What Are the Uniform Guidance Audit Requirements?
Navigate the federal award audit process from start to finish. This guide clarifies auditee obligations and the procedural steps for a compliant Uniform Guidance audit.
Navigate the federal award audit process from start to finish. This guide clarifies auditee obligations and the procedural steps for a compliant Uniform Guidance audit.
Organizations that spend federal funds are subject to a specific set of rules for financial management known as the Uniform Guidance. This government-wide framework, established by the Office of Management and Budget (OMB) and codified at 2 CFR Part 200, aims to streamline the administration of federal awards, reduce administrative burdens, and safeguard federal funds from waste and abuse. Updates to the guidance in 2024 have adjusted certain thresholds and processes.
A key part of the Uniform Guidance is the mandate for certain non-federal entities to undergo a specialized audit of their federal awards. This audit process provides assurance to federal agencies that their funds are being managed in compliance with applicable laws, regulations, and the specific terms of each award. The framework sets clear standards for when an audit is required, what it must cover, and how the results are to be reported.
An organization’s obligation to undergo an audit is triggered by a financial threshold. If a non-federal entity expends $1,000,000 or more in federal awards during its fiscal year, it must arrange for an audit. For this purpose, an “expenditure” includes direct spending of grant funds, the value of non-cash assistance like food commodities, and the outstanding balance of loans at the end of the period. An organization must sum all such expenditures from every federal source to determine if it meets this trigger.
Once an organization determines it has crossed the expenditure threshold, it has two potential audit paths: a program-specific audit or a single audit. A program-specific audit is a limited option available only if all federal award expenditures were made under a single federal program and the award terms do not require a full financial statement audit. If these conditions are not met, the organization must undergo a single audit, which is the default requirement for most entities.
Before an audit begins, the organization, or auditee, has several responsibilities to fulfill. These duties involve preparing specific financial documents and ensuring internal systems are properly functioning and documented to facilitate an efficient audit process. The auditee’s primary responsibilities include:
Once an auditee has prepared the necessary information, the single audit process begins with selecting a qualified auditor. The auditee is responsible for procuring audit services in accordance with the same procurement standards it must follow for other services.
The auditor’s first task is to perform a risk-based assessment to identify the “major programs” that will be subject to detailed testing. Using the Schedule of Expenditures of Federal Awards (SEFA), the auditor evaluates federal programs and assesses their risk to select which ones will be audited as major programs.
With the major programs identified, the auditor proceeds to test the internal controls the auditee has established over those programs. This involves evaluating the design of the controls to determine if they are capable of preventing or detecting noncompliance and then testing their operating effectiveness. The auditor gathers evidence to confirm that these procedures are being followed.
The final step is the testing of compliance for each major program. The auditor must determine whether the auditee has adhered to the specific requirements outlined in the OMB’s Compliance Supplement that are applicable to that program. These requirements cover areas such as whether activities were allowed, if costs were allowable, if eligibility determinations were correct, and if reporting requirements were met.
After the auditor completes their fieldwork, the results are compiled into a comprehensive reporting package for submission to the federal government. The complete reporting package includes:
If the audit identifies any findings, the auditee is responsible for preparing a formal corrective action plan. This document must explain how the organization will remediate the identified deficiencies and is a required component of the reporting package.
The auditee and auditor must also jointly complete the Data Collection Form (Form SF-SAC). This form summarizes key information from the audit, including auditee details, a list of federal programs and expenditures, and a summary of the audit findings. The information from the SF-SAC is used to populate a public-facing federal database.
The final step is the electronic submission of the entire reporting package, including Form SF-SAC, to the Federal Audit Clearinghouse (FAC). This submission must be made within 30 calendar days of the auditee receiving the auditor’s final report, or nine months after the end of the organization’s fiscal year, whichever comes first. Timely submission is a compliance requirement for the auditee.