Each year, the Office of Management and Budget (OMB) issues a 2 CFR Part 200, Appendix XI Compliance Supplement (Compliance Supplement). The Compliance Supplement provides a road map auditors should follow when performing a Single Audit (established under the Single Audit Act of 1984) and explains how to test the various applicable compliance requirements.
Each year the Compliance Supplement is updated by both the OMB and the related federal agencies which issue funds that fall under Single Audits. In 2018, the OMB released a skinny version of the Compliance Supplement which included only changes to the supplement. Thus, auditors had to use the 2017 and 2018 Compliance Supplements in conjunction when performing audits.
The 2019 Compliance Supplement, released in July 2019, returned to the full stand-alone supplement, highlighting key changes within. Some of the more significant changes include the requirement for federal agencies to reduce the applicable compliance areas from 12 down to 6, and the re-addition of internal controls. This supplement applies for fiscal years beginning after June 30, 2018. It supersedes the previous Compliance Supplements.
An overview of the Compliance Supplement and other changes in it worth noting follows below:
The Compliance Supplement comprises eight parts. Part One describes the background, purpose, and applicability of the Compliance Supplement. The Compliance Supplement can be used as a tool by auditees to better understand the audit process and what the auditors will be testing. This area only included minor updates related to the 2019 Compliance Supplement.
Part Two covers the matrix of compliance requirements for various programs designated by the program’s Catalog of Federal Domestic Assistance (CFDA) number. This section saw significant changes in the 2019 Compliance Supplement. Each year, federal agencies must submit a matrix detailing which of the 12 compliance requirements are applicable for a specific CFDA. The 12 compliance requirements consist of:
- activities allowed or unallowed;
- allowable costs/cost principles;
- cash management;
- equipment and real property management;
- matching, level of effort, earmarking;
- period of performance;
- procurement suspension and disbarment;
- program income;
- subrecipient monitoring; and
- special tests and provisions.
The federal agencies submit this information for CFDAs that have a high level of federal assistance issued from the agency, but it does not include all CFDAs that have been issued. Each year, CFDAs are added to this matrix and removed. The 2019 Compliance Supplement reflected these normal changes.
However, the OMB also required that federal agencies identify six compliance requirements that are subject to audit. The purpose was to reduce the audit burden on auditors and auditees of the various programs. For the six compliance requirements, allowable activities and allowable costs were considered “one” compliance area. This is a significant change from prior years and will have an impact on the planning and performing of Single Audits in the next year. For many programs, the compliance requirements removed were not historically considered direct and material, so the impact on the Single Audit is yet to be known.
Part Three of the Compliance Supplement covers the 12 previously mentioned compliance requirements, except for special tests and provisions. It details the audit objectives and provides suggested audit procedures such as sampling and reviewing policies. It also covers the requirement to obtain understanding and test the effectiveness of internal control over the compliance requirement. As special tests and provisions are unique to the specific program, the compliance supplement does not give guidance on how to test them, only that testing must be covered. This part only included minor updates.
Part Four covers the federal agencies’ specific program requirements for CFDAs included in the Compliance Supplement. Federal agencies can include guidance in this area key for the auditors to be aware of when testing the related programs. This part is updated regularly in the Compliance Supplement with any changes in federal programs.
It is recommended that users of the Compliance Supplement review this area in detail for programs under audit. There may have been significant changes from prior years.
Part Five of the Compliance Supplement covers the same areas as Part Four, but instead of individual programs, it focuses on the clusters included in the Compliance Supplement, such as the Research and Development cluster. Again, it is recommended that users of the Compliance Supplement review this area in detail for clusters under audit.
Part Six of the Compliance Supplement covers internal controls. Organizations receiving federal assistance must maintain a system of internal controls that provides reasonable assurance of compliance with federal requirements. Under Single Audits, the auditor must gain an understanding of these controls and audit the controls.
Part Six covers an example control structure that organizations can adopt. It includes controls under the “Standards for Internal Control in the Federal Government” (Green Book) which is issued by the Government Accountability Office. It also includes the “Internal Control Integrated Framework” (COSO Framework), issued by the Committee of Sponsoring Organization of the Treadway Commission. Under 2 CFR Part 200, the Green Book and the COSO Framework are recommended internal controls structures, but not required. Part Six provides examples of controls using these structures. In previous Compliance Supplements, this part had been removed as OMB worked to incorporate changes in the Green Book and COSO Framework. The 2019 Compliance Supplement has added this section back in and the OMB has significantly expanded guidance in this area. Auditees can use the section to help evaluate their own controls against the Green Book and COSO Framework.
Part Seven of the Compliance Supplement guides when a CFDA is not included in the Compliance Supplement and how the program should be audited. This area saw only minor edits from the prior supplements.
Part Eight of the Compliance Supplement includes the appendices to the Compliance Supplements. The appendices include:
- Federal Programs Excluded from the A-102 Common Rule and Portions of 2 CFR Part 200 (Appendix I);
- Federal Agency Codification of Government-wide Requirements and Guidance for Grants and Cooperative Agreements (Appendix II);
- Federal Agency Single Audit, Key Management Liaison, and Program Contacts (Appendix III);
- Internal Reference Tables (Appendix IV);
- List of Changes for the 2019 Compliance Supplement (Appendix V);
- Program-Specific Audit Guides (Appendix VI);
- Other Audit Advisories (Appendix VII);
- Examinations of EBT Service Organizations (Appendix VIII); and
- Compliance Supplement Core Team (Appendix IX).
These appendices had minor changes as they related to the updates for each new Compliance Supplement.
For a full listing of the changes from the 2017/2018 Compliance Supplement, users of the 2019 Compliance Supplement should perform a detail review of Appendix V, which covers all the changes in the new supplement.
If you require help when preparing for a Single Audit, contact a Clark Nuber professional.
© Clark Nuber PS, 2019. All Rights Reserved