Skip to Content
Amanda Ward Andrew Gentzkow
September 18, 2020 Article 9 min read
If your organization received federal funds related to COVID-19, you might need a single audit. Our experts answer key questions about determining whether you do, completing the SEFA, internal controls, and preparing for the audit.
Woman sitting at kitchen table on her laptop

Since COVID-19 relief funds were announced in March, 2020, federal agencies have published initial guidance and followed up with FAQs to address the many questions around administration and reporting. During a recent Plante Moran webinar, “How COVID-19 funding impacts your single audit and what to do next,” (available on demand) participants asked numerous questions. This article answers them and also offers new information that’s become available since the webinar. We hope it helps you prepare for your upcoming single audit.

When is a single audit required?

A single audit is required for nonfederal entities that expend $750,000 or more of federal awards during a fiscal year. The Uniform Guidance (UG) defines a nonfederal entity as a state, local government, Indian tribe, higher education institution, or nonprofit organization that is a direct recipient or subrecipient a federal award. While both for-profit and foreign entities are excluded from the definition of a nonfederal entity, federal agencies may impose audit requirements on these entities. For example, the Department of Health and Human Services for-profit audit requirements; two options are available: a single audit or a financial audit of a particular award in accordance with Government Auditing Standards.

Given the increase in COVID-19 relief funding, there’s a greater probability your organization will need a single audit. Keep in mind you will be required to comply with the audit requirements under UG and applicable regulations, which are unique to each federal awarding agency.

What do I need to know about the SEFA?

The key to the single audit is the Schedule of Expenditures of Federal Awards (SEFA). Because the SEFA serves as the basis for the auditor’s determination of major programs, its completeness and accuracy are vital. Be sure your SEFA includes all federal expenditures for the fiscal year under audit. It’s also important to ensure the Assistance Listing number, known as the Catalog of Federal Domestic Assistance (CFDA) number, is correct. An incomplete or inaccurate SEFA could result in failure to identify the need for a single audit, audit inefficiencies, incorrect major program selection, or additional audit costs.

According to Title 2 CFR 200.502, the “determination of when a Federal award is expended must be based on when the activity related to the Federal award occurs.” Federal expenditures cannot occur until there is a grant award in place. Even if expenditures incurred prior to your fiscal year end will eventually be subject to reimbursement under a federal award, they should not be included on the SEFA until you have a grant award.

An incomplete or inaccurate SEFA could result in failure to identify the need for a single audit, audit inefficiencies, incorrect major program selection, or additional audit costs.

Preparing the SEFA is a management responsibility, and its completeness and accuracy set the stage for a smooth audit. As a best practice, ensure you have a thorough SEFA preparation process that includes communication between the finance and grants departments and allows for updates to be made regularly throughout the year rather than only at the end.

How do I determine whether I’m a direct recipient, subrecipient, or contractor?

It’s critical to understand whether your organization is a direct recipient, subrecipient of another nonfederal entity, or a contractor. Your organization’s role is dependent on the agreement with the funding agency. As defined by the UG, a subaward is carries out a portion of a federal award and creates a federal assistance relationship with the subrecipient. A contract, however, is used to obtain goods and services for the entity's own use and creates a procurement relationship with the contractor.

Only those federal awards your organization would expend as a direct recipient or a subrecipient must be reported on the SEFA and are subject to the UG and single audit requirements. Payments received for goods or services you may provide as a contractor wouldn’t be considered federal awards and aren’t reported on the SEFA. Below is a list of general characteristics of subrecipient and contractor relationships.

COVID-19 single audits graphic

Determining your organization’s role as a subrecipient or contractor may require judgment and confirmation from the pass-through entity.

Are COVID-19 funds subject to a single audit under UG?

As you consider increased COVID-19 funding, you may wonder “Are these funds subject to a single audit and should be reported on the SEFA.” Federal agencies incorporated COVID-19 funding into existing programs and CFDA numbers and also established new COVID-19 programs with unique CFDA numbers. Grant agreements, terms and conditions, and other information provided by awarding agencies or pass-through entities will help you determine which programs receiving new COVID-19 funding will be subject to single audit requirements.

Determining your organization’s role as a subrecipient or contractor may require judgment and confirmation from the pass-through entity.

Below, we’ve outlined the new CFDA numbers under which COVID-19 funding was provided and whether these funds are subject to a single audit. Note that this information is subject to change. We recommend visiting beta.sam.gov for the most up-to-date information.

COVID-19 single audits graphic

What are the requirements for internal controls under UG?

Once you determine a single audit is required, you must consider the internal control environment. When combined with the transition to a remote or partially remote work environment, increased funding, including that for COVID-19 funding, will impact your organization’s processes and controls. Nonfederal entities must establish and maintain effective internal controls over federal awards in order to provide reasonable assurance that they are managing such awards in compliance with federal statutes, regulations, and the terms and conditions that apply.

Once you determine a single audit is required, you must consider the internal control environment.

As your organization prepares for a single audit, you should regularly evaluate and monitor compliance so that you can assess the effectiveness of internal controls and take prompt action when noncompliance matters arise. (For more details on controls, our article, “Top three things to consider if you’ve received COVID-19 funding,” published on June 10, 2020, discusses internal controls, single audit triggers and considerations, and compliance with best practices.)

What has changed regarding COVID-19 funding and single audit requirements since the webinar?

The following updates have been issued:

  • The COVID-19 Telehealth Program (CFDA #32.006) is subject to single audit requirements.
  • The Disaster Assistance Loans (EIDL) (CFDA #59.008) is subject to single audit requirements; the advance under the Economic Injury Disaster Loan Program (CFDA #59.072), up to $10,000, is not subject to single audit requirements.
  • 2020 OMB Compliance Supplement was released.

The Office of Management and Budget (OMB) released the 2020 Compliance Supplement on their website, which is effective for audits of fiscal years beginning after June 30, 2019. Appendix VII of the supplement indicates that an addendum will be released in the fall to address certain new COVID-19 programs. The Governmental Audit Quality Center published a nonauthoritative listing of federal programs that are expected to be included in the 2020 OMB Compliance Supplement Addendum as of Aug. 18, 2020. A listing of these programs appears below.

COVID-19 single audits graphic

We’ve also included a few 2020 Compliance Supplement highlights:

  • The six-requirement mandate has been maintained. Agencies have been required to limit the compliance requirements for audits to six for each program or cluster, with the exception of the Research and Development cluster, which was again permitted to identify seven requirements.
  • Program changes have been made, including additions and deletions in Part 4, some of which are significant, and are summarized in Appendix V of the supplement.
  • COVID-19-related awards must be separately identified on the SEFA and data collection form. This requirement applies to both existing awards that incurred COVID-19-related award expenditures and for new COVID-19 programs.
  • Audit findings should include the COVID-19 identification for existing and new COVID-19 awards.

While there are a lot of moving parts to administering and reporting of COVID-19 funds, the single audit process doesn’t have to be daunting. Resources, such as those identified in this article, can help as can a deliberate preparation process. And, as always, if you have any questions, we’re happy to help.

Let's talk. Our COVID-19 task force is ready to provide guidance.

Contact us