An organization may be required to file a single audit known as a single audit when it reaches a specific threshold for receipt or expenditure of federal awards within its fiscal year. Single audits allow the Federal Government to assess an organization’s financial health and ability to manage federal awards. They also provide financial statement users with a comprehensive look at all operations and provide assurance on your program information, compliance, and internal control over compliance.
When is an organization required to file a single audit?
Non-federal entities, such as nonprofit organizations, institutions of higher education, state and local governments, and Indian tribes, that carry out federal awards as recipients or sub-recipients are required to file a single audit if the organization expends direct or indirect federal awards in excess of $750,000 in their fiscal year. Federal awards include, among other things, grants, contracts, loans, loan guarantees, interest subsidies, property, and endowments. The timing of the expenditure depends on the type of award. For example, property expenditure occurs when it is received, and the expenditure for interest subsidies occurs when the amounts are disbursed.
Commercial organizations that received $750,000 or more in federal awards in their accounting period (regardless of the timing of expenditure) that do not qualify for a program-specific audit may also be subject to a single audit. This scenario is occurring more and more since federal funds have been provided through certain COVID-19 relief programs. These programs have provided countless businesses and organizations with much-needed financial assistance. But for many of these organizations, that assistance also means the amount of federal awards they received for the year is much higher than they are accustomed to receiving. If you received federal COVID-19 assistance in 2020 or 2021, your awards might trigger a single audit filing requirement.
How is a single audit performed?
Single audits are performed by a certified third-party auditor and conducted in accordance with both generally accepted accounting standards (GAAS) and generally accepted government accounting standards (GAGAS, which is also referred to as “yellow book”). Although all single audits include yellow book standards, a standalone yellow book audit may be required even if the organization is not required to file a single audit.
During a single audit, your auditors will perform procedures to obtain sufficient appropriate audit evidence supporting the accuracy and completeness of your internally-prepared Statement of Financial Awards (SEFA). You will work with your auditor to collect the required information to submit a complete single audit package to the Federal Audit Clearinghouse (FAC).
Based on your auditor’s findings, they may be required to report certain findings on deficiencies in internal control over financial reporting in their schedule of findings and questioned costs (SFQC), and that information may be made publicly available. That’s why it’s essential to understand common deficiencies and how to prevent them.
What makes a deficiency material or significant?
According to GAAS, a deficiency exists “when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis.” Auditors are required to report material noncompliance with the provisions of federal statutes, regulations, or the terms and conditions of federal awards related to a major program and significant deficiencies and material weaknesses in internal control over major programs.
A material weakness occurs when there is a reasonable possibility or probability that the deficiency will result in a material misstatement of the organization’s financial statements. While a significant deficiency is less severe than a material weakness, it is important enough “to merit attention by those charged with governance.”
How can you avoid common significant deficiencies?
Most common deficiencies auditors find stem from a lack of or improper risk assessments and internal controls. It isn’t uncommon for auditors to find that an organization has inadvertently breached the terms and conditions of one or more of their government contracts. Your organization must have internal controls in place to ensure expenditures are made in compliance with the terms and conditions of the federal award. Correctly identifying sub-recipients, performing sub-recipient monitoring, and ensuring all subawards meet contract requirements are also key.
Ensure your staff working on federal programs are trained in Uniform Guidance administrative requirements and cost principles, such as internal control, procurement, and allowable direct and indirect costs. Appropriate personnel should be familiar with SEFA requirements and the Council on Financial Assistance Reform’s (COFAR) standards on effective dates, applicability, methods of procurement, and indirect costs. Your staff should also review the Office of Management & Budget (OMB) 2021 compliance supplement to understand the interplay between COVID-19 federal assistance and related filing requirements.
If your organization was subject to a single audit in the prior fiscal year, part of your single audit package for the current fiscal year will include a Summary Schedule of Prior Audit Findings. It’s essential to review any correspondence from your auditors from the prior year to ensure any issues noted for that accounting period have been resolved.
Specific procedures or actions can trigger increased scrutiny from oversight agencies. For example, in terms of cost transfers, shifting costs at the end of a project or between programs may draw attention. In terms of cash management, it’s best practice to disperse a check as quickly as possible after drawing down federal cash under your letter of credit.
How should you prepare for your single audit?
Once your Data Collection Form (DCF) is complete and your single audit reporting package has been prepared, your organization must submit all information to the FAC within 30 calendar days of receiving the auditor’s report(s), or nine months after the end of the audit period, if earlier. Late filings are often precursors that indicate there may be weaknesses in your grant management systems; in turn, by filing late, you may be inviting unwanted, intensified scrutiny from oversight authorities.
Document your policies and procedures. When formally documented, they help your organization drive accountability, quality, and compliance. It is also critical to keep clean, accessible records to quickly gather and summarize grant information and determine whether your awards are subject to pre-Uniform Guidance or post-Uniform Guidance standards.
Make sure your property records are in compliance with all of the required data elements outlined in Subpart E. And take inventory of all equipment you purchased with federal funds so that you can reconcile the inventory count to your property records.
You are ultimately responsible for preparing your organization’s SEFA, so it’s a good idea to prepare a draft copy to go over with your auditor. Well-kept documentation is an essential part of the drafting process, and it also helps you and your auditor with major program determination.
The audit and assurance team at LGA helps businesses and nonprofits navigate the complexities of single audit requirements. I work with owner-managed and privately held companies across several different industries, and I’d like to help you with a plan to meet your organization’s compliance needs. To learn more, contact me today.
John Ead is a principal at LGA and leads audit and assurance engagements for both for-profit and nonprofit entities. He has worked extensively with owner-managed and privately held companies, and his client base spans over a number of different industries. Additionally, John has spent many years leading audit engagements for nonprofit organizations serving the Greater Boston community.