This article needs to be updated. The reason given is: Uniform Guidance in 2 CFR 200 Subpart F has superseded OMB Circular A-133. Please help update this article to reflect recent events or newly available information.(February 2018)
In the United States, the Single Audit, Subpart F of the OMB Uniform Guidance, is a rigorous, organization-wide audit or examination of an entity that expends $750,000 or more of federal assistance (commonly known as federal funds, federal grants, or federal awards) received for its operations.[1][2][3] Usually performed annually,[4] the Single Audit's objective is to provide assurance to the US federal government as to the management and use of such funds by recipients such as states, cities, universities, non-profit organizations, and Indian Tribes. The audit is typically performed by an independent certified public accountant (CPA) and encompasses both financial and compliance components. The Single Audits must be submitted to the Federal Audit Clearinghouse along with a data collection form, Form SF-SAC.
History
Before implementing the Single Audit, the federal government relied on numerous audits carried out on individual federally funded programs to ensure these funds were spent properly. Because the government had numerous agencies awarding hundreds of different programs, the task of auditing all programs became increasingly difficult and time-consuming. To improve this situation, the Single Audit Act of 1984 standardized audit requirements for States, local governments, and Indian tribal governments that receive and use federal financial assistance programs.[5]
In 1985, the United States Office of Management and Budget (OMB) issued OMB Circular A-128, "Audits of State and Local Governments," to help recipients and auditors implement the new Single Audit. In 1990, OMB administratively extended the Single Audit process to non-profit organizations by issuing OMB Circular A-133, "Audits of Institutions of Higher Education and Other Non-Profit Organizations" which superseded OMB A-128. These new guides and provisions standardized the Single Audit in the United States to include all states, local governments, non-profit organizations, and institutions that receive federal funds from the US government.[6][5][7] On December 26, 2013, OMB issued the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, which standardized compliance and audit requirements for government entities, non-profit organizations and institutions of higher education.[8] These consolidated requirements are codified in Title 2 of the Code of Federal Regulations (CFR), part 200 with the single audit requirements in Subpart F of this section.[9] The terms 2 CFR 200 and Uniform Guidance can be used interchangeably.
Purpose and components
The federal government provides an extensive array of federal assistance to recipients reaching over $400 billion annually.[1] This assistance is provided through thousands of individual grants and awards annually for the purpose of benefiting the general public in the areas of education, health, public safety, welfare, and public works, among others. However, as a condition of receiving this assistance recipients must comply with applicable federal and state laws and regulations, as well as any particular provisions tied with the specific assistance.[10] The Single Audit provides the Federal government with assurance that these recipients comply with such directives by having an independent external source (the CPA) report on such compliance. However, it only applies to state, local government, and nonprofit recipients that expend $750,000 or more of such assistance in one year.[11][12]
A Single Audit encompasses an examination of a recipient's financial records, financial statements, federal award transactions and expenditures, the general management of its operations, internal control systems, and federal assistance it received during the audit period (the time period of recipient operations examined in the Single Audit, which is usually covers a natural or fiscal year).[3][13] The Single Audit is divided into two areas: Compliance and Financial.
The compliance component of a Single Audit covers the study and understanding (planning stage) as well as the testing and evaluation (exam stage) of the recipient with respect to federal assistance usage, operations and compliance with laws and regulations.[13] The financial component is exactly like a financial audit of a non-federal entity which includes the audit of the financial statements and accompanying notes. Depending on the recipient, the Single Audit can be simple and straightforward, or it could be complex and troublesome. This is because there are millions of federal grants awarded each year to thousands of recipients, each with its own independent way of operating. Therefore, the Single Audit differs from recipient to recipient and from federal program to program.
For these reasons, the federal government requires auditors to perform the compliance audit of a recipient with a planning stage and an exam stage. During the first stage, or planning stage, the auditor must study the recipient, determine whether there is a high or low risk that the recipient does not comply with laws and regulations, identify federal programs, and evaluate such programs. The second stage, or exam or audit stage, is where the auditor actually audits the federal assistance and programs.[13] The planning stage is considered an integral part of the Single Audit because it allows the auditor to design and perform the audit based on the qualities, characteristics and needs of the recipient to be audited.
Compliance audit: Planning stage
Low- or high-risk auditee
Before determining which federal programs to examine, the auditor must first determine, based on specific criteria, whether the recipient is a high-risk auditee or a low-risk auditee. A high-risk auditee is a recipient which has a high risk of not complying with federal laws and regulations, while a low-risk auditee is the exact opposite. The Uniform Guidance has set certain requirements a recipient must meet to be considered a low-risk auditee. This includes the following to be evaluated for each of the preceding two audit periods:[14]
Single audits have been performed on an annual basis in prior years.
The auditor's opinions on the financial statements and the Schedule of Federal Expenditures (discussed later) were unmodified.
There are no material weaknesses identified.
The auditor did not report a substantial doubt about the auditee's ability to continue as a going concern.
None of the Federal programs had audit findings from any of the following in either of the preceding two audit periods in which they were classified as Type A programs:
Internal control deficiencies that were identified as material weaknesses in the auditor's report on internal control for major programs;
A modified opinion on a major program in the auditor's report on major programs; or
Known or likely questioned costs that exceeded five percent of the total Federal awards expended for a Type A program during the audit period.
The Uniform Guidance uses the high- and low-risk determination to regulate the dollar amount of federal expenditures to be audited. Although the actual work necessary for a Single Audit is established by the auditor, the OMB has set a limit for auditing high-risk and low-risk auditees. For high-risk auditees, the auditor is required to audit not less than 40% of all the federal assistance received during the year. For low-risk auditees, that limit is decreased to 20%.[15]
This determination affects the entire Single Audit because the auditor adjusts the scope of the audit accordingly. Since the auditor must provide an opinion to the federal government on whether the recipient and its programs complied with laws and regulations, the auditor performs sufficient procedures to confirm the opinion is correct.[16]
Identification of major programs
Step 1: Type A or Type B
To determine which federal programs to audit under the compliance audit, federal assistance expended by the recipient (also called federal expenditures) during one year is identified by federal program name, Federal agency and CFDA number. These federal expenditures are then combined to determine the total amount expended during the year. Any recipient whose total federal expenditures during a year equal or exceed $750,000 requires a Single Audit.[17] If the recipient does not meet this threshold, a Single Audit is not required, although the recipient may elect to have a program-specific audit (an audit of a single federal program, without auditing the entire entity). Once this determination is performed, 2 CFR200.518 requires that federal programs be categorized in two groups: Type A programs and Type B programs.[18]
Type A program
A Type A program is any federal program within a recipient that meets the following criteria.
If total federal awards expended during the audit period are greater than or equal to $750,000 and less than or equal to $25million, then any program that expends more than $750,000 is Type A.
If total federal awards expended during the audit period are greater than $25million and less than or equal to $100million, then any program that expends more than 3% of total federal awards is Type A.
If total federal awards expended during the audit period are greater than $100million and less than or equal to $1billion, then any program that expends more than $3million is Type A.
If total federal awards expended during the audit period are greater than $1billion and less than or equal to $10billion, then any program that expends more than 0.3% of total federal awards is Type A.
If total federal awards expended during the audit period are greater than $10billion and less than or equal to $20billion, then any program that expends more than $30million is Type A.
If total federal awards expended during the audit period are greater than $20billion, then any program that expends more than 0.15% of total federal awards is Type A.
In other words, if a recipient expended a total of $25million or less in federal assistance, then any single program which expended $750,000 or more is considered a Type A. If a recipient expended $30million in federal assistance, then any single program which expended $900,000 or more (3% × $30million) is considered a Type A program.[18] Special consideration must be given to large loan programs in determining the Type A threshold.
Type B program
A Type B program is any single program which does not meet the Type A requirements.[19]
Examples
Example 1: The City of Example operates a Section 8 program, and expended $950,000 in Section 8 funds and $5,000,000 of total federal assistance during the year. Since this amount does not exceed $25,000,000, the Section 8 program is considered a Type A program because $950,000 exceeds the $750,000 threshold.
Example 2: Using the same data in Example 1 with the exception that the City of Example now expended a total of $30,000,000 in federal assistance, the Section 8 program would meet the Type A threshold because $950,000 is greater than $30,000,000 x 3% ($900,000).
Example 3: Using the same data in Example 1 with the exception that the City of Example now expended a total of $100,000,000 in federal assistance, the Section 8 program would not meet the Type A threshold because $950,000 is less than $3 million, and would be considered a Type B program.
After determining which programs are Type A and Type B, the Uniform Guidance requires that the auditor study and understand the operations and internal controls of such programs within the entity, and perform[20] and document[21] a risk assessment based on such study to determine whether each program has either a high or low risk of not complying with laws and regulations. Auditor may consider numerous factors including current and prior audit experience, good or poor internal controls over Federal programs, many or no prior audit findings, continuous or lack of oversight exercised by the federal government over the recipient, evidence or knowledge of fraud, and the inherent risk of the Federal program.[22]
For a Type A program to be considered low risk according to 2 CFR200.518, it must have been audited as a major program at least once in the past two years and must not have had:[18]
Material weaknesses in internal control
A modified opinion in the audit report
Known or likely questioned costs exceeding 5% of total federal award expenditures
For any Type A program considered to be a high risk of not complying, the Uniform Guidance requires that the auditor to perform a compliance audit on that program.[23] For a Type A program that is considered to be of low risk, then the auditor is not required to perform a compliance audit, although the Uniform Guidance allows the auditor to do so if he/she chooses.[23] Although the risk assessment is performed by the auditor based on his/her judgment,[22] the Uniform Guidance does have two requirements for a program to be considered low risk.
In assessing the risk of Type B programs, auditors should use professional judgement and criteria established in the Uniform Guidance. According to 2 CFR200.518, a minimum number of Type B programs must be identified as high risk, calculated as 25% of the number of low-risk Type A programs (rounded up). In assessing risk, auditors are encouraged to use an approach that allows different programs to be identified as high risk over time. The auditor is not expected to perform risk assessments on smaller Type B programs with expenditures that do not exceed 25% of the Type A threshold determined in step 1. Type B programs which have a low risk of not complying are not required to be audited.[18]
Step 4: Major program determination and percentage of coverage
High-risk Type A and high-risk Type B programs are considered major programs and must be audited. The auditor then totals all of the federal award expenditures for the identified major programs and divides by the total federal award expenditures for the entity as a whole. For low-risk auditees, major program expenditures as a percentage of total award expenditures must be at least 20%. For high-risk auditees, the required coverage percentage is increased to 40%. If the identified major programs do not meet the required coverage percentage, then the auditor must select additional programs to audit until the required coverage percentage is met.[18]
Compliance audit: exam stage
After the auditor determines which federal programs to audit, the auditor performs a compliance audit that scrutinizes operations of the program—examining files, documents, contracts, checks, etc. The auditor investigates, to some degree, transactions between the federal program and other parties. These functions are compared with the laws and regulations applicable to a program to see if they complied or not. The examination does not require observing every single document and every single process generated by the program. Nevertheless, the auditor is required to perform enough procedures to form an opinion on whether the program (as a whole) complied with laws and regulations.[24]
Due to the amount of federal regulations, the federal government has provided certain guides and literature to assist the auditor in the examination, which includes the OMB Compliance Supplement and the Compliance requirements:[24]
OMB compliance supplement
The OMB Compliance Supplement is a large and extensive guide created by the OMB for Single Audits, and is considered the most important tool of both the auditor and the recipient when performing, or being subject to, a Single Audit.[5] It was created following amendments in 1996 to the Single Audit Act and serves to identify existing important compliance requirements that the Federal Government expects to be considered as part of a Single Audit. Without it, auditors would need to research thousands of laws and regulations for each single program of a recipient to determine which compliance requirements are important to the Federal Government. For Single Audits, the Supplement replaces any agency audit guides and other audit requirement documents for individual Federal programs.[5]
Compliance requirements are series of directives provided by Federal agencies that summarize hundreds of laws and regulations applicable to federal assistance and are important to the successful management of such assistance. The OMB created 14 basic and standard compliance requirements for which recipients must always comply with when receiving and using federal assistance, and provided detailed explanations, discussions, and guidance about them in the OMB Compliance Supplement.[25] These compliance requirements only serve as guidelines for compliance with the specific laws and regulations applicable to the assistance and their objectives are designed to be generic in nature, because of the amount of different federal programs provided by the government. For example, many federal programs have eligibility requirements for individuals or organizations to participate in such programs because they have been established by either laws, regulations, or contract provisions. However, while the criterion for determining eligibility varies from program to program, the objective of the Eligibility compliance requirement that "only eligible and qualified individuals or organizations participate" is consistent and universal across all federal assistance programs. This eligibility universal criterion is called the Eligibility compliance requirement.[26]
The Single Audit requires that a recipient prepare financial statements that reflect its financial position, results of operations or changes in net assets, and, where appropriate, cash flows for the fiscal year audited.[27] The Single Audit also requires that a financial audit be performed on the recipient that includes the federal assistance operations as well as the non-federal assistance operations. Tests of transactions and account balances are performed to ensure that the information presented in the financial statements, and notes thereof, are presented fairly in all material respects in accordance with generally accepted accounting principles.[28] Additionally, the recipient must prepare a Schedule of Expenditures of Federal Awards (SEFA), which is supplementary information to the financial statements unique to recipients of federal assistance that details all the federal assistance expended by the recipient during the year, categorized by federal program.[29] The auditor must then audit and report on this Schedule "in relation to" the financial statements as a whole.
Data Collection Form and Reporting Package
After the Single Audit is concluded, the recipient prepares two documents: a "Data Collection Form" and a "Reporting Package". The data collection form, Form SF-SAC, is a standard form which is basically a summary of the Single Audit. It includes details of the auditor, a list of the federal programs audited, and a summary of any audit findings reported by the auditor. The Reporting Package includes all the auditor's final reports along with the recipient's financial statements. It includes:[30]
Auditor's reports
Management Discussion and Analysis (MD&A) – This serves as an introduction to the recipient's financial statements where the recipient's management (e.g., governors, in the case of states; mayors, in the case of cities; president, in the case of many nonprofit organizations) discusses the results of operations and other financial information, offering insight and detailed description about the recipient itself.
Supplemental Information – This section includes both financial and non-financial information relative to the recipient which is not covered in the MD&A or the financial statements and their respective notes.
Schedule of Federal Award Expenditures – This document details all federal assistance expenditures made by the recipient during the audit period, categorized by the federal program and federal agency.
Schedule of Findings and Questioned Costs – If the auditor finds situations where the recipient did not comply with laws and regulations, where internal controls are deficient, or a situation of illegal acts or fraud, the auditor is required to report such situations in this section, as well as any questioned costs. Questioned costs are amounts that the recipient expended, but which the auditor has determined that they were not permitted and must be returned to the federal government.[31]
Schedule of Prior Audit Findings – In this section, the auditor is required to follow up and report about the recipient's corrective action of any audit findings reported in prior years.
Both the Data Collection and the Reporting Package are kept by the recipient with copies submitted to the Federal Audit Clearinghouse (FAC), and to any Federal agency who specifically requests it.[32] Federal guidelines require recipients to submit the documents no more than 30 days after the auditor submits his reports or 9 months after the final day of the audit period, whichever comes first.[33]
Extension
On March 19, 2020, the Office of Management and Budget issued a memo allowing certain extensions of deadlines because of the COVID-19 pandemic. For award recipients with fiscal year-ends through June 30, 2020, an agency is allowed to extend recipients' deadlines to complete and submit a Single Audit package by up to six months.[34][35] For award recipients with fiscal year-ends between July 1 and September 30, 2020, an agency is allowed to extend recipients' deadlines to complete and submit a Single Audit package by up to three months.[36][37]
The extension may be given automatically, but recipients should still retain documentation of how the pandemic reduced its operational capacity and how the award was affected.[34][35]
On June 18, 2020, the Office of Management and Budget issued a memo, stating that extensions are no longer allowed for organizations with 2020 year-ends because, "during the Coronavirus pandemic, many recipients learned the capabilities and are now getting the experience to perform the objectives of the Federal programs remotely with limited access to their physical office."[37]
Auditor responsibility
The auditor is responsible for conducting the actual audit of the recipient in accordance with Generally Accepted Government Auditing Standards (GAGAS)[38] and using the guidance provided by the OMB Circular A-133 and its Compliance Supplement, all of which establish certain rules to follow during the Single Audit. The auditor must establish audit objectives that determine whether the recipient complied with laws and regulations. They must research the recipient's federal assistance awards and programs to determine applicability of specific laws and regulations. They must understand the recipient, its organization, operations, internal control systems, and ability to responsibly manage federal assistance. They must perform audit procedures (some of which are suggested by the Compliance Supplement) to meet these audit objectives.
The auditor must understand the recipient's internal control system to determine if the recipient has proper safeguards that help manage federal assistance responsibly. After obtaining sufficient knowledge of that system, the auditor must perform audit procedures to verify the recipient's internal control system works properly, and the recipient's federal program operations comply with laws and regulations (e.g., the compliance audit portion of the Single Audit).[3][39][40]
As part of the Single Audit, the auditor must prepare and submit three individual reports to the recipient and to the federal government. The first report is an opinion, or a disclaimer thereof, on whether the recipient's financial statements are presented in conformity with US Generally Accepted Accounting Principles, identical to a financial audit's report on a non-recipient entity. The second report is about the status of internal controls relative to the financial statements and major programs. The third report is an opinion, or a disclaimer thereof, on the degree to which the recipient has complied with laws, regulations, and the terms and conditions of the federal assistance awards. Following the last two reports, if the Single Audit produced audit findings, the auditor must prepare the Schedule of Findings and Questioned Costs discussed earlier.[31][40]
The auditor's judgment is necessary to determine which audit procedures are sufficient to achieve the audit objectives, and whether additional or alternative audit procedures are needed to achieve such objectives. The auditor is responsible for determining the nature, timing, and extent of the audit procedures necessary to meet the audit objectives (i.e., it is the auditor who determines the necessary amount of his/her audit work needed to form an opinion on whether the recipient complied with laws and regulations).