The Coronavirus Aid, Relief, and Economic Security Act (the “CARES Act”) and related federal programs provided vital funding to organizations across the U.S. – including not-for-profit, governmental, and for-profit entities. If total federal award expenditures related to certain programs exceeded $750,000 for an individual fiscal year, your entity will be required to have a single audit in accordance with 45 CFR 75.

While specific guidance regarding compliance testing of COVID-19 related funding is expected to be provided in an addendum to the Office of Management and Budget (OMB) 2020 Compliance Supplement this fall, there are steps an entity can be taking now to prepare for its single audit.

1. Gather all federal grant information.

Accumulate and summarize all federal awards received and expended during the fiscal year under audit. Information should include U.S federal grantor/program title, Catalog of Federal Domestic Assistance (CFDA) number, pass-through entity name and grantor number (if applicable), total receipts awarded and expenditures of such awards made during the fiscal year. This information will aid in preparing the entity’s Schedule of Expenditures of Federal Awards (SEFA) that will be included in the entity’s financial statements as required supplementary information.

2. Gain an understanding of applicable compliance requirements

In the audit, auditors are required to test compliance over federal awards that the auditor determines to be major programs. The OMB’s 2020 Compliance Supplement will determine which compliance requirements auditors must consider for testing each major program. Testing requirements for the COVID-19 related funding have not been published but are expected to be addressed in the addendum to the 2020 Compliance Supplement, which is projected to be released this fall. Entities must comply with all audit requirements and will need to ensure they understand the specific requirements applicable to each federal award received. These compliance requirements can include allowability of costs, eligibility, the period of performance, and other reporting requirements, among others. Understanding the terms of the grant will help ensure your entity maintains compliance with federal grants and avoids potential audit findings.

3. Develop and review policies and procedures for internal controls in place over federal funds received.

In addition to testing compliance, auditors are also required to test internal controls over federal awards for major programs. Entities should have controls in place to monitor expenditures related to federal awards.

Types of controls and processes auditors will be looking for include:

  • a description of the control including the title of person in charge of performing the control
  • how the control is performed and the frequency with which it is performed
  • the documents used in performing the control
  • corrective action taken when errors are identified

Developing written policies using these guidelines can help auditors identify what controls have been implemented and test that they are operating effectively.

When considering internal controls over federal programs, entities may look to Part 6 of the OMB’s annual Compliance Supplement for understanding and developing internal controls over federal award programs. This section of the Compliance Supplement includes a summary of the requirements for non-federal entities receiving federal awards, background discussions on internal control concepts and illustrations of entity-wide internal control over federal awards and internal controls specific to each type of compliance requirement.

4. Consider documentary evidence of internal controls.

When testing operating effectiveness of internal controls, auditors will want to see documentary support over controls (i.e. sign offs indicating review, approved invoices, authorized checks, etc.). Audit procedures can include inspection of documents, inquiries with management, observation of controls in place, and walk troughs, among others. Documenting your processes and having support readily available will substantiate that controls are in place and operating effectively. Inadequate or insufficient controls can result in potential deficiencies, significant deficiencies or material weaknesses that may have repercussions on future audits or funding eligibility.

5. Consult with your audit team

Information regarding COVID-19 related funding and additional audit requirements is ever- changing as more information becomes available. Reach out to a member of your audit team to discuss the scope and nature of your audit.

LBMC provides Single Audit and compliance audit services to both not-for-profit and for-profit organizations. As a member of the AICPA’s Governmental Audit Quality Center, we understand the complex requirements Single Audit and compliance audits require and utilize our expertise to help our clients stay compliant, manage risk and improve performance.