Thousands of nonprofits and governments receiving federal funds will soon see an easing in audit requirements, thanks to new Office of Management and Budget rules.
For those with a tax year ending Dec. 31, 2015, or after, the new single audit threshold is now $750,000, up from $500,000. Entities receiving less than $750,000 are still obligated to make records available for review or audit by federal agencies.
For many small organizations, the single audit requirement has posed an additional burden in expense and time. One federal grant has often been high enough to trigger a single audit and thus, for some organizations, their first general audit.
To add to the complexity, single audits are not the same for all auditees. Auditors must first assess the client as low or high risk, both in general and at the program level. This assessment is to determine the organization’s ability and willingness to comply with federal rules and regulations, i.e., how likely they are properly managing federal funds.
In general, a low-risk client meets the following requirements:
- Single audits were performed in each of the past two years.
- Auditor opinions were unqualified.
- No material weaknesses were identified.
- No federal programs had findings in the previous two years.
The update has added a provision making the likelihood of operating as a going concern a requirement for low risk. Otherwise, the organization is treated as high risk.
At the program level, there are further steps to categorize programs and assess their level of risk. These steps determine which programs will be audited and how much transaction testing will be performed.
The first step is classifying programs as an A program or a B program. The criteria for an A program are as follows, updated with the new regulations:
- The program threshold is $750,000 for an organization expending less than $25 million in awards (after that 3 percent of amount expended).
- A program is high risk if, in the latest audit, it failed to receive an unqualified opinion, had a material weakness in internal control, had questioned costs for more than 5 percent of expenditures or had inherent program risk.
- A program is high risk if it hasn’t been audited in either of two prior periods.
- Any high-risk A program must be audited.
Any programs not meeting the threshold criteria ($750,000 or 3 percent of the more than $25 million) are classified as B programs.
The selection criteria for auditing a B program are as follows:
- A program with less than 25 percent of the threshold is regarded as small and doesn’t need to be audited.
- The level of risk needs to be determined for a B program by assessing controls, audit history and the program’s inherent risk.
The revision to single audit requirements reduced the minimum number of high-risk B programs required to be audited to 25 percent of low-risk A programs. In the case of a large number of B programs, the auditor is encouraged to audit different programs annually to increase coverage. – Elizabeth Penney, M.B.A.