Single Audit

From Wikipedia, the free encyclopedia

The Single Audit, also known as the OMB A-133 audit, is a rigorous, organization-wide audit or examination of an entity who expends $500,000 or more of United States Federal assistance (commonly known as Federal funds, Federal grants, or Federal awards) received for its operations.[1][2][3] Usually performed annually,[4] the Single Audit’s objective is to provide assurance to the US federal government as to the management and use of such funds by different recipients, such as States, cities, universities, and non-profit organizations, among others. It is typically performed by an independent certified public accountant (CPA) and encompasses both financial and compliance components.

Contents

[edit] History

Prior to the implementation of the Single Audit, the federal government relied on numerous audits carried out on individual federally funded programs used by recipients in order to ensure that these funds were expended properly. Since the government had numerous agencies awarding hundreds of different programs, the task of auditing all programs became increasingly difficult and time consuming. Therefore, in an effort to improve this situation, the Single Audit Act of 1984 was enacted to standardized the requirements for audits of States, local governments, and Indian tribal governments that receive and use federal financial assistance programs.[5]

In 1985, the United States Office of Management and Budget (OMB) issued OMB Circular A-128, “Audits of State and Local Governments,” to provide guidance to recipients and auditors for implementing and carrying out the new Single Audit. In 1990, OMB administratively extended the Single Audit process to non-profit organizations by issuing OMB Circular A-133, “Audits of Institutions of Higher Education and Other Non-Profit Organizations” which superseded OMB A-128. With these new guides and provisions, the Single Audit was standardized in the United States to include any and all States, local governments, and non-profit organizations and institutions that receive federal funds from the US government.[5][6][2]

[edit] Purpose and components

The federal government provides an extensive array of federal assistance to recipients reaching over $400 billion dollars annually,[1] and this assistance is provided through thousands of individual grants and awards annually for the purpose of benefiting the general public in the areas of education, health, public safety, welfare, public works, etc. However, as a condition of receiving this assistance, recipients must comply with applicable federal and state laws and regulations, as well as any particular provisions tied with the specific assistance.[7] The Single Audit is one way the government receives assurance that these recipients comply with such directives by having an independent external source (the CPA) report on such compliance. However, it only applies to recipients that expend $500,000 or more of such assistance in one year.[1][2]

A Single Audit encompasses the examination of a recipient’s financial records, financial statements, federal award transactions and expenditures, the general management of its operations, the systems of internal control, and the federal assistance itself received during the audit period (the time period of recipient operations which will be examined in the Single Audit, which is usually covers a natural or fiscal year).[8][3] The Single Audit is divided into two areas: Compliance and Financial.

The compliance component of a Single Audit covers the study and understanding (planning stage) as well as the testing and evaluation (exam stage) of the recipient with respect to federal assistance usage, operations and compliance with laws and regulations.[8] The financial component is exactly like a financial audit of a non-federal entity which includes the audit of the financial statements and accompanying notes. Depending on the recipient, the Single Audit can be simple and straightforward, or it could be complex and troublesome. This is due to the fact that there are millions of federal grants awarded each year to thousands of recipients, each with its own independent way of operating. Therefore, the Single Audit differs from recipient to recipient and from federal program to program.

For these reasons, the federal government requires auditors to perform the compliance audit of a recipient with a planning stage and an exam stage. During the first stage, or planning stage, the auditor must study the recipient, determine whether there is a high or low risk that the recipient does not comply with laws and regulations, identify federal programs, and evaluate such programs. The second stage, or exam or audit stage, is where the auditor actually audits the federal assistance and programs.[8] The planning stage is considered an integral part of the Single Audit because it allows the auditor to design and perform the audit based on the qualities, characteristics and needs of the recipient to be audited.

[edit] Compliance audit: planning stage

[edit] Low-risk or High-risk auditee

Before determining which federal programs the auditor will examine, the auditor must first study the recipient itself. This evaluation requires the auditor to interview its employees, observe the recipient in operations, obtain third-party references, and read the recipient’s prior audit reports, among other procedures, in order to understand the recipient and to determine whether it is likely that it complies or doesn’t comply with federal laws and regulations. This is performed because the recipient’s operations, procedures, and work ethic directly affects the compliance of individual federal programs with laws and regulations.

The evaluation concludes with the auditor determining, based on the evaluation, whether the recipient is a high-risk auditee or a low-risk auditee. A high-risk auditee is a recipient which as a high risk of not complying with federal laws and regulations, while a low-risk auditee is the exact opposite. For example, an auditor may judge a recipient to be a high-risk auditee because the audit reports of the past few years have numerous audit findings (e.g. specific situations of non-compliance with laws and regulations, serious deficiencies in internal controls and/or acts of fraud), or because the auditor receives news from various sources that the recipient is engaged in illegal activities, such as money laundering. On the other hand, the auditor may determine that a recipient is low-risk because its management personnel have a good work ethic, the auditor has received good references from external sources, or because the recipient has never received any audit findings. However, the OMB Circular A-133 has set certain requirements a recipient must meet in order to be considered a low-risk recipient, which includes the following:[9]

  • Single audits have been performed on an annual basis in prior years.
  • The auditor's opinions on the financial statements and the Schedule of Federal Expenditures (discussed later) were unqualified (financial statements are reasonably correct).
  • There are no significant deficiencies in internal control (also known as material weaknesses in internal controls) identified in prior year audits.
  • None of the Federal programs previously audited had audit findings in the last two years.

The OMB Circular A-133 uses the high and low risk determination in order to regulate the amount of auditing to be performed. Although the actual work necessary for a Single Audit is established by the auditor, the OMB has set a limit for auditing high-risk and low-risk recipients. For high-risk recipients, the auditor is required to audit not less than 50% of all the federal assistance received during the year. For low-risk recipients, that limit is decreased to 25%.[10]

This determination also affects the entire Single Audit because the auditor will adjust the examination accordingly. Since the auditor must provide an opinion to the federal government on whether the recipient and its programs complied with laws and regulations, the auditor will perform sufficient tests and audit procedures (also known as audit work) in order to satisfy his/herself that the opinion is correct.[11] Normally, the auditor will greatly increase the amount of audit work for high-risk auditees to assure that his/her opinion is correct. For low-risk auditees, the auditor will not be as rigorous as with a high-risk; but nevertheless must be aware that not because a recipient is low-risk does it mean that it is fully complying with all laws and regulations (consequently, a high-risk determination does not necessarily mean that the recipient never complies with laws and regulations either, just that it is more likely than not).

[edit] Identification of federal assistance programs

In order to determine which federal programs will be audited under the compliance audit, federal assistance expended by the recipient (also called federal expenditures) during one year is identified by federal program name, Federal agency and CFDA number. These federal expenditures are then combined to determine the total amount expended during the year. Any recipient whose total federal expenditures during a year equal or exceed $500,000 requires a Single Audit[3][4]. If the recipient does not meet this threshold, a Single Audit is not required, although the recipient may elect to have a program-specific audit (an audit of a single federal program, without auditing the entire entity). Once this determination is performed, OMB Circular A-133 requires that federal programs by categorized in two groups: Type A programs and Type B programs.[12]

  • Type A program – a Type A program is any federal program within a recipient which expends either: (1) $300,000 or more of federal assistance for recipients with $10 million or less of expended federal assistance during the audit period, or (2) 3% of the total federal assistance expended during the year for those who exceed $10 million, whichever is greater. In other words, if a recipient expended a total of $10 million or less in federal assistance, then any single program which expended $300,000 or more is considered a Type A. If a recipient expended more than $10 million in federal assistance, then any single program which expended 3% of that amount is considered a Type A program.[13]
  • Type B program – A Type B program is any single program which does not meet the Type A requirements.[14]
Example 1 – The City of Example operates a Section 8 program, and expended $450,000 in Section 8 funds and $5,000,000 of total federal assistance during the year. Since this amount does not exceed $10,000,000, the Section 8 program is considered a Type A program because $450,000 exceeds the $300,000 threshold.
Example 2 – Using the same data in Example 1 with the exception that the City of Example now expended a total of $15,000,000 in federal assistance, the Section 8 program would meet the Type A threshold because $450,000 is equal to $15,000,000 x 3% ($450,000).
Example 3 – Using the same data in Example 1 with the exception that the City of Example now expended a total of $20,000,000 in federal assistance, the Section 8 program would not meet the Type A threshold because $450,000 is less than $20,000,000 x 3% ($600,000), and would be considered a Type B program.

[edit] Risk assessment

Main article: Risk assessment

After determining which programs are Type A and Type B, the OMB Circular A-133 requires that the auditor study and understand the operations and internal controls of such programs within the entity, and perform[15] and document[16] a risk assessment based on such study to determine whether each program has either a high or low risk of not complying with laws and regulations. Auditor may consider numerous factors including current and prior audit experience, good or poor internal controls over Federal programs, many or no prior audit findings, continuous or lack of oversight exercised by the federal government over the recipient, evidence or knowledge of fraud, and the inherent risk of the Federal program.[17]

For any Type A program which are considered to be a high risk of not complying, the OMB Circular A-133 requires that the auditor to perform a compliance audit on that program.[18] For a Type A program that is considered to be of low risk, then the auditor is not required to perform a compliance audit, although the OMB Circular A-133 allows the auditor to do so if he/she chooses to.[18] Although the risk assessment is performed by the auditor based on his/her judgment,[19][17] the OMB Circular A-133 does have two requirements for a program to be considered low risk. First, the program must have been audited at least once in the last two years, and second, the program must have no audit findings when it was last audited. If the program does not comply with either of these two requirements, it is automatically considered as high risk.[15]

For the smaller Type B programs which have been identified as high-risk, the auditor has two options: either audit half of all high-risk Type B programs, or audit one Type B high-risk program for every low-risk Type A program.[18] Type B programs which have a low risk of not complying are not required to be audited.

[edit] Compliance audit: exam stage

After the auditor determines which federal programs will be audited, the auditor performs a compliance audit where the operations of the program are scrutinized; files, documents, contracts, checks, etc. are examined; and transactions between the federal program and any other party are investigated to a certain degree. These functions are compared with the laws and regulations applicable to a program to see if they complied or not. The examination does not require observing every single document and every single process generated by the program, nevertheless the auditor is required to perform enough procedures to form an opinion on whether the program (as a whole) complied with laws and regulations.[20]

Due to the amount of federal regulations, the federal government has provided certain guides and literature to assist the auditor in the examination, which includes the OMB Circular A-133 Compliance Supplement and the Compliance requirements:[20]

[edit] OMB Circular A-133 Compliance Supplement

The OMB Circular A-133: Compliance Supplement is a large and extensive guide created by the OMB for Single Audits, and is considered the most important tool of both the auditor and the recipient when performing, or being subject to, a Single Audit.[5] It was created following amendments in 1996 to the Single Audit Act and serves to identify existing important compliance requirements that the Federal Government expects to be considered as part of a Single Audit. Without it, auditors would need to research thousands of laws and regulations for each single program of a recipient to determine which compliance requirements are important to the Federal Government. For Single Audits, the Supplement replaces any agency audit guides and other audit requirement documents for individual Federal programs.[5]

[edit] Compliance requirements

Compliance requirements are series of directives provided by Federal agencies that summarize hundreds of laws and regulations applicable to federal assistance and are important to the successful management of such assistance. The OMB created 14 basic and standard compliance requirements for which recipients must always comply with when receiving and using federal assistance, and provided detailed explanations, discussions, and guidance about them in the OMB Circular A-133 Compliance Supplement.[21] These compliance requirements only serve as guidelines for compliance with the specific laws and regulations applicable to the assistance and their objectives are designed to be generic in nature, because of the amount of different federal programs provided by the government. For example, many federal programs have eligibility requirements for individuals or organizations to participate such programs because they have been established by either laws, regulations, or contract provisions. However, while the criterion for determining eligibility varies from program to program, the objective of the Eligibility compliance requirement that "only eligible and qualified individuals or organizations participate" is consistent and universal across all federal assistance programs. This eligibility universal criteria is called the Eligibility compliance requirement.[22]

[edit] Financial audit

Main article: Financial audit

The Single Audit requires that a recipient prepare financial statements specifically for the single audit.[23] It also requires that a financial audit be performed on the recipient, which includes the federal assistance operations as well as the non-federal assistance operations. Tests of transactions and account balances are performed to ensure that the information presented in the financial statements, and notes thereof, are reasonably correct.[24] Additionally, the recipient must prepare a Schedule of Federal Expenditures, which is a supplementary financial statement unique to recipients of federal assistance that details all the federal assistance expended by the recipient during the year, categorized by federal program.[25] The auditor must then audit and report on this Schedule as if it were part of the standard financial statements.[24]

[edit] Data Collection and Reporting Package

After the Single Audit is concluded, the recipient prepares two documents: a “Data Collection Form and a “Reporting Package”. The Data Collection Form is a standard form which is basically a summary of the Single Audit. It includes details of the auditor, a list of the federal programs audited, and a summary of any audit findings reported by the auditor. The Reporting Package includes all the auditor’s final reports along with the recipient’s financial statements. It includes:[26]

  • Auditor’s reports
  • Management Discussion and Analysis (MD&A) – This serves as an introduction to the recipient’s financial statements where the recipient’s management (i.e., Governors, in case of States; Mayors, in case of cities; President, in case of non-profit organizations, etc.) discuss the results of operations and other financial information, offering insight and detailed description about the recipient itself.
  • Recipient’s financial statements - This contains the financial statements required by the Governmental Accounting Standards Board (GASB), which includes the Government-wide statements as well as the Fund Financial Statements.
  • Recipient’s notes to the financial statements – This includes any notes and disclosures for the financial statements as required by US Generally Accepted Accounting Principles (GAAP).
  • Supplemental Information – This section includes both financial and non-financial information relative to the recipient which is not covered in the MD&A or the financial statements and their respective notes.
  • Schedule of Federal Award Expenditures – This document details all federal assistance expenditures made by the recipient during the audit period, categorized by the federal program and federal agency.
  • Schedule of Findings and Questioned Costs – If the auditor finds situations where the recipient did not comply with laws and regulations, where internal controls are deficient, or a situation of illegal acts or fraud, the auditor is required to report such situations to the federal government in this section, as well as any questioned costs. Questioned costs are amounts that the recipient expended, but which the auditor has determined that they were not permitted and must be returned to the federal government.[27]
  • Schedule of Prior Audit Findings – In this section, the auditor is required to follow-up and report about the recipient’s corrective action on any audit findings reported in prior years.

Both the Data Collection and the Reporting Package are kept by the recipient with copies submitted to the Federal Audit Clearinghouse (FAC), and to any Federal agency who specifically requests it.[26] Federal guidelines require recipients to submit the documents no more than 30 days after the auditor emits his reports or 9 months after the final day of the audit period, whichever comes first.[28]

[edit] Auditor responsibility

The auditor is responsible for conducting the actual audit of the recipient in accordance with Generally Accepted Government Auditing Standards (GAGAS)[29] and using the guidance provided by the OMB Circular A-133 and its Compliance Supplement, all of which establish certain rules to follow during the Single Audit. Among these rules are that the auditor must establish audit objectives which will determine his/her opinion on whether the recipient complied with laws and regulations; study and do research on the recipient’s federal assistance awards and programs to determine the applicability of specific laws and regulations; obtain a full understanding of the recipient, its organization and its operations; evaluate a recipient’s internal control systems; evaluate the recipient’s ability to manage federal assistance in a responsible manner; and perform audit procedures (some of which are suggested by the Compliance Supplement) in order to meet the audit objectives.

The auditor is required to obtain an understanding on the recipient’s internal control system in order to determine if the recipient has proper safeguarding techniques which help manage the federal assistance responsibly. After obtaining sufficient knowledge of that system, the auditor must perform audit procedures in order to verify if the recipient’s internal control system is working properly and if the recipient’s federal program operations complied with laws and regulations (i.e., the compliance audit portion of the Single Audit).[30][3][31]

As part of the Single Audit, the auditor must prepare and submit three individual reports to the recipient and to the federal government. The first report is an opinion, or a disclaimer thereof, on whether the recipient’s financial statements are presented in conformity with US Generally Accepted Accounting Principles, identical to a financial audit’s report on a non-recipient entity. The second report is about the status of internal controls relative to the financial statements and major programs. The third report is an opinion, or a disclaimer thereof, on the degree to which the recipient has complied with laws, regulations, and the terms and conditions of the federal assistance awards. Following the last two reports, if the Single Audit produced audit findings, the auditor must prepare the Schedule of Findings and Questioned Costs discussed earlier.[27][31]

The auditor’s judgment is necessary to determine which audit procedures are sufficient to achieve the audit objectives, and whether additional or alternative audit procedures are needed to achieve such objectives. The auditor is responsible for determining the nature, timing, and extent of the audit procedures necessary to meet the audit objectives (i.e., it is the auditor who determines the necessary amount of his/her audit work needed to form an opinion on whether the recipient complied with laws and regulations).


[edit] Notes

  1. ^ a b OMB Office of Federal Financial Management, The Single Audit
  2. ^ a b OMB Circular A-133; Subpart B - Audits; §___.200 - Audit requirements
  3. ^ a b c Understanding Single Audits by Henry Flood, Grantsmanship Center Magazine, Fall 2002, retrieved on June 30, 2006
  4. ^ OMB Circular A-133; Subpart B - Audits; §___.220 - Frequency of audits
  5. ^ a b c d OMB Circular A-133: Compliance Supplement; Part I: Background, Purpose and Applicability; Background; pg. 1-1, par. 1 through 4 and pg. 1-2, par. 1 through 2
  6. ^ OMB Circular A-133 Title 1 - Purpose
  7. ^ OMB Circular A-133: Compliance Supplement; Part I: Background, Purpose and Applicability; Overview of this Supplement; Internal Control; pg. 1-6, par. 5
  8. ^ a b c OMB Circular A-133; Subpart E - Auditors; §___.500 - Scope of Audit
  9. ^ OMB Circular A-133; Subpart E - Auditors; §___.530 - Criteria for a low-risk auditee
  10. ^ OMB Circular A-133; Subpart E - Auditors; §___.520 - Major program determination; section (f) – Percentage of coverage rule
  11. ^ OMB A-133; Subpart E - Auditors; §___.500 – Scope of audit; section (d)(4) - Compliance
  12. ^ OMB Circular A-133; Subpart E - Auditors; §___.520 - Major program determination; section (b) – Step 1
  13. ^ OMB Circular A-133; Subpart E - Auditors; §___.520 - Major program determination; section (b)(1)
  14. ^ OMB Circular A-133; Subpart E - Auditors; §___.520 - Major program determination; section (b)(2)
  15. ^ a b OMB Circular A-133; Subpart E - Auditors; §___.520 - Major program determination; section (c) – Step 2
  16. ^ OMB Circular A-133; Subpart E - Auditors; §___.520 - Major program determination; section (g) – Documentation of risk
  17. ^ a b OMB Circular A-133; Subpart E - Auditors; §___.525 - Criteria for Federal program risk
  18. ^ a b c OMB Circular A-133; Subpart E - Auditors; §___.520 - Major program determination; section (e) – Step 4
  19. ^ OMB Circular A-133; Subpart E - Auditors; §___.520 - Major program determination; section (h) – Auditor’s judgment
  20. ^ a b OMB A-133; Subpart E - Auditors; §___.500 – Scope of audit; section (d) - Compliance
  21. ^ OMB Circular A-133: Compliance Supplement; Part III: Compliance Requirements
  22. ^ OMB Circular A-133: Compliance Supplement; Part III: Compliance Requirements, pg. 3-E-1, Eligibility
  23. ^ OMB A-133; Subpart C - Auditees; §___.310 – Financial Statements; section (a) - Financial statements
  24. ^ a b OMB A-133; Subpart E - Auditors; §___.500 – Scope of audit; section (b) - Financial statements
  25. ^ OMB A-133; Subpart C - Auditees; §___.310 – Financial Statements; section (b) - Schedule of Federal Expenditures
  26. ^ a b OMB A-133; Subpart C - Auditees; §___.320 – Report submission; section (c) – Reporting Package
  27. ^ a b OMB A-133; Subpart E - Auditors; §___.505 – Audit reporting
  28. ^ OMB A-133; Subpart C - Auditees; §___.320 – Report submission
  29. ^ OMB A-133; Subpart E - Auditors; §___.500 – Scope of audit; section (a) - General
  30. ^ OMB A-133; Subpart E - Auditors; §___.500 – Scope of audit; section (c) - Internal control
  31. ^ a b The Single Audit Act, AICPA

[edit] Primary sources

[edit] Secondary sources

[edit] OMB Circulars

[edit] See also

[edit] External links