With billions of dollars in COVID funding provided to non-profits, local governments, and for-profit organizations, more organizations than ever are required to comply with Yellow Book. What is a Yellow Book audit? The Yellow Book is a nickname for Government Auditing Standards that auditors are required to follow. These standards were finalized in 2018 and can be viewed online here. A proposed revision to the Yellow Book (published in January 2023) can be viewed here. This revision proposes changes in standards for quality management and communication components for organizations performing Yellow Books Audits.
For non-federal entities (governments, Indian tribes, not-for-profit organizations, and higher education) receiving more than $750,000 in federal funding, these entities are required to have a Single Audit. Many non-profits and governments (that never previously had a Single Audit done) now meet the threshold of $750,000 due to COVID relief funding. Having to comply with a first time Single Audit requirement poses additional challenges for many organizations. Additionally, for-profit entities are now required to have Yellow Book (and in some cases compliance audits that are similar to Single Audits) done due to their receiving COVID funds.
Audit Findings and COVID Funding Challenges
An audit finding is a comment on either the design and/or the effectiveness of the system of internal control over compliance; and/or noncompliance with provisions of laws, regulations, contract or grant agreements. An audit finding may involve financial reporting, compliance, and/or the design or effectiveness of internal controls. Specifically, auditors are required to report as findings significant deficiencies or material weaknesses in internal control, non-compliance with provisions of laws, regulations, contracts, or grant agreements that have a material effect on the financial statements, or fraud that is material, either quantitatively or qualitatively.
Findings written by the auditors must include:
- criteria (i.e. the requirement that must be followed
- condition (what issue did the auditor find)
- effect, or potential effect
- and recommendation to correct the issue
With the influx of COVID funding and the myriad of organizations receiving such funds, some entities may not have previous experience handling federal grant money, and some departments may struggle with the scale of funding. Additionally, organizations were under pressure to spend the money in a matter of months and arguably with vague guidance to rely upon. Listed below are some examples of potential findings an organization may be cited for with respect to their COVID funding:
- Inadequate monitoring of organizations paid to administer COVID funding relief programs such as the Emergency Rental Assistance Program (organizations may not be used to monitoring other non-profits to see how funds are being spent).
- Lack of documentation in how sub-recipients have spent their money
- Missed risk assessments on service providers, specifically a failure to check on whether contractors have not been previously disqualified from receiving federal funds
- We recommend that you develop a strong system of internal controls to help mitigate the risk of audit findings. When you have your audit planning meeting that is the best time to speak up with questions you may have regarding new or complex financial and compliance areas and how to best put proper controls in place. Refer to our previous blog on internal controls for additional guidance.
What to Expect for 2023 Single Audits
For 2023 Single Audits, there are still COVID-19 programs that need to be audited. Many waivers are expiring/have expired and will increase requirements entities must follow. Adding to this challenge is the fact that the Infrastructure and Investment and Jobs Act (IIJA) funding is starting to flow, the new 2023 Compliance Supplement (see below) has been issued with more changes than usual, and there is an increased federal focus on oversight.
An Overview of the 2023 Compliance Supplement
The 2023 Compliance Supplement was issued May 22, 2023 and was effective for audits of fiscal years beginning after June 30, 2022. There are many small changes throughout the 2023 Compliance Supplement, but listed below are the key updates from the Supplement you should be aware of:
- There is additional guidance to implement the Build America, Buy America Act provisions of the IIJA. The proposed guidance seeks to implement consistent government-wide Buy America requirements for infrastructure projects and includes guidance to determine the cost of manufactured products and when a variety of types of construction materials can be treated as U.S.-made.
- The Highway Planning and Construction Cluster has been decoupled. Formerly CFDA numbers 20.205/20.219/20.224/23.003 were identified as a cluster to be considered as one program for major program evaluation and testing under the Uniform Guidance. Now each program will stand on its own, to be evaluated and tested separately under the criteria of the Uniform Guidance.
- The following programs have been identified as higher risk:
- Education Stabilization Fund 84.425
- Provider Relief Fund and American Rescue Plan (ARP) Rural Distribution 93.498
- Medicaid Cluster 93.778/93.777/93.775
- Emergency Rental Assistance 21.023
- Homeowner Assistance Fund 21.026
- Coronavirus State and Local Fiscal Recovery Funds 21.029
- Coronavirus Capital Projects Fund 21.029
- Abandoned Mine Land Reclamation 15.252
- Disability Insurance/Supplemental Security Income 96.001/96.006
- The following programs have been added to the Supplement:
- 15.252 – Abandoned Mine Land Reclamation (AMLR) Grants
- 20.327 – Railroad Crossing Elimination
- 20.532 – Passenger Ferry Grant Program, Electric or Low-Emitting Ferry Pilot Program, and Ferry Services for Rural Communities Program
- 20.533 – All Stations Accessibility Program
- 20.534 – Community Project Funding Congressionally Directed Spending
- 20.708 – Natural Gas Distribution Infrastructure Safety and Modernization Program
- 21.011 – Community Development Financial Institutions Capital Magnet Fund
- 21.012 – Natives Initiatives Program
- 21.024 – Community Development Financial Institutions Rapid Response Program
- 21.025 – Community Development Financial Institutions Small Dollar Loan Program
- 21.032 – Local Assistance and Tribal Consistency Fund
- The provider of the Federal Audit Clearinghouse FAC will change from the Census Bureau to the General Service Administration (GSA) by October 1, 2023. Single Audits with a fiscal period ending in 2023 will be submitted to the new GSA FAC beginning on October 1, 2023. Any draft of a 2022 year end audit that is not fully submitted to the prior FAC by October 1, 2023 may need to be completely re-started at the new GSA FAC (details to come). Any 2023 year-end audits finished before the site is available will need to have their Data Collection Forms completed later, so leave yourself a remember to go back and finish the Data Collection Form.
- Alternative Compliance Examination Engagement – Coronavirus State & Local Fiscal Recovery Fund (ALN #21.027): Many recipients of Coronavirus State & Local Fiscal Recovery Fund monies are now required to have a Single Audit for the first time. To address this additional compliance challenge, OMB has allowed for an alternative approach for eligible recipients of these funds with the goal being to reduce the burden of a full Single Audit on both recipients and practitioners. Certain criterium have to be met to qualify for this option. These criterium are identified in the agency program requirements within the Supplement, under the Other Information section, and in Part 8, Appendix VII – Other Audit Advisories.
OMB Request For Information (RFI) Notice for the Uniform Guidance
The Office of Management and Budget (OMB) is planning a complete update to the Uniform Guidance during 2023 with a full public exposure document expected later this summer. The goals of the forthcoming revision are to revise guidance to incorporate statutory requirements and administrative priorities, revise guidance to reduce agency and recipient burden, clarify guidance by addressing sections that recipients or agencies have interpreted in different ways, and clarify guidance by rewriting applicable sections in plain English, improving flow, and addressing inconsistent use of terms. The OMB issued a Request for Information regarding the Update in which the Government Audit Quality Center issued their response. Key suggestions in their response include the following recommendations:
- Subpart E and Related Appendices: A thorough overhaul of the cost principles is needed to better align the requirements with how they are implemented.
- 200.507 Program-Specific Audits: To alleviate the need for recipients with one program to prepare a SEFA, OMB should consider revising the type of engagement for program-specific audits to a compliance examination engagement.
- 200.519 (c)(2), Criteria for Federal Program Risk. There was an increase in identified high-risk programs due to increased federal funds because of COVID-19. Therefore, OMB should establish specific criteria in the Uniform Guidance for agencies to use when determining a program is high-risk to improve consistency.
- Uniform Guidance Frequently Asked Questions. To reduce the risk of the guidance in the 2 CFR Frequently Asked Questions being overlooked, OMB should consider incorporating it directly into the Uniform Guidance to make it more user-friendly by eliminating the need for auditors and recipients to go to a separate location for guidance.
- 200.516 Audit Findings. To reduce the amount of judgment auditors use when deciding whether specific instances of noncompliance result in questioned costs, OMB should consider defining whether certain common noncompliance instances should result in questioned costs. For example, if there are instances of noncompliance related to subrecipient monitoring, are entire subrecipient payments questioned?
- 200.511 Summary Schedule of Prior Audit Findings and Corrective Action Plan. Requiring both the SSPAF (Summary Schedule of Prior Audit Findings) and CAP (Corrective Action Plan) to be placed on recipient letterhead to reinforce the fact that they are recipient responsibilities.
- 200.516(a)(1) Audit Findings. OMB should eliminate the requirement to report a federal award finding for significant instances of abuse.
- 200.509 Auditor Selection. OMB should clarify that the UG procurement rules are only required to select auditors when audit costs are being charged to a federal program.
- 200.317-200.327 Procurement Standards. OMB should clarify the methods of procurement and when they apply. Based on total purchase order amount or individual transactions? What if multiple time periods?
- 200.504 Frequency of Audits. OMB should provide guidance for auditing stub periods that result from a change in year-end due to mergers, acquisitions, and creation of new entities.
If you have any questions on how these changes will impact your organization’s audit requirements, please contact a member of your audit team.