Practitioners who perform single audits have never faced an environment as challenging as the one that has developed as a result of the coronavirus pandemic.
Various federal programs have provided hundreds of billions of dollars in new aid under sometimes uncertain terms. Those funds, many of which were awarded under the Coronavirus Aid, Relief, and Economic Security (CARES) Act, P.L. 116-136, have kept many grantees afloat in a financial crisis.
But in some cases the new awards come with terms and conditions that may be confusing or leave auditors waiting for additional explanation from regulators that hasn’t arrived yet.
“We’ve been conducting single audits for a long time, and obviously the types of awards our clients receive ebb and flow slightly over the years,” said Kim McCormick, CPA, a partner who leads the not-for-profit practice at Grant Thornton’s Greater Bay Area office in San Jose, Calif., and chairs the AICPA Governmental Audit Quality Center (GAQC) Executive Committee. “But this year there are brand-new awards that come out of the CARES Act, huge awards that impact our auditees and ultimately impact our single audits in a significant way not only because of their size but because the terms and conditions surrounding their use are not always clear.”
The infusion of relief money means that many recipients will exceed for the first time the $750,000 federal funding threshold that triggers the requirement to undergo a single audit, a procedure first mandated by the Single Audit Act of 1984 as a means of instilling confidence that federal funds are spent properly.
It’s estimated that the Provider Relief Funds for health care providers created a need for thousands more entities to undergo single audits, and that doesn’t take into account new single audits expected from other large new programs such as the Coronavirus Relief Fund and the Education Stabilization Fund.
Amid a rush of new clients, auditors are waiting for guidance on key issues and adjusting on the fly as guidance is changed in some cases.
“Many auditors are out in the virtual field right now, conducting audits for June 30 year-end financial statements and major federal programs, and we’re working around what we don’t know the best we can,” McCormick said. “We are in a holding pattern for many of those audits until the compliance supplement addendum comes out and we get a better view of areas subject to audit along with suggested audit procedures for some of these big, new programs.”
Single audits of organizations with June 30 year ends are due March 31, but advocates are pushing for an extension, as some issues related to single audits remain unsettled by regulators.
Here are tips on how single audit practitioners are handling some of the biggest challenges.
Do what you can and update your teams regularly. While awaiting additional guidance from regulators, single auditors are finding that they need to complete the parts of the audit that they can and put other parts on hold while waiting for more information.
For example, auditors are confused about how regulators expect lost revenues — a concept that has not previously been dealt with in single audits — to be recognized by some recipients of Provider Relief Fund payments. This affects the determination of what is included on the Schedule of Expenditures of Federal Awards (SEFA), as well as what is audited as major programs.
As auditors await additional guidance, procedures in the audit that depend on that guidance may need to be put on hold. In the meantime, it’s important for auditors to keep their teams apprised of the developments in this uncertain environment.
“I set up biweekly recurring calls with our single audit team just to update them on things that have changed in the last two weeks, what they need to be focused on, and what we expect to be coming,” said Lindsey Oakley, CPA, a partner with BKD LLP and a member of the firm’s Not-for-Profit Group and National Governmental Group in Springfield, Mo.
Seek out regulators’ FAQs. Auditors hope the Office of Management and Budget’s (OMB’s) compliance supplement addendum, when it is issued, will outline underlying audit requirements for new programs.
But existing programs that have had additional CARES Act funding may have had rule changes or compliance flexibilities related to the pandemic. If that’s not outlined in the compliance supplement addendum, auditors may need to identify the rules in FAQ guidance issued by federal agencies.
The GAQC has prepared a nonauthoritative summary of new CARES Act programs, which includes whether they are subject to a single audit and provides links to various federal websites where agency FAQs and other guidance can be found. This document can be found on the AICPA website
“The last thing we want to do as auditors is write up a finding for something that’s not a finding,” McCormick said. “But understanding what the rule changes are is a prerequisite to making sure that doesn’t happen.”
Document award timing. Some audit clients are struggling to prepare their SEFA because it’s difficult to figure out exactly when federal funds were awarded. Due to the pandemic, some recipients received the federal cash payments first and the awarding process occurred later.
For June 30 year ends this is a problem because some awards were made before the fiscal year ended and some were made afterward. Auditors should make sure that the awards included on the SEFA are supported with documentation of the date an award was made. Documentation may not be a traditional signed award agreement but instead can include a posting of terms and conditions on a website or an email exchange that confirms the award date.
“The accuracy of the SEFA is critical,” McCormick said, “because we rely on it for determining which programs are actually in scope to audit.”
Be sure pandemic relief is separated on the SEFA. The OMB’s compliance supplement, issued in August, indicated award recipients should separately present coronavirus relief funds on the SEFA. Most funding had already been awarded by the time this guidance came out.
Auditors should make sure these awards are presented separately by clients, and they also may need to do a deeper dive to make sure they understand which awards are from COVID-19 funding. It’s easy to identify funding from new CARES Act programs such as the Provider Relief Fund. But the CARES Act also placed a lot of money into existing programs, making it more difficult to identify as pandemic relief.
“Depending on where the funding came from, it may not be apparently clear that it was from COVID funding, especially if it came through passthrough entities before it got to that recipient,” Oakley said.
Dig into major program determinations. In prior years, the awards listed on the SEFA may have been the same year after year, so it has been easy to identify which ones are high-risk major programs that require additional audit procedures.
That won’t be the case for many audit clients this year because of the abundance of new awards. Any new Type A program (typically $750,000 or more) related to pandemic funding represents a new high-risk federal program requiring the auditor to treat it as a major program.
For Type B pandemic-related programs (typically under $750,000), it’s important for the auditor to carefully consider and document the program risk assessment using the single audit rules for Type B programs.
Pay special attention to internal controls. The new awards, as well as a switch to a more work-from-home environment, may have introduced changes to clients’ internal controls over their federal awards that auditors will need to consider.
“In the same way our clients may have had to reevaluate their controls, we as auditors have to expect that there will be some changes in control environments, and understand them as part of our normal process of getting comfortable with the design and operating effectiveness of those controls,” McCormick said.
Watch for “double dipping.” Some federal grant recipients also received Paycheck Protection Program (PPP) funds. Although the PPP money is not subject to a single audit, these multiple federal funding programs can cause confusion that can lead to double billing.
“Organizations need to be careful which costs they are charging to which pool of funding because they are not able to charge the same cost to multiple funding streams,” Oakley said.
Even auditors who follow all these tips are almost certain to struggle amid the uncertainty related to single audits. But by staying alert for more guidance and completing as much work as possible during the interim, practitioners will give themselves the best chance to deliver a high-quality audit.
For more information on single audits, visit future.aicpa.org/topic/government. The GAQC has many free resources available to both auditors and auditees on its website, aicpa.org/GAQC.
— Ken Tysiac (Kenneth.Tysiac@aicpa-cima.com) is the JofA’s editorial director.
