What Are the Uniform Guidance Audit Requirements?

Organizations that spend federal funds are subject to a specific set of rules for financial management known as the Uniform Guidance. This government-wide framework, established by the Office of Management and Budget (OMB) and codified at 2 CFR Part 200, aims to streamline the administration of federal awards, reduce administrative burdens, and safeguard federal funds from waste and abuse. Updates to the guidance in 2024 have adjusted certain thresholds and processes.

A key part of the Uniform Guidance is the mandate for certain non-federal entities to undergo a specialized audit of their federal awards. This audit process provides assurance to federal agencies that their funds are being managed in compliance with applicable laws, regulations, and the specific terms of each award. The framework sets clear standards for when an audit is required, what it must cover, and how the results are to be reported.

Determining the Need for an Audit

An organization’s obligation to undergo an audit is triggered by a financial threshold. If a non-federal entity expends $1,000,000 or more in federal awards during its fiscal year, it must arrange for an audit. For this purpose, an “expenditure” includes direct spending of grant funds, the value of non-cash assistance like food commodities, and the outstanding balance of loans at the end of the period. An organization must sum all such expenditures from every federal source to determine if it meets this trigger.

Once an organization determines it has crossed the expenditure threshold, it has two potential audit paths: a program-specific audit or a single audit. A program-specific audit is a limited option available only if all federal award expenditures were made under a single federal program and the award terms do not require a full financial statement audit. If these conditions are not met, the organization must undergo a single audit, which is the default requirement for most entities.

Auditee Responsibilities and Required Information

Before an audit begins, the organization, or auditee, has several responsibilities to fulfill. These duties involve preparing specific financial documents and ensuring internal systems are properly functioning and documented to facilitate an efficient audit process. The auditee’s primary responsibilities include:

• Preparing the organization’s annual financial statements, which must fairly present the entity’s financial position and the results of its operations for the fiscal year in accordance with generally accepted accounting principles.
• Preparing a detailed Schedule of Expenditures of Federal Awards (SEFA). This schedule lists every federal award expended during the year. For each award, the SEFA must identify the federal agency, the Assistance Listings Number, the total amount expended, and if funds were received through a pass-through entity, that entity’s name and award number.
• Establishing and maintaining effective internal controls over its federal programs. These are the internal checks and balances designed to ensure the organization complies with all relevant laws, regulations, and award terms.
• Complying with all applicable federal statutes and award terms and providing the auditor with access to all records, personnel, and documentation necessary to conduct the audit, including grant agreements and financial records.

The Single Audit Process

Once an auditee has prepared the necessary information, the single audit process begins with selecting a qualified auditor. The auditee is responsible for procuring audit services in accordance with the same procurement standards it must follow for other services.

The auditor’s first task is to perform a risk-based assessment to identify the “major programs” that will be subject to detailed testing. Using the Schedule of Expenditures of Federal Awards (SEFA), the auditor evaluates federal programs and assesses their risk to select which ones will be audited as major programs.

With the major programs identified, the auditor proceeds to test the internal controls the auditee has established over those programs. This involves evaluating the design of the controls to determine if they are capable of preventing or detecting noncompliance and then testing their operating effectiveness. The auditor gathers evidence to confirm that these procedures are being followed.

The final step is the testing of compliance for each major program. The auditor must determine whether the auditee has adhered to the specific requirements outlined in the OMB’s Compliance Supplement that are applicable to that program. These requirements cover areas such as whether activities were allowed, if costs were allowable, if eligibility determinations were correct, and if reporting requirements were met.

Finalizing and Submitting the Audit Report

After the auditor completes their fieldwork, the results are compiled into a comprehensive reporting package for submission to the federal government. The complete reporting package includes:

• The organization’s financial statements and the Schedule of Expenditures of Federal Awards (SEFA).
• The auditor’s reports, which provide opinions on the financial statements and the SEFA, as well as reports on internal control and compliance.
• A schedule of findings and questioned costs to detail any instances of noncompliance, internal control weaknesses, or costs questioned as unallowable.
• A summary schedule of prior audit findings, which reports the status of any findings from the previous audit.

If the audit identifies any findings, the auditee is responsible for preparing a formal corrective action plan. This document must explain how the organization will remediate the identified deficiencies and is a required component of the reporting package.

The auditee and auditor must also jointly complete the Data Collection Form (Form SF-SAC). This form summarizes key information from the audit, including auditee details, a list of federal programs and expenditures, and a summary of the audit findings. The information from the SF-SAC is used to populate a public-facing federal database.

The final step is the electronic submission of the entire reporting package, including Form SF-SAC, to the Federal Audit Clearinghouse (FAC). This submission must be made within 30 calendar days of the auditee receiving the auditor’s final report, or nine months after the end of the organization’s fiscal year, whichever comes first. Timely submission is a compliance requirement for the auditee.