This article needs to be updated. In particular: Uniform Guidance in 2 CFR 200 Subpart F has superseded OMB Circular A-133.(February 2018)
In the United States, the Single Audit, also known as the OMB Uniform Guidance, is a rigorous, organization-wide audit or examination of an entity that expends $750,000 or more of Federal assistance (commonly known as Federal funds, Federal grants, or Federal awards) received for its operations. Usually performed annually, the Single Audit’s objective is to provide assurance to the US federal government as to the management and use of such funds by recipients such as states, cities, universities, non-profit organizations, and Indian Tribes. The audit is typically performed by an independent certified public accountant (CPA) and encompasses both financial and compliance components. The Single Audits must be submitted to the Federal Audit Clearinghouse along with a data collection form, Form SF-SAC.
- 1 History
- 2 Purpose and components
- 3 Compliance audit: planning stage
- 4 Compliance audit: exam stage
- 5 Financial audit
- 6 Data Collection and Reporting Package
- 7 Auditor responsibility
- 8 See also
- 9 Notes
- 10 References
- 11 External links
Before implementing the Single Audit, the federal government relied on numerous audits carried out on individual federally funded programs to ensure these funds were spent properly. Because the government had numerous agencies awarding hundreds of different programs, the task of auditing all programs became increasingly difficult and time consuming. To improve this situation, the Single Audit Act of 1984 standardized audit requirements for States, local governments, and Indian tribal governments that receive and use federal financial assistance programs.
In 1985, the United States Office of Management and Budget (OMB) issued OMB Circular A-128, “Audits of State and Local Governments,” to help recipients and auditors implement the new Single Audit. In 1990, OMB administratively extended the Single Audit process to non-profit organizations by issuing OMB Circular A-133, “Audits of Institutions of Higher Education and Other Non-Profit Organizations” which superseded OMB A-128. These new guides and provisions standardized the Single Audit in the United States to include all states, local governments, non-profit organizations, and institutions that receive federal funds from the US government. On December 26, 2013, OMB issued the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, which standardized compliance and audit requirements for government entities, non-profit organizations and institutions of higher education.
Purpose and components
The federal government provides an extensive array of federal assistance to recipients reaching over $400 billion annually. This assistance is provided through thousands of individual grants and awards annually for the purpose of benefiting the general public in the areas of education, health, public safety, welfare, and public works, among others. However, as a condition of receiving this assistance recipients must comply with applicable federal and state laws and regulations, as well as any particular provisions tied with the specific assistance. The Single Audit provides the Federal government with assurance that these recipients comply with such directives by having an independent external source (the CPA) report on such compliance. However, it only applies to state, local government, and nonprofit recipients that expend $750,000 or more of such assistance in one year.
A Single Audit encompasses an examination of a recipient’s financial records, financial statements, federal award transactions and expenditures, the general management of its operations, internal control systems, and federal assistance it received during the audit period (the time period of recipient operations examined in the Single Audit, which is usually covers a natural or fiscal year). The Single Audit is divided into two areas: Compliance and Financial.
The compliance component of a Single Audit covers the study and understanding (planning stage) as well as the testing and evaluation (exam stage) of the recipient with respect to federal assistance usage, operations and compliance with laws and regulations. The financial component is exactly like a financial audit of a non-federal entity which includes the audit of the financial statements and accompanying notes. Depending on the recipient, the Single Audit can be simple and straightforward, or it could be complex and troublesome. This is because there are millions of federal grants awarded each year to thousands of recipients, each with its own independent way of operating. Therefore, the Single Audit differs from recipient to recipient and from federal program to program.
For these reasons, the federal government requires auditors to perform the compliance audit of a recipient with a planning stage and an exam stage. During the first stage, or planning stage, the auditor must study the recipient, determine whether there is a high or low risk that the recipient does not comply with laws and regulations, identify federal programs, and evaluate such programs. The second stage, or exam or audit stage, is where the auditor actually audits the federal assistance and programs. The planning stage is considered an integral part of the Single Audit because it allows the auditor to design and perform the audit based on the qualities, characteristics and needs of the recipient to be audited.
Compliance audit: planning stage
Low- or high-risk auditee
Before determining which federal programs to examine, the auditor must first study the recipient itself. This evaluation requires the auditor to interview employees, observe operations, obtain third-party references, and read the recipient’s prior audit reports, among other procedures. This helps the auditor understand the recipient and determine whether it is likely that it does or doesn’t comply with federal laws and regulations. This is performed because the recipient’s operations, procedures, and work ethic directly affects the compliance of individual federal programs with laws and regulations.
The evaluation concludes with the auditor determining, based on the evaluation, whether the recipient is a high-risk auditee or a low-risk auditee. A high-risk auditee is a recipient which has a high risk of not complying with federal laws and regulations, while a low-risk auditee is the exact opposite. For example, an auditor may judge a recipient to be a high-risk auditee because the audit reports of the past few years have numerous audit findings (e.g. specific situations of non-compliance with laws and regulations, serious deficiencies in internal controls and/or acts of fraud), or because the auditor receives news from various sources that the recipient is engaged in illegal activities, such as money laundering. On the other hand, the auditor may determine that a recipient is low-risk because its management personnel have a good work ethic, the auditor has received good references from external sources, or because the recipient has never received any audit findings. However, the OMB Circular A-133 has set certain requirements a recipient must meet to be considered a low-risk recipient. This includes the following:
- Single audits have been performed on an annual basis in prior years.
- The auditor's opinions on the financial statements and the Schedule of Federal Expenditures (discussed later) were unqualified (financial statements are reasonably correct).
- There are no material weaknesses identified in prior year audits.
- None of the Federal programs previously audited had audit findings in the last two years.
The OMB Circular A-133 uses the high and low risk determination to regulate the amount of auditing to be performed. Although the actual work necessary for a Single Audit is established by the auditor, the OMB has set a limit for auditing high-risk and low-risk recipients. For high-risk recipients, the auditor is required to audit not less than 40% of all the federal assistance received during the year. For low-risk recipients, that limit is decreased to 20%.
This determination affects the entire Single Audit because the auditor adjusts the examination accordingly. Since the auditor must provide an opinion to the federal government on whether the recipient and its programs complied with laws and regulations, the auditor performs sufficient tests and audit procedures (also known as audit work) to confirm the opinion is correct. Normally, the auditor greatly increases the amount of auditing for high-risk auditees, to ensure their opinion is correct. For low-risk auditees, the auditor is not as rigorous; but still recognizes that a low-risk recipient may still have compliance issues. Conversely, a high-risk determination doesn't mean the recipient is non-compliant, just that they're more likely to be.
Identification of major programs
Step 1: Type A or Type B
To determine which federal programs to audit under the compliance audit, federal assistance expended by the recipient (also called federal expenditures) during one year is identified by federal program name, Federal agency and CFDA number. These federal expenditures are then combined to determine the total amount expended during the year. Any recipient whose total federal expenditures during a year equal or exceed $750,000 requires a Single Audit . If the recipient does not meet this threshold, a Single Audit is not required, although the recipient may elect to have a program-specific audit (an audit of a single federal program, without auditing the entire entity). Once this determination is performed, 2 CFR 200.518 requires that federal programs be categorized in two groups: Type A programs and Type B programs.
- Type A program – a Type A program is any federal program within a recipient that meets the following criteria:
- If total federal awards expended during the audit period are greater than or equal to $750,000 and less than or equal to $25 million, then any program that expends more than $750,000 is Type A.
- If total federal awards expended during the audit period are greater than $25 million and less than or equal to $100 million, then any program that expends more than 3% of total federal awards is Type A.
- If total federal awards expended during the audit period are greater than $100 million and less than or equal to $1 billion, then any program that expends more than $3 million is Type A.
- If total federal awards expended during the audit period are greater than $1 billion and less than or equal to $10 billion, then any program that expends more than 0.3% of total federal awards is Type A.
- If total federal awards expended during the audit period are greater than $10 billion and less than or equal to $20 billion, then any program that expends more than $30 million is Type A.
- If total federal awards expended during the audit period are greater than $20 billion, then any program that expends more than 0.15% of total federal awards is Type A.
In other words, if a recipient expended a total of $25 million or less in federal assistance, then any single program which expended $750,000 or more is considered a Type A. If a recipient expended $30 million in federal assistance, then any single program which expended $900,000 or more (3% × $30,000,000) is considered a Type A program.
- Type B program – A Type B program is any single program which does not meet the Type A requirements.
Example 1 – The City of Example operates a Section 8 program, and expended $950,000 in Section 8 funds and $5,000,000 of total federal assistance during the year. Since this amount does not exceed $25,000,000, the Section 8 program is considered a Type A program because $950,000 exceeds the $750,000 threshold.
Example 2 – Using the same data in Example 1 with the exception that the City of Example now expended a total of $30,000,000 in federal assistance, the Section 8 program would meet the Type A threshold because $950,000 is greater than $30,000,000 x 3% ($900,000).
Example 3 – Using the same data in Example 1 with the exception that the City of Example now expended a total of $100,000,000 in federal assistance, the Section 8 program would not meet the Type A threshold because $950,000 is less than $3 million, and would be considered a Type B program.
Step 2 & 3: Risk assessment
After determining which programs are Type A and Type B, the OMB Circular A-133 requires that the auditor study and understand the operations and internal controls of such programs within the entity, and perform and document a risk assessment based on such study to determine whether each program has either a high or low risk of not complying with laws and regulations. Auditor may consider numerous factors including current and prior audit experience, good or poor internal controls over Federal programs, many or no prior audit findings, continuous or lack of oversight exercised by the federal government over the recipient, evidence or knowledge of fraud, and the inherent risk of the Federal program.
For a Type A program to be considered low risk according to 2 CFR 200.518, it must have been audited as a major program at least once in the past two years and must not have had:
- Material weaknesses in internal control
- A modified opinion in the audit report
- Known or likely questioned costs exceeding 5% of total federal award expenditures
For any Type A program considered to be a high risk of not complying, the OMB Circular A-133 requires that the auditor to perform a compliance audit on that program. For a Type A program that is considered to be of low risk, then the auditor is not required to perform a compliance audit, although the OMB Circular A-133 allows the auditor to do so if he/she chooses to. Although the risk assessment is performed by the auditor based on his/her judgment, the OMB Circular A-133 does have two requirements for a program to be considered low risk.
In assessing the risk of Type B programs, auditors should use professional judgement and criteria established in the Uniform Guidance. According to 2 CFR 200.518, a minimum number of Type B programs must be identified as high risk, calculated as 25% of the number of low-risk Type A programs (rounded up). In assessing risk, auditors are encouraged to use an approach that allows different programs to be identified as high risk over time. The auditor is not expected to perform risk assessments on smaller Type B programs with expenditures that do not exceed 25% of the Type A threshold determined in step 1. Type B programs which have a low risk of not complying are not required to be audited.
Step 4: Major program determination & percentage of coverage
High-risk Type A and high-risk Type B programs are considered major programs and must be audited. The auditor then totals all of the federal award expenditures for the identified major programs and divides by the total federal award expenditures for the entity as a whole. For low-risk auditees, major program expenditures as a percentage of total award expenditures must be at least 20%. For high-risk auditees, the required coverage percentage is increased to 40%. If the identified major programs do not meet the required coverage percentage, then the auditor must select additional programs to audit until the required coverage percentage is met.
Compliance audit: exam stage
After the auditor determines which federal programs to audit, the auditor performs a compliance audit that scrutinizes operations of the program—examining files, documents, contracts, checks, etc. The auditor investigates, to some degree, transactions between the federal program and other parties. These functions are compared with the laws and regulations applicable to a program to see if they complied or not. The examination does not require observing every single document and every single process generated by the program, nevertheless the auditor is required to perform enough procedures to form an opinion on whether the program (as a whole) complied with laws and regulations.
Due to the amount of federal regulations, the federal government has provided certain guides and literature to assist the auditor in the examination, which includes the OMB Circular A-133 Compliance Supplement and the Compliance requirements:
OMB Circular A-133 compliance supplement
The OMB Circular A-133: Compliance Supplement is a large and extensive guide created by the OMB for Single Audits, and is considered the most important tool of both the auditor and the recipient when performing, or being subject to, a Single Audit. It was created following amendments in 1996 to the Single Audit Act and serves to identify existing important compliance requirements that the Federal Government expects to be considered as part of a Single Audit. Without it, auditors would need to research thousands of laws and regulations for each single program of a recipient to determine which compliance requirements are important to the Federal Government. For Single Audits, the Supplement replaces any agency audit guides and other audit requirement documents for individual Federal programs.
Compliance requirements are series of directives provided by Federal agencies that summarize hundreds of laws and regulations applicable to federal assistance and are important to the successful management of such assistance. The OMB created 14 basic and standard compliance requirements for which recipients must always comply with when receiving and using federal assistance, and provided detailed explanations, discussions, and guidance about them in the OMB Circular A-133 Compliance Supplement. These compliance requirements only serve as guidelines for compliance with the specific laws and regulations applicable to the assistance and their objectives are designed to be generic in nature, because of the amount of different federal programs provided by the government. For example, many federal programs have eligibility requirements for individuals or organizations to participate in such programs because they have been established by either laws, regulations, or contract provisions. However, while the criterion for determining eligibility varies from program to program, the objective of the Eligibility compliance requirement that "only eligible and qualified individuals or organizations participate" is consistent and universal across all federal assistance programs. This eligibility universal criteria is called the Eligibility compliance requirement.
The Single Audit requires that a recipient prepare financial statements specifically for the single audit. It also requires that a financial audit be performed on the recipient, which includes the federal assistance operations as well as the non-federal assistance operations. Tests of transactions and account balances are performed to ensure that the information presented in the financial statements, and notes thereof, are reasonably correct. Additionally, the recipient must prepare a Schedule of Federal Expenditures, which is a supplementary financial statement unique to recipients of federal assistance that details all the federal assistance expended by the recipient during the year, categorized by federal program. The auditor must then audit and report on this Schedule as if it were part of the standard financial statements.
Data Collection and Reporting Package
After the Single Audit is concluded, the recipient prepares two documents: a “Data Collection Form and a “Reporting Package”. The data collection form, Form SF-SAC, is a standard form which is basically a summary of the Single Audit. It includes details of the auditor, a list of the federal programs audited, and a summary of any audit findings reported by the auditor. The Form SF-SAC is available at http://harvester.census.gov/fac/. The Reporting Package includes all the auditor’s final reports along with the recipient’s financial statements. It includes:
- Auditor’s reports
- Management Discussion and Analysis (MD&A) – This serves as an introduction to the recipient’s financial statements where the recipient’s management (e.g., Governors, in the case of states; Mayors, in the case of cities; President, in the case of non-profit organizations, etc.) discusses the results of operations and other financial information, offering insight and detailed description about the recipient itself.
- Recipient’s financial statements – This contains the financial statements required by the Governmental Accounting Standards Board (GASB), which includes the Government-wide statements as well as the Fund Financial Statements.
- Recipient’s notes to the financial statements – This includes any notes and disclosures for the financial statements as required by US Generally Accepted Accounting Principles (GAAP).
- Supplemental Information – This section includes both financial and non-financial information relative to the recipient which is not covered in the MD&A or the financial statements and their respective notes.
- Schedule of Federal Award Expenditures – This document details all federal assistance expenditures made by the recipient during the audit period, categorized by the federal program and federal agency.
- Schedule of Findings and Questioned Costs – If the auditor finds situations where the recipient did not comply with laws and regulations, where internal controls are deficient, or a situation of illegal acts or fraud, the auditor is required to report such situations to the federal government in this section, as well as any questioned costs. Questioned costs are amounts that the recipient expended, but which the auditor has determined that they were not permitted and must be returned to the federal government.
- Schedule of Prior Audit Findings – In this section, the auditor is required to follow up and report about the recipient’s corrective action on any audit findings reported in prior years.
Both the Data Collection and the Reporting Package are kept by the recipient with copies submitted to the Federal Audit Clearinghouse (FAC), and to any Federal agency who specifically requests it. Federal guidelines require recipients to submit the documents no more than 30 days after the auditor submits his reports or 9 months after the final day of the audit period, whichever comes first.
The auditor is responsible for conducting the actual audit of the recipient in accordance with Generally Accepted Government Auditing Standards (GAGAS) and using the guidance provided by the OMB Circular A-133 and its Compliance Supplement, all of which establish certain rules to follow during the Single Audit. The auditor must establish audit objectives that determine whether the recipient complied with laws and regulations. They must research the recipient’s federal assistance awards and programs to determine applicability of specific laws and regulations. They must understand the recipient, its organization, operations, internal control systems, and ability to responsibly manage federal assistance. They must perform audit procedures (some of which are suggested by the Compliance Supplement) to meet these audit objectives.
The auditor must understand the recipient’s internal control system to determine if the recipient has proper safeguards that help manage federal assistance responsibly. After obtaining sufficient knowledge of that system, the auditor must perform audit procedures to verify the recipient’s internal control system works properly, and the recipient’s federal program operations comply with laws and regulations (e.g., the compliance audit portion of the Single Audit).
As part of the Single Audit, the auditor must prepare and submit three individual reports to the recipient and to the federal government. The first report is an opinion, or a disclaimer thereof, on whether the recipient’s financial statements are presented in conformity with US Generally Accepted Accounting Principles, identical to a financial audit’s report on a non-recipient entity. The second report is about the status of internal controls relative to the financial statements and major programs. The third report is an opinion, or a disclaimer thereof, on the degree to which the recipient has complied with laws, regulations, and the terms and conditions of the federal assistance awards. Following the last two reports, if the Single Audit produced audit findings, the auditor must prepare the Schedule of Findings and Questioned Costs discussed earlier.
The auditor’s judgment is necessary to determine which audit procedures are sufficient to achieve the audit objectives, and whether additional or alternative audit procedures are needed to achieve such objectives. The auditor is responsible for determining the nature, timing, and extent of the audit procedures necessary to meet the audit objectives (i.e., it is the auditor who determines the necessary amount of his/her audit work needed to form an opinion on whether the recipient complied with laws and regulations).
- Administration of federal assistance in the United States
- Budget theory
- Code of Federal Regulations
- Comprehensive income
- Crony capitalism
- Federal Accountability Act (Canada)
- Government Accountability Office
- Government Accountability Office investigations of the Department of Defense
- Government-owned corporation
- Permanent fund
- Public company
- Revenue (bottom line vs. "top line")
- Working Group on Financial Markets
- OMB Office of Federal Financial Management, The Single Audit Archived 2009-05-07 at the Wayback Machine.
- OMB Circular A-133; Subpart B – Audits; §___.200 – Audit requirements, Cite error: Invalid
<ref>tag; name "a133_200" defined multiple times with different content (see the help page).
- Understanding Single Audits Archived 2006-09-20 at the Wayback Machine. by Henry Flood, Grantsmanship Center Magazine, Fall 2002, retrieved on June 30, 2006
- OMB Circular A-133; Subpart B – Audits; §___.220 – Frequency of audits
- OMB Circular A-133: Compliance Supplement; Part I: Background, Purpose and Applicability; Background; pg. 1-1, par. 1 through 4 and pg. 1–2, par. 1 through 2
- OMB Circular A-133 Title 1 – Purpose
- OMB Circular A-133: Compliance Supplement; Part I: Background, Purpose and Applicability; Overview of this Supplement; Internal Control; pg. 1–6, par. 5
- OMB Circular A-133; Subpart E – Auditors; §___.500 – Scope of Audit
- OMB Circular A-133; Subpart E – Auditors; §___.530 – Criteria for a low-risk auditee
- OMB Circular A-133; Subpart E – Auditors; §___.520 – Major program determination; section (f) – Percentage of coverage rule
- OMB A-133; Subpart E – Auditors; §___.500 – Scope of audit; section (d)(4) – Compliance
- 2 CFR 200.501
- OMB Circular A-133; Subpart E – Auditors; §___.520 – Major program determination; section (b) – Step 1
- 2 CFR 200.518
- OMB Circular A-133; Subpart E – Auditors; §___.520 – Major program determination; section (b)(2)
- OMB Circular A-133; Subpart E – Auditors; §___.520 – Major program determination; section (c) – Step 2
- OMB Circular A-133; Subpart E – Auditors; §___.520 – Major program determination; section (g) – Documentation of risk
- OMB Circular A-133; Subpart E – Auditors; §___.525 – Criteria for Federal program risk
- OMB Circular A-133; Subpart E – Auditors; §___.520 – Major program determination; section (e) – Step 4
- OMB A-133; Subpart E – Auditors; §___.500 – Scope of audit; section (d) – Compliance
- OMB Circular A-133: Compliance Supplement; Part III: Compliance Requirements
- OMB Circular A-133: Compliance Supplement; Part III: Compliance Requirements, pg. 3-E-1, Eligibility
- OMB A-133; Subpart C – Auditees; §___.310 – Financial Statements; section (a) – Financial statements
- OMB A-133; Subpart E – Auditors; §___.500 – Scope of audit; section (b) – Financial statements
- OMB A-133; Subpart C – Auditees; §___.310 – Financial Statements; section (b) – Schedule of Federal Expenditures
- OMB A-133; Subpart C – Auditees; §___.320 – Report submission; section (c) – Reporting Package Cite error: Invalid
<ref>tag; name "a133_320c" defined multiple times with different content (see the help page).
- OMB A-133; Subpart E – Auditors; §___.505 – Audit reporting
- OMB A-133; Subpart C – Auditees; §___.320 – Report submission
- OMB A-133; Subpart E – Auditors; §___.500 – Scope of audit; section (a) – General
- OMB A-133; Subpart E – Auditors; §___.500 – Scope of audit; section (c) – Internal control
- The Single Audit Act, AICPA
- United States Office of Management and Budget Circular A-133, Audits of States, Local Governments, and Non-Profit Organizations, as revised on June 26, 2007.
- United States Office of Management and Budget OMB Circular A-133: Compliance Supplement
- United States Office of Management and Budget; Office of Federal Financial Management, The Single Audit
- United States Office of Management and Budget Circular A-21, “Cost Principles for Educational Institutions”
- United States Office of Management and Budget Circular A-87, “Cost Principles for State, Local, and Indian Tribal Governments”
- United States Office of Management and Budget Circular A-110, “Uniform Administrative Requirements for Grants and Agreements with Institutions of Higher Education, Hospitals, and Other Non-Profit Organizations”
- United States Office of Management and Budget Circular A-122, “Cost Principles for Non-Profit Organizations”
- United States Office of Management and Budget Circular A-133, “Audits of States, Local Governments, and Non-Profit Organizations”
- United States Office of Management and Budget Circular A-133 Compliance Supplement
- The Single Audit Resource Center;
- Federal Grants Management Handbook, Thompson Publishing Group
- Single Audit Information Service, Thompson Publishing Group
- Warren Ruppel (2003), Miller Not-For-Profit Organization Audits With Single Audits: 2003–2004, Aspen Law & Business, ISBN 0-7355-3741-0
- Rhett D. Harrell (May 4, 2006), Local Government and Single Audits 2006, CCH (Wolters Kluwer), ISBN 0-8080-9023-2
- The Single Audit Act: Audits of States, Local Governments and Non-Profit Organizations; AICPA Audit Committee Toolkit: Non-profit Organizations; American Institute of Certified Public Accountants (AICPA)
- OMB Grants Management Web site
- Catalog of Federal Domestic Assistance website. It includes a list of all non-classified federal programs for which awards are made to recipients.
- Chief Financial Officer's Council (“Single Audit Basics” and “Where to Get Help” is posted here.)
- IGnet's Single Audit Library