In March 2020, in response to the ongoing COVID-19 crisis, Congress and President Trump passed and signed the $2 trillion economic stimulus bill known as the Coronavirus Aid, Relief, and Economic Security Act (CARES Act). Within this stimulus package were billions of funds from the government that are now subject to the Single Audit Act of 1984, as amended, and the Office of Management and Budget (OMB) 2 CFR 200 subpart F – Audit Requirements.
These funding sources are expected to cause a significant increase in organizations requiring a Single Audit for 2020. Since many organizations have never had to prepare for a Single Audit before, this article will answer key questions and provide resources to assist first time auditees.
What is a Single Audit?
The Single Audit is a compliance-based audit that was created with the Single Audit Act of 1984, as amended. The requirements for a Single Audit are described in OMB 2 CFR 200 subpart F – Audit Requirements.
If an organization expends over $750,000 in federal funding as a recipient or subrecipient in a given fiscal year, the organization is required to have a Single Audit. This is in addition to the organization’s financial statement audit. Under a Single Audit, auditors understand and test internal controls, as well as compliance, in order to provide an opinion on the organization’s compliance with selected federal awards.
What resources are available to auditees?
As an auditee, the first step is to review the grant agreement/grant award from the federal agency or pass-through entity. Within the award document, the funder will include references to what standards the award should follow. It will likely point to the Uniform Guidance, or the federal agency’s adoption of the Uniform Guidance, within its codification. For example, the Department of Health and Human Services adopted Uniform Guidance in 45 CFR 75. The award document should also include information about what type of costs are allowed, how to request reimbursement, what reporting is required, and any other special provisions of the award.
Auditees should also review any guidance, policies, or memos issued by the federal agencies related to their award. Additionally, by using the beta.SAM.gov website, auditees can look up their CFDA number under the Federal Assistance Listing and determine whether the funding is subject to Uniform Guidance and what parts are applicable. When issuing significant amounts under a CFDA number, the federal agency is required to include information on the program on the beta.SAM.gov website.
If the funding is subject to Uniform Guidance, the auditee should review this section of the codification in detail. This codification includes all the areas the Single Audit will examine for compliance requirements as they apply to the specific award. Included in the Uniform Guidance are requirements related to Pre-Federal Award Requirements and Contents of Federal Awards (subpart C), Post Federal Award Requirements (subpart D), Cost Principles (subpart E), Audit Requirements (subpart F), and various appendices providing further compliance requirements.
OMB Compliance Supplement
Within the appendices mentioned above is the OMB Compliance Supplement (the Supplement), which is issued annually by the OMB to guide auditors performing the Single Audit. This is an invaluable resource to auditees as well. The Supplement includes directions on how and what the auditor should be testing for specific funding. The auditee should review the Supplement for any CFDA funding they receive and review what the OMB is guiding the auditors to test. Additionally, the OMB has plans to issue a separate addendum to the Supplement in Fall 2020 to cover specifics related to CARES Act funding and how auditors should approach it.
The Supplement also includes a listing of the compliance requirements under Uniform Guidance and suggested audit procedures under each in Part 3 of the Supplement. By using the Supplement, an auditee could determine what allowable cost/cost provision is applicable to their CFDA number of their award. The auditee can then review Part 3 of the Supplement to determine what testing the auditors are recommended to perform and the samples they will likely take.
Lastly, in Part 6 of the Supplement, the OMB lists example internal controls an organization could put in place to ensure the compliance requirements are met. For an auditee who is just starting under federal compliance, this is an important area to review to ensure their controls are set up appropriately to comply with the federal requirements.
What policies are required under Uniform Guidance?
There are certain policies that are required under Uniform Guidance if the organization receives federal funding. The necessary policies include a conflict of interest policy, a record retention policy, and a procurement policy. The organization may also be required to have additional policies if they are subject to the related compliance requirement, like a sub-recipient monitoring policy. These policies often have specific requirements as it relates to federal funding. As such, the auditee should review the specific requirements for these policies in the Uniform Guidance.
What will auditors be looking for?
Auditors are issuing an opinion over compliance for a major program and the controls over compliance for the major program. Each year, the auditor performs a risk assessment as described in Subpart F of the Uniform Guidance to determine the major programs (awards or clusters of awards) that will be subject to audit in that year. Under this program, the auditor will perform testing over the compliance requirements and the controls over the compliance requirements.
The auditor will often take a sample of the transactions to test for compliance requirements. Sample sizes can range based on the population and the risk assessment that the auditor performs. However, standard sample sizes typically range from 25 to 60 selections for each compliance area. The auditor uses the Supplement for guidance on what compliance area to test and where to make a sample. The auditee can use Uniform Guidance subpart F and the Supplement to better understand what the auditor will be testing in their Single Audit.
How can I avoid a Single Audit finding?
The auditor is issuing an opinion on whether the auditee materially complied with compliance requirements and if there were any deficiencies in compliance controls. The auditee should understand all the compliance requirements that are applicable to the funding they’ve received and design effective controls around those compliance requirements. Monitoring of those controls to ensure their effectiveness is essential for organizations to reduce their exposure to potential non-compliance.
At the End of the Day, Knowledge is Power
Many organizations will be facing their first Single Audit in 2020. Whether an auditee is subject to a Single Audit due to the inflow of funding from the CARES Act, or they are just entering the world of federal compliance and federal funding, it is important they understand their requirements and the resources they have at hand. Knowing these up front and designing controls around an environment of compliance will help set the auditee up for success during their first Single Audit. As guidance continues to change, the auditee should continue to expand their knowledge over the Single Audit process and compliance requirements.
If you have questions regarding Single Audit compliance, or want to know how we can help you prepare for your first Single Audit, contact a Clark Nuber professional.
© Clark Nuber PS, 2020. All Rights Reserved