What Is a Single Audit Under Uniform Guidance?

A single audit is an organization-wide examination required for entities that expend federal funds. Governed by the Office of Management and Budget’s (OMB) Uniform Guidance, its purpose is to provide assurance to the federal government that an organization manages federal assistance in compliance with applicable laws and regulations.

The single audit framework streamlines the audit process for non-federal entities, such as state and local governments, universities, and nonprofit organizations. Instead of undergoing separate audits for each federal grant, a single audit covers all federal awards. This promotes efficiency and consistency in the oversight of federal funds.

Determining the Need for a Single Audit

An organization must undergo a single audit if it expends $1,000,000 or more in federal awards during its fiscal year. This threshold is effective for fiscal years beginning on or after October 1, 2024, which first applies to audits of fiscal years ending on or after September 30, 2025. This requirement applies to nonprofit organizations, institutions of higher education, and state, local, and tribal governments. The trigger is based on the total expenditures from all federal sources combined.

The term “federal awards” encompasses more than just cash grants. It includes other forms of assistance such as cooperative agreements, loans, loan guarantees, and non-cash assistance like food commodities or property. “Expenditures” refer to the value of the federal awards used during the fiscal year, which may differ from the amount of funds received in that same period.

To determine if they meet the threshold, organizations must track all federal expenditures. This involves maintaining detailed financial records that clearly distinguish federal funds from other revenue sources.

Key Auditee Responsibilities and Preparation

A primary task for the auditee is the preparation of the Schedule of Expenditures of Federal Awards (SEFA). This auditee-prepared schedule provides a listing of all federal awards expended during the fiscal year and acts as a roadmap for the auditors.

The SEFA must include specific information for each federal award. This includes the name of the federal agency providing the funds and the name of the pass-through entity, if applicable. Each program must be identified by its official title and its corresponding Assistance Listing Number (ALN). The schedule must also state the total dollar amount of expenditures for each program.

Auditees must also establish and maintain effective internal controls over their federal programs, including measures for cybersecurity. These controls are designed to provide reasonable assurance that the entity is complying with federal statutes, regulations, and the terms of the federal awards. This involves implementing policies that govern how funds are spent, ensuring activities are allowable, and verifying that all reporting is accurate.

The auditee is also responsible for preparing its financial statements in accordance with generally accepted accounting principles (GAAP) or another comprehensive basis of accounting. These financial statements, along with the SEFA, are foundational documents for the audit.

The Major Program Determination Process

A part of a single audit is the detailed testing of specific federal programs. The auditor uses a risk-based approach mandated by the Uniform Guidance to select which programs will be designated as “major programs” for intensive compliance testing. This process focuses audit resources on the programs with the highest risk of noncompliance.

The process follows four steps. First, the auditor identifies Type A and Type B programs based on their size. Type A programs are larger ones, defined by a dollar threshold that varies based on the auditee’s total federal expenditures. For entities expending between $1 million and $34 million in federal awards, the Type A threshold is $1 million. Programs below this threshold are classified as Type B.

Second, the auditor performs a risk assessment on all Type A programs. A Type A program can be considered low-risk if it was audited as a major program in at least one of the two most recent audit periods without significant findings. Any Type A program not identified as low-risk is automatically selected as a major program.

Third, the auditor assesses the risk of Type B programs. The auditor is not required to assess every Type B program, only those considered to be of higher risk based on factors like program complexity or prior audit findings. High-risk Type B programs are then selected for testing as major programs.

Finally, the auditor must ensure the total expenditures of all major programs selected for testing meet a minimum percentage of the auditee’s total federal expenditures. For most auditees, this coverage requirement is 40% of total federal awards expended. If the auditee is determined to be a low-risk auditee based on prior audit history, this threshold is reduced to 20%.

Understanding the Compliance Requirements

The core of a single audit’s compliance testing revolves around requirements outlined in the OMB Compliance Supplement. This document provides auditors with a framework for testing an auditee’s adherence to federal regulations for the selected major programs. The auditee is responsible for following these rules throughout the year.

• Activities Allowed or Unallowed: Dictates the specific activities that can be funded by a federal award.
• Allowable Costs and Cost Principles: Governs whether a particular cost is permissible and can be charged to a federal grant, including rules about documentation and reasonableness.
• Cash Management: Ensures that recipients minimize the time between drawing down federal funds and disbursing them.
• Eligibility: Focuses on verifying that the individuals or groups receiving services from a federal program are eligible to do so.
• Equipment and Real Property Management: Dictates how property purchased with grant funds must be tracked, used, and disposed of.
• Matching, Level of Effort, and Earmarking: Addresses any obligations for the auditee to contribute its own funds, maintain a certain level of financial effort, or set aside funds for specific purposes.
• Period of Performance: Defines the specific time frame during which grant funds may be used.
• Procurement and Suspension and Debarment: Requires auditees to follow proper purchasing procedures and ensure they do not contract with parties barred from receiving federal funds.
• Program Income: Pertains to the proper handling and use of any income generated from grant-funded activities.
• Reporting: Covers the submission of accurate and timely financial and performance reports to the federal agency.
• Subrecipient Monitoring: Mandates oversight of organizations that receive pass-through funds to ensure they also comply with grant requirements.
• Special Tests and Provisions: Includes any unique compliance requirements specific to a particular federal program not covered by other categories.

The Single Audit Reporting Package

The final step of a single audit is submitting a reporting package to the Federal Audit Clearinghouse (FAC). As of October 1, 2023, the FAC is operated by the General Services Administration (GSA), and all submissions must be made through its system at FAC.gov.

The reporting package includes the organization’s financial statements, the Schedule of Expenditures of Federal Awards (SEFA), and the auditor’s reports. The package must also contain a schedule of findings and questioned costs, which details any instances of noncompliance, internal control deficiencies, or costs questioned by the auditor.

In response to any issues identified, the auditee must prepare a corrective action plan that outlines the steps the organization will take to fix the problems. The package also includes a summary schedule of prior audit findings, which reports on the status of corrective actions taken on findings from previous audits.

The entire reporting package must be submitted to the FAC within a specific timeframe. The deadline is the earlier of 30 calendar days after the auditee receives the auditor’s reports or nine months after the end of the organization’s fiscal year. This submission is done electronically and requires certification from both the auditee and the auditor.