The purpose of the Single Audit is to ensure Federal funding is used for the program or project in compliance with financial, administrative, and specific requirements of the award, and the terms and conditions of the grant agreement. A Single Audit is a major tool relied upon in risk assessment of applicant to help determine the amount of monitoring required during the award period and closeout. Single audit findings are also relied on to determine future awards that could be made to an applicant.
In 2017, of the 28,000 Single Audits submitted to the Federal Audit Clearinghouse (FAC), approximately 20,000 (70%) of the audits were identified as low-risk auditees. Based on the experience level of the firm conducting the audit, the percentage of nonconforming audits could range from 25% to 62%. This begs the question: can we rely on the auditor’s determination of a low-risk auditee? Can we reliably rely on the Single Audit?
The Single Audit Quality Study
The Uniform Guidance allows the Office of Management and Budget (OMB) to determine the frequency of the Single Audit Quality Study. Under the responsibility requirements for the Federal cognizant agencies and Pass-through Entity, they may:
- Provide technical audit advice and liaison assistance to auditees and auditors.
- Obtain or conduct quality control reviews on selected audits made by the non-Federal audits and provide those results to other interested organizations.
The OMB has the following responsibilities in this process:
- Cooperate and provide support to the Federal agency designated by OMB to lead a governmentwide project to determine the quality of the Single Audit.
- Provide a reliable estimate of the extent of requirements, standards, and recommendations for any changes to applicable requirements.
- Advise the community of independent auditors of any noteworthy or important factual trends related to the quality of audits stemming from quality reviews.
- The significant problems or quality issues identified in the quality reviews and refer them to the appropriate state licensing agencies and professional for disciplinary action.
The last government-wide Single Audit Quality Study conducted was in 2007. Within a statistical sample of 208 single audits from a population of approximately 38,500 single audits issued from April 2003 through March 2004, the results of the study revealed:
- 115 (55.3%) were acceptable
- 30 (14.14%) were of “limited reliability”
- 63 (30.3%) were “unacceptable”
Interestingly, the difference in audit quality was particularly marked between Stratum 1 (larger audits with $50 million or more in Federal expenditures) and Stratum 2 (smaller audits of more than $500,000, which was the previous Single Audit threshold, but still less than $50 million).
The AICPA Peer Review Program Study
To add more context to this issue, in 2015 the American Institute of Certified Public Accountants (AICPA) conducted a study of single audit engagements. The AICPA Peer Review Program monitors the quality of reviewed firms’ accounting and auditing engagements and processes and evaluates the systems under which those engagements are performed to make recommendations for improvement. The Peer Review analysis noted the following as common Single Audit deficiencies:
- Major program determination
- Low-risk auditees status
- Testing of internal controls over compliance
- Reporting Errors
- Overall supporting documentation
- Audit partners, managers and staff not meeting GAGAS CPE requirements
- GAGAS independence requirements
The results of the 2015 assessment indicated that almost half (48%) of the single audits reviewed were considered non-conforming. The Study attempted to isolate specific environmental factors that led to these common audit deficiencies and determined that:
- The size of the firm was less important than the number of single audits that it performed.
- Firms that only performed one (1) single audit had a 62% chance of nonconforming audit.
- Firms that performed two (2) to ten (10) single audits annually had a 49% chance of a nonconforming audit.
- When a firm performed more than ten (10) single audits annually it significantly reduced the nonconforming audit to 15%.
Results were similar when examining the number of single audits that a specific partner performed as well
Single Audit Detection Gap – Why is this important?
According to 2017 Federal Audit Clearinghouse Database, more than 25% of the submitted audits were conducted by firms who were responsible for fewer than ten (10) Single Audits in that year. Even if the firms were in this lowest category of experience, the quality of their audit may be significantly lower than a Single Audit by firms conducting more than ten (10) such audits.
Federal agencies should have complete information in grant award decisions. However, flaws in the audit process may result in a Detection Gap and reported findings may not include all actual deficiencies.
Planning for risk
A nationwide Single Audit Quality Study is necessary to determine if the quality of the Single Audit has improved under the Uniform Guidance, and to determine the amount of reliance that can reasonably be placed on Single Audits as a reliable part of risk assessment.
Until this happens, funders need a way to ensure they are awarding applicants that pose a low, medium or high risk, or to ensure they have a reliable method for determining any specific conditions that may need to be placed on an award. Your grants program should be in the practice of or preparing to implement strong internal controls to maintain compliance and reduce the risk of reporting errors. Having a centralized place to store all documentation related to each award is another way you can prepare for a Single Audit or any regulatory review. And finally, having a risk assessment strategy in place can also help your grant programs to ensure compliance with the specific grant award requirements and the Uniform Guidance.
This Expert Spotlight is the first installment of our blog series “Assessing Risk in Uncertain Times.” In the coming weeks, AmpliFund will be posting more resources and tools to help funders implement effective risk assessment processes. Stay tuned!
About the author: Carol A. Kraus is a licensed CPA and Certified Grant Management Specialist. She has served as the Chief Internal Auditor for the Illinois Office of the Comptroller, an Associate Director of the Governor’s Office of Management and Budget (GOMB), and as Chief Internal Auditor for the State of Illinois where she trained internal audit staff to conduct Federal program audits. She was also appointed Chief Accountability Officer to lead the Statewide implementation of internal controls, financial performance reporting, and monitoring for the American Reinvestment and Recovery Act (ARRA). Illinois was recognized as a leader in the nation in its ARRA implementation effort. Prior to her retirement in July 2020, she served as the Director of the Grant Accountability and Transparency Unit (GATU), which is responsible for leading the effort of implementing GATA - establishing uniform policies and procedures in a collaborative effort between grant-making agencies and Grant Seekers to remove redundancies and duplication of efforts as well as to streamline grant management business processes while increasing accountability and transparency throughout the entire grant lifecycle.
You may find that implementing new technology could be helpful for standardizing your processes and centralizing your grant-related data. If you think that grant management software may be helpful for your organization, AmpliFund can answer any questions you may have. We look forward to finding a solution that can not only help you maintain compliance, but also mitigate risk.
*Photo by Mojo_cp from Canva