December 2016, the OIG disagreed with the NSF Audit Follow-up Official's continued decision to overrule findings related to the two-month salary limit, but stated it will not refer similar findings related to this rule in the future.
Even as these issues are debated and discussed, institutions should continue to prepare for and respond to audits. The audits not only scrutinize spending on the NSF awards and identify unallowable transactions, but could also identify weakness in the institution's internal control environment and strain scarce resources in the process.
Apply Huron's Analytics to Your Institutional Data
Huron's new data analytics tool and service offering provides research compliance data analytics to institutions, both reactively (in response to an audit notification) and proactively (as self-monitoring). Organizations can, therefore, target transaction areas (specific awards, Principle Investigators (PIs), departments) for in-depth review and better allocate limited resources. This enables them to resolve problems, in what may be a limited amount of time, as opposed to using those resources to blindly sample hundreds of thousands of transactions and hope they get lucky in identifying the problem areas.
On the reactive front, an NSF data request includes a data download of all general ledger transactions posted to the NSF award over a specified period. Auditors then review all transactions provided using automated tools Huron performs an internal simulation mimicking the NSF's tests on the same data set in parallel, enabling institutions to identify high-risk areas in advance of the next phase of the audit. Institutional management can then brief faculty and leadership stakeholders, and where possible, take advance action to correct any areas of non-compliance identified (such as an alcohol purchase that slipped through the cracks).
On the proactive side, Huron partners with institutions to implement our data analytics tool as a cornerstone of an organization's research compliance program, incorporating our knowledge of compliance risks and transactional indicators, including some of those same areas incorporated into the NSF Data Analytics Audit. We customized our analytics tools to implement compliance tests that institutions may run on-demand as part of a self-monitoring protocol. These internal analyses can uncover potential red flags such as questionable spending patterns, potential changes in project scope, recurring transactions and more.
Research organizations are then better equipped to develop targeted training programs for staff members that can course-correct questionable activities. The biggest advantage to deploying data analytics is that the review process is comprehensive and automated. Institutions can ensure their limited research compliance resources are focused on the areas with the most risk and where intervention efforts will add the most value.
Huron Data Analytics - Sample Results4
*Illustrative Example - Not Actual Results
Despite inconsistent audit resolutions, the NSF's use of data analytics to drive audits is likely paving the way for other federal agencies to follow suit. Rather than viewing this trend as a burden, research institutions may leverage it as an impetus for change. Proactive reviews using Huron's customizable data analytics tool can quickly pinpoint practices most at risk based on transactional characteristics while informing the institution's action plan to resolve them.
As the saying goes, "Timing is everything." Better to proactively identify risk internally and take action on transactions requiring further investigation than be unprepared for an agency audit that diverts resources with little last-minute impact at a most inopportune time. Proactive use of data analytics can strengthen a research organization's compliance program, minimize financial risk and reduce future audit liabilities.
How does your research compliance and data analytics strategy stack up to your industry peers? How can Huron's data analytics tools augment your compliance program? Contact Huron to learn more.
The Huron Difference
Huron's Higher Education Research practice has partnered with 550+ institutions for a total of 3,500+ engagements - including 95+ of the top 100 research institutions. Our experience stems from having actual practitioners who understand the issues facing research administrators at universities, academic medical centers, nonprofits, hospitals and other clinical environments, as well as from having direct experience on federal agency audits and investigations of sponsored programs.
This brief represents insights provided by the following Huron research experts:
Marisa Zuskar, director, has 13 years of experience with Huron and the research team, focusing on research transformation and compliance, both financial and regulatory. She has partnered with several institutions to facilitate the audit process, including the NSF Data Analytics Audits, and assisted with the institutional response to other compliance challenges such as award suspensions, internal whistleblower reviews and the annual Single Audit process. Marisa has led Huron's efforts to integrate research compliance expertise with data analytics concepts and technologies to develop an effective, data-based approach to manage research compliance.
Contact Marisa at: firstname.lastname@example.org
Anne Sullivan Pifer, senior director, has 15 years of experience with Huron and the research team, assisting research universities and academic medical centers with reviewing and improving administrative operations, assessing their compliance with federal and other applicable regulations and enhancing institutional compliance programs. She assists research institutions with resolving compliance issues by working with legal counsel during internal investigations of potential non-compliance, supporting institutions during active audits or investigations from the federal government and calculating fair settlements based on data and regulatory interpretations.
Contact Anne at: email@example.com
1 Sullivan, Anne, "How to Get a Head Start on Analytics and Audits: Proactive Preparation and Responses to Federal Audits," NCURA Magazine, August 2015
2 Department of Health & Human Services, "Top Management & Performance Challenges Facing HHS," Office of the Inspector General U.S. Department of Health & Human services, 2016. National Science Foundation, "Establishing Accountability Over Large Cooperative Agreements," FY2017
3 Department of Health and Human Services Office of the Inspector General Semiannual Report to Congress, https://oig.hhs.gov/reports-andpublications/archives/semiannual/2016/sar-fall-2016.pdf
4 Illustrative example based on qualitative data and industry observationsDownload Now