Single Audit

History

Before implementing the Single Audit, the federal government relied on numerous audits carried out on individual federally funded programs to ensure these funds were spent properly. Because the government had numerous agencies awarding hundreds of different programs, the task of auditing all programs became increasingly difficult and time consuming. To improve this situation, the Single Audit Act of 1984 standardized audit requirements for States, local governments, and Indian tribal governments that receive and use federal financial assistance programs.

In 1985, the United States Office of Management and Budget (OMB) issued OMB Circular A-128, “Audits of State and Local Governments,” to help recipients and auditors implement the new Single Audit. In 1990, OMB administratively extended the Single Audit process to non-profit organizations by issuing OMB Circular A-133, “Audits of Institutions of Higher Education and Other Non-Profit Organizations” which superseded OMB A-128. These new guides and provisions standardized the Single Audit in the United States to include all states, local governments, non-profit organizations, and institutions that receive federal funds from the US government. On December 26, 2013, OMB issued the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, which standardized compliance and audit requirements for government entities, non-profit organizations and institutions of higher education.

Purpose and components

The federal government provides an extensive array of federal assistance to recipients reaching over $400 billion annually. This assistance is provided through thousands of individual grants and awards annually for the purpose of benefiting the general public in the areas of education, health, public safety, welfare, and public works, among others. However, as a condition of receiving this assistance recipients must comply with applicable federal and state laws and regulations, as well as any particular provisions tied with the specific assistance. The Single Audit provides the Federal government with assurance that these recipients comply with such directives by having an independent external source (the CPA) report on such compliance. However, it only applies to state, local government, and nonprofit recipients that expend $750,000 or more of such assistance in one year.[1][2]

A Single Audit encompasses an examination of a recipient’s financial records, financial statements, federal award transactions and expenditures, the general management of its operations, internal control systems, and federal assistance it received during the audit period (the time period of recipient operations examined in the Single Audit, which is usually covers a natural or fiscal year). The Single Audit is divided into two areas: Compliance and Financial.

The compliance component of a Single Audit covers the study and understanding (planning stage) as well as the testing and evaluation (exam stage) of the recipient with respect to federal assistance usage, operations and compliance with laws and regulations. The financial component is exactly like a financial audit of a non-federal entity which includes the audit of the financial statements and accompanying notes. Depending on the recipient, the Single Audit can be simple and straightforward, or it could be complex and troublesome. This is because there are millions of federal grants awarded each year to thousands of recipients, each with its own independent way of operating. Therefore, the Single Audit differs from recipient to recipient and from federal program to program.

For these reasons, the federal government requires auditors to perform the compliance audit of a recipient with a planning stage and an exam stage. During the first stage, or planning stage, the auditor must study the recipient, determine whether there is a high or low risk that the recipient does not comply with laws and regulations, identify federal programs, and evaluate such programs. The second stage, or exam or audit stage, is where the auditor actually audits the federal assistance and programs. The planning stage is considered an integral part of the Single Audit because it allows the auditor to design and perform the audit based on the qualities, characteristics and needs of the recipient to be audited.

Low- or high-risk auditee

Before determining which federal programs to examine, the auditor must first study the recipient itself. This evaluation requires the auditor to interview employees, observe operations, obtain third-party references, and read the recipient’s prior audit reports, among other procedures. This helps the auditor understand the recipient and determine whether it is likely that it does or doesn’t comply with federal laws and regulations. This is performed because the recipient’s operations, procedures, and work ethic directly affects the compliance of individual federal programs with laws and regulations.

The evaluation concludes with the auditor determining, based on the evaluation, whether the recipient is a high-risk auditee or a low-risk auditee. A high-risk auditee is a recipient which has a high risk of not complying with federal laws and regulations, while a low-risk auditee is the exact opposite. For example, an auditor may judge a recipient to be a high-risk auditee because the audit reports of the past few years have numerous audit findings (e.g. specific situations of non-compliance with laws and regulations, serious deficiencies in internal controls and/or acts of fraud), or because the auditor receives news from various sources that the recipient is engaged in illegal activities, such as money laundering. On the other hand, the auditor may determine that a recipient is low-risk because its management personnel have a good work ethic, the auditor has received good references from external sources, or because the recipient has never received any audit findings. However, the OMB Circular A-133 has set certain requirements a recipient must meet to be considered a low-risk recipient. This includes the following:

Single audits have been performed on an annual basis in prior years.

The auditor's opinions on the financial statements and the Schedule of Federal Expenditures (discussed later) were unqualified (financial statements are reasonably correct).

There are no material weaknesses identified in prior year audits.

None of the Federal programs previously audited had audit findings in the last two years.

The OMB Circular A-133 uses the high and low risk determination to regulate the amount of auditing to be performed. Although the actual work necessary for a Single Audit is established by the auditor, the OMB has set a limit for auditing high-risk and low-risk recipients. For high-risk recipients, the auditor is required to audit not less than 40% of all the federal assistance received during the year. For low-risk recipients, that limit is decreased to 20%.

This determination affects the entire Single Audit because the auditor adjusts the examination accordingly. Since the auditor must provide an opinion to the federal government on whether the recipient and its programs complied with laws and regulations, the auditor performs sufficient tests and audit procedures (also known as audit work) to confirm the opinion is correct. Normally, the auditor greatly increases the amount of auditing for high-risk auditees, to ensure their opinion is correct. For low-risk auditees, the auditor is not as rigorous; but still recognizes that a low-risk recipient may still have compliance issues. Conversely, a high-risk determination doesn't mean the recipient is non-compliant, just that they're more likely to be.

Identification of federal assistance programs

To determine which federal programs to audit under the compliance audit, federal assistance expended by the recipient (also called federal expenditures) during one year is identified by federal program name, Federal agency and CFDA number. These federal expenditures are then combined to determine the total amount expended during the year. Any recipient whose total federal expenditures during a year equal or exceed $500,000 requires a Single Audit [3][4]. If the recipient does not meet this threshold, a Single Audit is not required, although the recipient may elect to have a program-specific audit (an audit of a single federal program, without auditing the entire entity). Once this determination is performed, OMB Circular A-133 requires that federal programs be categorized in two groups: Type A programs and Type B programs.

Type A program – a Type A program is any federal program within a recipient which expends either: (1) $300,000 or more of federal assistance for recipients with $10 million or less of expended federal assistance during the audit period, or (2) 3% of the total federal assistance expended during the year for those who exceed $10 million, whichever is greater. In other words, if a recipient expended a total of $10 million or less in federal assistance, then any single program which expended $300,000 or more is considered a Type A. If a recipient expended more than $10 million in federal assistance, then any single program which expended 3% of that amount is considered a Type A program.

Type B program – A Type B program is any single program which does not meet the Type A requirements.

Example 1 – The City of Example operates a Section 8 program, and expended $450,000 in Section 8 funds and $5,000,000 of total federal assistance during the year. Since this amount does not exceed $10,000,000, the Section 8 program is considered a Type A program because $450,000 exceeds the $300,000 threshold. Example 2 – Using the same data in Example 1 with the exception that the City of Example now expended a total of $15,000,000 in federal assistance, the Section 8 program would meet the Type A threshold because $450,000 is equal to $15,000,000 x 3% ($450,000). Example 3 – Using the same data in Example 1 with the exception that the City of Example now expended a total of $20,000,000 in federal assistance, the Section 8 program would not meet the Type A threshold because $450,000 is less than $20,000,000 x 3% ($600,000), and would be considered a Type B program.

Risk assessment

After determining which programs are Type A and Type B, the OMB Circular A-133 requires that the auditor study and understand the operations and internal controls of such programs within the entity, and perform and document a risk assessment based on such study to determine whether each program has either a high or low risk of not complying with laws and regulations. Auditor may consider numerous factors including current and prior audit experience, good or poor internal controls over Federal programs, many or no prior audit findings, continuous or lack of oversight exercised by the federal government over the recipient, evidence or knowledge of fraud, and the inherent risk of the Federal program.

For any Type A program which are considered to be a high risk of not complying, the OMB Circular A-133 requires that the auditor to perform a compliance audit on that program. For a Type A program that is considered to be of low risk, then the auditor is not required to perform a compliance audit, although the OMB Circular A-133 allows the auditor to do so if he/she chooses to. Although the risk assessment is performed by the auditor based on his/her judgment, the OMB Circular A-133 does have two requirements for a program to be considered low risk. First, the program must have been audited at least once in the last two years, and second, the program must have no audit findings when it was last audited. If the program does not comply with either of these two requirements, it is automatically considered as high risk.

For the smaller Type B programs which have been identified as high-risk, the auditor has two options: either audit half of all high-risk Type B programs, or audit one Type B high-risk program for every low-risk Type A program. Type B programs which have a low risk of not complying are not required to be audited.

Compliance audit: exam stage

After the auditor determines which federal programs to audit, the auditor performs a compliance audit that scrutinizes operations of the program—examining files, documents, contracts, checks, etc. The auditor investigates, to some degree, transactions between the federal program and other parties. These functions are compared with the laws and regulations applicable to a program to see if they complied or not. The examination does not require observing every single document and every single process generated by the program, nevertheless the auditor is required to perform enough procedures to form an opinion on whether the program (as a whole) complied with laws and regulations.

Due to the amount of federal regulations, the federal government has provided certain guides and literature to assist the auditor in the examination, which includes the OMB Circular A-133 Compliance Supplement and the Compliance requirements:

OMB Circular A-133 compliance supplement

The OMB Circular A-133: Compliance Supplement is a large and extensive guide created by the OMB for Single Audits, and is considered the most important tool of both the auditor and the recipient when performing, or being subject to, a Single Audit. It was created following amendments in 1996 to the Single Audit Act and serves to identify existing important compliance requirements that the Federal Government expects to be considered as part of a Single Audit. Without it, auditors would need to research thousands of laws and regulations for each single program of a recipient to determine which compliance requirements are important to the Federal Government. For Single Audits, the Supplement replaces any agency audit guides and other audit requirement documents for individual Federal programs.

Compliance requirements

Compliance requirements are series of directives provided by Federal agencies that summarize hundreds of laws and regulations applicable to federal assistance and are important to the successful management of such assistance. The OMB created 14 basic and standard compliance requirements for which recipients must always comply with when receiving and using federal assistance, and provided detailed explanations, discussions, and guidance about them in the OMB Circular A-133 Compliance Supplement. These compliance requirements only serve as guidelines for compliance with the specific laws and regulations applicable to the assistance and their objectives are designed to be generic in nature, because of the amount of different federal programs provided by the government. For example, many federal programs have eligibility requirements for individuals or organizations to participate in such programs because they have been established by either laws, regulations, or contract provisions. However, while the criterion for determining eligibility varies from program to program, the objective of the Eligibility compliance requirement that "only eligible and qualified individuals or organizations participate" is consistent and universal across all federal assistance programs. This eligibility universal criteria is called the Eligibility compliance requirement.

Financial audit

The Single Audit requires that a recipient prepare financial statements specifically for the single audit. It also requires that a financial audit be performed on the recipient, which includes the federal assistance operations as well as the non-federal assistance operations. Tests of transactions and account balances are performed to ensure that the information presented in the financial statements, and notes thereof, are reasonably correct. Additionally, the recipient must prepare a Schedule of Federal Expenditures, which is a supplementary financial statement unique to recipients of federal assistance that details all the federal assistance expended by the recipient during the year, categorized by federal program. The auditor must then audit and report on this Schedule as if it were part of the standard financial statements.

Data Collection and Reporting Package

After the Single Audit is concluded, the recipient prepares two documents: a “Data Collection Form and a “Reporting Package”. The data collection form, Form SF-SAC, is a standard form which is basically a summary of the Single Audit. It includes details of the auditor, a list of the federal programs audited, and a summary of any audit findings reported by the auditor. The Form SF-SAC is available at http://harvester.census.gov/fac/. The Reporting Package includes all the auditor’s final reports along with the recipient’s financial statements. It includes:

Auditor’s reports

Management Discussion and Analysis (MD&A) – This serves as an introduction to the recipient’s financial statements where the recipient’s management (e.g., Governors, in the case of states; Mayors, in the case of cities; President, in the case of non-profit organizations, etc.) discusses the results of operations and other financial information, offering insight and detailed description about the recipient itself.

Recipient’s financial statements – This contains the financial statements required by the Governmental Accounting Standards Board (GASB), which includes the Government-wide statements as well as the Fund Financial Statements.

Recipient’s notes to the financial statements – This includes any notes and disclosures for the financial statements as required by US Generally Accepted Accounting Principles (GAAP).

Supplemental Information – This section includes both financial and non-financial information relative to the recipient which is not covered in the MD&A or the financial statements and their respective notes.

Schedule of Federal Award Expenditures – This document details all federal assistance expenditures made by the recipient during the audit period, categorized by the federal program and federal agency.

Schedule of Findings and Questioned Costs – If the auditor finds situations where the recipient did not comply with laws and regulations, where internal controls are deficient, or a situation of illegal acts or fraud, the auditor is required to report such situations to the federal government in this section, as well as any questioned costs. Questioned costs are amounts that the recipient expended, but which the auditor has determined that they were not permitted and must be returned to the federal government.

Schedule of Prior Audit Findings – In this section, the auditor is required to follow up and report about the recipient’s corrective action on any audit findings reported in prior years.

Both the Data Collection and the Reporting Package are kept by the recipient with copies submitted to the Federal Audit Clearinghouse (FAC), and to any Federal agency who specifically requests it. Federal guidelines require recipients to submit the documents no more than 30 days after the auditor submits his reports or 9 months after the final day of the audit period, whichever comes first.

Auditor responsibility

The auditor is responsible for conducting the actual audit of the recipient in accordance with Generally Accepted Government Auditing Standards (GAGAS) and using the guidance provided by the OMB Circular A-133 and its Compliance Supplement, all of which establish certain rules to follow during the Single Audit. The auditor must establish audit objectives that determine whether the recipient complied with laws and regulations. They must research the recipient’s federal assistance awards and programs to determine applicability of specific laws and regulations. They must understand the recipient, its organization, operations, internal control systems, and ability to responsibly manage federal assistance. They must perform audit procedures (some of which are suggested by the Compliance Supplement) to meet these audit objectives.

The auditor must understand the recipient’s internal control system to determine if the recipient has proper safeguards that help manage federal assistance responsibly. After obtaining sufficient knowledge of that system, the auditor must perform audit procedures to verify the recipient’s internal control system works properly, and the recipient’s federal program operations comply with laws and regulations (e.g., the compliance audit portion of the Single Audit).

As part of the Single Audit, the auditor must prepare and submit three individual reports to the recipient and to the federal government. The first report is an opinion, or a disclaimer thereof, on whether the recipient’s financial statements are presented in conformity with US Generally Accepted Accounting Principles, identical to a financial audit’s report on a non-recipient entity. The second report is about the status of internal controls relative to the financial statements and major programs. The third report is an opinion, or a disclaimer thereof, on the degree to which the recipient has complied with laws, regulations, and the terms and conditions of the federal assistance awards. Following the last two reports, if the Single Audit produced audit findings, the auditor must prepare the Schedule of Findings and Questioned Costs discussed earlier.

The auditor’s judgment is necessary to determine which audit procedures are sufficient to achieve the audit objectives, and whether additional or alternative audit procedures are needed to achieve such objectives. The auditor is responsible for determining the nature, timing, and extent of the audit procedures necessary to meet the audit objectives (i.e., it is the auditor who determines the necessary amount of his/her audit work needed to form an opinion on whether the recipient complied with laws and regulations).