Are you expecting an audit? If the answer is ‘yes,’ then perhaps you’re experiencing a queasy feeling deep in your gut as you come to the end of your first year of grant spending. Or maybe you’re a seasoned grant professional nervous about how things have changed with the new grant regulations in 2 CFR Part 200 (aka the Uniform Guidance) and wondering how the death of the A-133 audit guidance will affect you. No matter the reason, your impending audit may have you feeling anxious, and you’re probably wondering “What should I expect when an auditor arrives?”
First, take a deep breath and don’t panic. This is the first blog in a three-part series that will walk you through the basics of preparing for your first Single Audit with a step-by-step approach to help you confidently prepare for success.
Changes to the Single Audit requirements:
For many years, the audit requirements for federal grant recipients lived in Circular A-133, which came about in the late 1990s. Without any major updates since the days of Baywatch, the Fresh Prince of Bel Air, and the original Pokémon (not the new Pokémon Go version), the Office of Management and Budget (OMB) swung into action to bring the audit guidance into the new century.
In December of 2013, the new grant regulations contained in the Uniform Guidance moved the audit requirements to Subpart F of 2 CFR Part 200 as a replacement to the old A-133 requirements. The effective date to implement the new rules was December 26, 2014. There was just one little problem: the new regulations were woefully short on details about how to actually perform an audit.
In response, the OMB issued follow-on guidance in the form of Compliance Supplements in 2015 and 2016. The Compliance Supplements, which are also contained in Appendix XI of 2 CFR Part 200, identify and expand on critical compliance areas for consideration by auditors and grant recipients in planning for Single Audits related to federal funding.
Audit Threshold Changes
One of the changes in the new guidance was to increase the threshold for who is required to get a Single Audit, which directly affected smaller nonprofits, local governments, and institutions of higher education. In the past, any grant recipient with at least $500,000 in expenditures had to comply with the Single Audit requirements. As part of the change to the new Uniform Guidance, threshold requirements were increased to $750,000 in expenditures. This higher limit was enacted to decrease the administrative burden on over 5,000 smaller organizations while still capturing over 99% of federal expenditures in the Single Audit process.
Wondering when these changes take place?
Effective Date for Compliance
The new audit guidance draws on the rules for managing federal grants contained within the sections on Administrative Requirements and Cost Principles in 2 CFR Part 200. Under these new standards, your first audit will be after the end of the first fiscal year following December 26, 2014. Here are a couple of examples:
Example 1: If your organization has a January 1-December 31 fiscal year, the first full fiscal year would end December 31, 2015. The auditors arriving in the first months of 2016 would audit your organization for the year that ended December 31, 2015.
Example 2: If your organization has a July 1-June 30 fiscal year, the first full fiscal year would end June 30, 2016. The auditors arriving in the latter half of 2016 would audit your organization for the year that ended June 30, 2016.
The main focus areas of the Single Audit:
Focus Area: Internal Controls
This part of the audit looks at the internal control environment and compliance with best practices for non-federal entities. This area dramatically changed for grant recipients thanks to 2 CFR Part 200. In Sub-section 200.303, each non-federal entity is required to establish and maintain effective internal controls over the federal award. So internal controls are not just for auditors and finance people anymore.
Best Practices for Internal Controls
The control system should be communicated widely and involve multiple departments of the organization such that there is reasonable assurance that the federal award is managed in compliance with federal statutes, regulations, and, let’s not forget, the specific award terms and conditions.
There are two main resources that discuss the best practices for internal controls:
- Standards for Internal Control in the Federal Government issued by the Comptroller General of the United States (Green Book)
- Internal Control Integrated Framework (revised in 2013), issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
Both provide extensive guidance for auditors and others about a well-functioning internal control system.
While these are considered “best practices,” the federal guidance recognizes that they are not the only game in town. As long as your organization has internal controls that provide the level of reasonable assurance the required by Sub-section 200.303 you can use your own system. Note that having NO internal control system in place is considered a deficiency and could dramatically restrict or prevent you from getting federal awards in the future.
Focus Area: Compliance with Laws and Regulations
Compliance with laws and regulations is where the audit shifts from the strictly financial and control focus into the programmatic requirements. This is one of the areas that separates the Single Audit from the traditional financial audit. In this area, the auditors focus on how well the programs are complying with applicable laws, regulations, and federal award terms and conditions. At this point, everything about your grant management process and program results is open for review.
Compliance with the new regulations is a HUGE area of risk for grant recipients. Have you communicated the new requirements throughout your organization? Have you reviewed your terms and condition to ensure you understand what special provisions may be required? And, if you are a pass-through entity, have you documented your assessment of risk for your sub-recipients as part of the new requirements?
You should expect discussions with auditors and both direct and indirect personnel about a wide range of topics from suspension and debarment compliance documentation to procurement procedures. For organizations new to this part of the audit process, it can be a nerve-racking experience. Even for seasoned nonprofits and other non-federal entities the changes to grant management with the new Uniform Guidance can leave you guessing what the main focus areas of this part of the audit will be. Investing time before the audit to assess your readiness for this part of the Single Audit will pay huge rewards in ensuring a smooth audit.