The Office of Management and Budget (OMB) Compliance Supplement is a critical resource for both auditors and nonfederal entities. It not only guides auditors in performing single audits but also helps auditees understand the audit process and compliance requirements that they’ll face. Think of it as your roadmap to navigating federal grant compliance — and even gaining insight into OMB actions and decisions.
The OMB releases the compliance supplement annually. The latest version — the 2025 Compliance Supplement, applicable to single audits of fiscal years ended June 30, 2025, and beyond — was issued in November 2025.
Familiarity with its contents is essential for maintaining a best-in-class control environment for federal grants. You can access the full 2025 Compliance Supplement here. We’ve outlined five key considerations to help you fully understand compliance requirements that apply to the federal programs you administer.
1. Programs with higher risk designation
In accordance with the Uniform Guidance (UG), the OMB has the authority to identify federal programs that are higher risk. This identification is only communicated via the Compliance Supplement. Due to the way auditors are required to select programs for testing during the single audit, be aware that programs designated as higher risk will most likely be subject to detail audit procedures once the program expenditures reach a certain level. Knowing which programs these are could help you understand which ones might be selected by your auditors for testing.
In the 2025 Compliance Supplement, OMB has designated only two programs as higher risk. These programs are shown below:
2. Internal controls (Part 6)
Part 6 of the 2025 Compliance Supplement offers comprehensive guidance on internal control over compliance for federal programs. It’s grounded in the COSO framework and the Government Accountability Office Green Book principles, providing practical examples of control objectives and related activities for each compliance requirement.
Auditees can leverage Part 6 as a benchmark tool to:
- Map existing controls against the example controls for each compliance requirement.
- Identify gaps where controls may be insufficient or missing.
- Implement suggested controls to bridge those gaps.
- Create or update policies and procedures to strengthen compliance and reduce risk.
By using Part 6 proactively, auditees can enhance their internal control environment, demonstrate accountability, and be better prepared for an audit of your federal funds.
3. Compliance requirements (Part 3)
This part serves as the framework for the auditor’s testing compliance. It lists the 12 types of compliance requirements and provides guidance on the suggested audit procedures for each compliance requirement. As an auditee, you can use this information to better understand various compliance requirements and help provide insight into how your auditors will test applicable compliance requirements. Driven by the 2024 revisions to UG, the OMB has changed Part 3 to include two separate sections: Part 3.1 and Part 3.2.
Part 3.1
This part includes guidance applicable to awards existing as of Oct. 1, 2024, and for which the federal agency hasn’t communicated that the 2024 revisions to UG are applicable. One key change to Part 3.1 is related to reporting under the Federal Funding Accountability and Transparency Act (FFATA). In Spring 2025, all previous FFATA reporting, which was completed through FSRS.gov, was moved to the System for Award Management site, SAM.gov. As an auditee, if you’re required to comply with FFATA reporting requirements, you should:
- Ensure your organization is submitting required reports through SAM.gov for any reporting due on or after March 8, 2025.
- Verify that your internal processes and staff are aware of this change and have access to SAM.gov.
- Maintain documentation of timely and accurate submissions, as auditors will review FFATA reports in SAM.gov during the audit.
Part 3.2
This part includes guidance applicable to awards issued on or after Oct. 1, 2024; and for any awards that have been amended to specifically communicate that they’re subject to the 2024 UG revisions, auditors must follow Part 3.2 to complete their testing. Key changes to Part 3.2 are related to the “Allowable Costs/Cost Principles” and “Equipment and Real Property Management” sections, which reflect the areas where more specific award-level changes were made in the Revised UG.
- In “Allowable Costs/Cost Principles,” Part 3.2 reflects the change that Revised UG allowed when entities are using the de minimis indirect cost rate. For any awards that are subject to the Revised UG, the de minimis rate increased from 10% to “up to 15%.” Auditees should review your cost allocation practices to ensure you’re able to use the higher rate, including reviewing existing policies and updates as needed.
- Related to “Equipment and Real Property Management,” if you’re purchasing equipment within a federal grant program with an award dated after Oct. 1, 2024, the equipment capitalization, disposal, and supplies threshold has increased from $5,000 to $10,000 under the UG Revisions. Auditees should review internal policies and procedures and make necessary updates to internal policies and procedures to align with this new threshold and ensure proper tracking and documentation for equipment purchases under federal programs.
4. Matrix of compliance requirements (Part 2)
The matrix identifies the compliance requirements federal agencies have identified as subject to audit. There were several changes this year to this matrix, including deleted programs, added programs, and changes to which compliance requirements are subject to audit for existing programs. As an auditee, you can use this information to help provide insight into which compliance requirements your auditors will test for each of your major programs.
5. Agency program requirements (Part 4)
This part identifies program-specific nuances to the compliance requirements that apply to individual federal programs that are included within this part. Think of Part 4 as an extension of Part 3: While Part 3 outlines the general compliance requirements and audit objectives (such as allowable costs, eligibility, reporting), Part 4 drills down into how those requirements apply to specific programs. Each federal program may have special provisions or interpretations of the general requirements. For example, reporting timelines, eligibility criteria, or allowable cost definitions may differ from the standard guidance in Part 3. By reviewing Part 4, auditees can customize policies, procedures, and internal controls to meet the exact requirements of each program you manage, rather than relying solely on broad rules.
The OMB made changes and updates to a few commonly tested programs in the 2025 Compliance Supplement. The updated programs are outlined below.
If you’re managing federal grants, we encourage you to use the Compliance Supplement as a key resource — and it’s not just for auditors. The supplement is equally valuable for auditees because it helps them understand the compliance requirements applicable to federal programs while also understanding the scope of testing to be expected in your single audit.
For more information on the 2025 Compliance Supplement, check out our webinar, “2025 Compliance Supplement and Single Audit Update.” Be sure to also subscribe to our alerts for additional articles.
