search

GSA-TTS / FAC

GSA's Federal Audit Clearinghouse
Other
18 stars 5 forks source link

Validation waiver MVP #3978

Open jadudm opened 3 weeks ago

jadudm commented 3 weeks ago

What problem(s) are we trying to solve?

We have three audits that want to be submitted, but have extenuating circumstances that prevent their submission.

  1. An audit needs to be submitted for an entity that no longer exists. The audit needs to be submitted for passthrough oversight. There are two extenuating circumstances. On the entity side, a director left, and then the entity dissolved, and now the UEI is inactive. No one can update the UEI. The auditor, therefore, cannot create the audit, and even if they could, there would be no Auditee Certifying Official to certify the audit.
  2. An audit needs to be submitted for an auditor that no longer exists. The audit exists, but the auditing firm closed up shop, and no one (up to the IG level) can reach the auditor or firm. The auditee has loaded the audit, but they cannot get past the Auditor Certifying Official step.
  3. A change in validation procedures caught a state unawares. A state has structured their findings such that our constraints on award numbers and reference numbers cannot be satisfied. Their past audits were structured the same way, and passed Census. They are the only audit to not pass our new validations in this way (to date), and were we to ask them to restructure their findings, their entire report would need to be rewritten. We are going to waive that particular validation for this particular audit, and they will structure their findings differently in the future.

At the current rate, these are roughly 1-in-10000 issues. Even though they are rare, they have real impacts. For example, an auditee can have future funding blocked for non-submission. And, we know that these kinds of things will happen every year.

So, the problem we are trying to solve is "granting exceptions to validation steps in the face of exceptional, extenuating circumstances."

What we can do today

We have an ADR regarding validation waivers and are going to proceed iteratively. The initial iteration will capture the bare minimum documentation we believe we need, and subsequent iterations will improve the usability, automation, and visibility of granted waivers.

### Tasks
- [ ] https://github.com/GSA-TTS/FAC/issues/4024
- [ ] https://github.com/GSA-TTS/FAC/issues/4023
- [ ] Test submission→dissemination pathway with waivers
- [ ] Create Django admin interface and logging for auditability
- [ ] https://github.com/GSA-TTS/FAC/issues/4027
- [ ] Adjust validation code (per-workbook and cross-validation, as needed) to accommodate waivers

For future iterations, we expect to improve the visibility of waivers (so that dissemination shows that a waiver was granted on an audit), as well as the tooling for requesting/granting waivers (perhaps using the Spiff workflow engine to allow appropriate users to initiate the waiver process, and simplify the review/granting process on the part of FAC staff).

tadhg-ohiggins commented 3 weeks ago

Should we add this?

I suspect people will attempt to email that address if we use it.