Since the beginning of the coronavirus pandemic, Congress has passed several acts that fund COVID-19 federal awards. Among them are the Coronavirus Aid, Relief, and Economic Security Act (CARES Act); the Paycheck Protection Program and Health Care Enhancement Act; the Coronavirus Response and Relief Supplemental Appropriations Act, 2021 (CRRSAA); and the American Rescue Plan.
When a non-federal entity expends $750,000 or more of federal awards (either direct or indirect awards) in their fiscal year, a single audit is required under Subpart F of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). With the influx of grant aid, many entities that were under the audit threshold will find themselves for the first time in many years required to have a single audit.
Some programs created by these acts with single audit implications include:
- Provider Relief Fund—Assistance Listing 93.498
- Coronavirus Relief Fund—Assistance Listing 21.019
- Education Stabilization Fund—Assistance Listing 84.425 (with separate alpha codes to differentiate the grant award type)
Some new programs, like the Paycheck Protection Loan Program, are not subject to single audit. The assistance listing at https://beta.sam.gov will tell you whether the program is subject to Uniform Guidance, including the single audit requirements in Subpart F.
Many existing programs received additional funds to help with the pandemic, and these extra funds will increase the likelihood that a grantee will be required to obtain a single audit.
Reporting COVID-19 Expenditures
One of the factors that will determine whether a recipient of COVID-19 funds is subject to audit in a given fiscal year is the determination of when (and in which fiscal year(s)) to report the costs incurred on the Schedule of Expenditures of Federal Awards (SEFA). This can be a complicated matter considering some awards were made before terms and conditions were established, the period of performance sometimes allowed costs to be applied before awards existed, and the awards will cross multiple fiscal years. The AICPA Government Audit Quality Center issued a non-authoritative guide to reporting on an accrual-basis SEFA; the GAQC Nonauthoritative Guidance for Reporting on the SEFA may be found at http://bit.ly/GAQC-SEFA.
Compliance Supplement and COVID-19 Addendum
The Compliance Supplement (2 CFR 200, Appendix XI) assists auditors in performing single audits by identifying compliance requirements that federal agencies expect to be considered as part of a single audit.
The 2020 Compliance Supplement, which was effective for audits of fiscal years ending June 30, 2020, came out in August 2020. Additional audit guidance for COVID-19-related programs funded under the CARES Act was issued in an addendum to the 2020 Compliance Supplement on December 22, 2020. The addendum includes information on new COVID-19 programs and existing programs impacted by COVID-19, as well as a new subrecipient reporting requirement under the Federal Funding Accountability and Transparency Act (FFATA).
Auditors will use the addendum in conjunction with the 2020 Compliance Supplement to determine appropriate audit procedures. For any programs being audited that are not in the Compliance Supplement or addendum, or for new COVID-19 programs being audited prior to issuance of the addendum, the auditor will follow guidance in Part 7 of the Compliance Supplement to identify direct and material compliance requirements to test. The 2020 Compliance Supplement and addendum are available on the Office of Management and Budget’s (OMB) Office of Federal Financial Management website at https://www.whitehouse.gov/omb/office-federal-financial-management.
Although many federal agencies issued implementing guidance for new and existing programs receiving COVID-19 funding, the addendum reminds auditors that guidance documents do not create new compliance requirements and auditors should therefore refer to a statute, regulation, or terms and conditions of awards as criteria in audit findings.
Federal agencies have already begun work on the 2021 Compliance Supplement which will be effective for audits of fiscal years ending June 30, 2021. Information included in the 2020 addendum will be incorporated into the 2021 Compliance Supplement. Expect to see updates to audit guidance for COVID-19 related programs that were extended by or created under CRRSAA.
Single Audit Due Dates
Single audits are generally due within the earlier of 30 calendar days after receipt of the auditor’s report or nine months after the end of the audit period (2 CFR 200.512(a)). Due to the late issuance of the audit guidance for COVID-19 programs contained in the 2020 Compliance Supplement addendum, OMB included in Appendix VII to the addendum a three-month single audit extension for recipients and subrecipients that received COVID-19 funding with original due dates from October 1, 2020, through June 30, 2021 (i.e., January 1, 2020, through September 30, 2020, fiscal year ends).
Recent Changes to Requirements and Standards
Single audits must be performed under generally accepted auditing standards, Government Auditing Standards, and the audit requirements of Uniform Guidance. Auditors should be familiar with recent changes to these requirements and whether the changes will impact the first single audits that include COVID-19 funding.
For purposes of the single audit, the 2018 revision of Government Auditing Standards is effective for periods ending on or after June 30, 2020. Auditors performing single audits should be aware of the significant changes to the standards for evaluating threats to independence, especially if they perform non-audit services for their clients (i.e., preparing accounting records or financial statements, including the SEFA).
Revisions to Uniform Guidance were published on August 13, 2020, with an effective date of November 12, 2020 (85 FR 49506, http://bit.ly/85FR-49506). Noteworthy changes were made to the procurement standards and closeout provisions, among others. These revisions are not applicable to federal awards issued prior to the effective date, including awards under the CARES Act issued prior to that date. Therefore, auditors evaluating their client’s compliance with the administrative requirements and cost principles in Uniform Guidance should pay close attention to the award date. Any awards made under CRRSAA would be subject to the Uniform Guidance revisions, while those awards made under the CARES Act prior to November 12, 2020, will not be subject to those revisions.
Recent changes to generally accepted auditing standards were made in Statements on Auditing Standards No. 134–140, originally effective for periods ending on or after December 15, 2020. Statements on Auditing Standards No. 141 says that due to the COVID-19 pandemic, the effective date of those standards has been delayed and will now take effect for audits of financial statements for periods ending on or after December 15, 2021, with early implementation permitted. These revisions are primarily related to changes in the auditor’s report.
Federal Agency Oversight
Federal agencies have responsibilities related to ensuring the quality of single audits through the Inspector General Act of 1978, as amended, and the Uniform Guidance. To help assess the quality of single audits, agencies conduct quality control reviews of audit documentation prepared in support of single audits and perform desk reviews of single audit reporting packages.
Due to the impact of COVID-19 on the single audit, federal agencies will likely be paying particular attention to several areas during quality control reviews and desk reviews:
- Was the report package and data collection form submitted timely? Based on the fiscal year covered by the audit, and whether the auditee received COVID-19 funding, did an extension apply?
- Were COVID-19 expenditures separately identified on the SEFA and Data Collection Form? Were findings applicable to COVID-19 programs identified as such?
- Were all programs with a single Assistance Listing Number considered one program for purposes of major program determination? (i.e., 84.425—Education Stabilization Fund is evaluated in its entirety and not by separate alpha code)
- For audits with reports issued prior to publication of the addendum, did the auditor use Part 7 to determine which compliance requirements to test for new COVID-19 programs?
- For audits with reports issued after publication of the addendum, did the auditor comply with the requirements in the addendum?
Although for-profit and foreign entities are not considered non-federal entities subject to single audit requirements, auditors of these entities should be aware that federal agencies may impose audit requirements on them as well.
New federal funding will make single audits more prevalent in the coming months and years, but also more complicated. The best advice that can be given is for the auditor and grantee to closely read the 2020 Compliance Supplement addendum and the 2021 Compliance Supplement, once it is available. Both auditors and grantees should monitor federal agency webpages for information related to COVID-19 programs and should document any guidance that was relied upon in making decisions about how to comply and applying professional judgement.
Mark Priebe is director of the Non-Federal Audit Team and Amy Bales is senior auditor of the Non-Federal Audit Team for the U.S. Department of Education Office of Inspector General. In these roles, Priebe and Bales are charged with assuring the quality of audits completed by external auditors for Department of Education programs. Priebe is located in the Washington, D.C., office and may be reached at (202) 245-8255 or firstname.lastname@example.org. Bales is in the Kansas City Regional Office and may be reached at (816) 268-0502 or email@example.com.
Priebe is scheduled to speak at the Nebraska Society of CPAs’ 25th Annual Not-For-Profit Conference, which will be held June 7-8, 2021, via live webcast. Register today at http://bit.ly/Not-For-Profit-Conf2021.
Disclaimer: The views expressed in the above article do not necessarily represent the views of the agency or the United States.