5 Steps for Performing Single Audits in a COVID Environment
Early in my career, when making the transition from auditing large public companies to auditing nonprofit organizations, I thought, “this will be easier.” Then I started my first single audit engagement, and I was overwhelmed. Years later, and knowing what I didn’t know then, I realized it’s all about following the steps. In light of the pandemic, the same overwhelming feeling came over me. But now, a year later, I understand it’s still all about following the steps. These include the following:
1. Use the Correct Compliance Supplement
Ensure you’re using the correct version of the compliance supplement — the 2020 Addendum that was released in late December 2020. The American Institute of CPAs (AICPA) did an excellent job of describing it in a very brief summary, 2020 OMB Compliance Supplement and Related Addendum (By Section).
2. Obtain the SEFA
Next, obtain the Schedule of Expenditures of Federal Awards (SEFA) from clients. It may not look pretty and, it’s fair to say, it may also be incomplete or even wrong. Nonetheless, it’s a starting point. It’s helpful to provide the listing on pages 4-13 of the “CARES Act and M-20-21 FAQs” to clients and specifically ask if they have received any new or additional funding. Using the current SEFA the client provided, one can even specifically point to the Catalog of Federal Domestic Assistance (CFDA) programs that could be applicable based on their current programs.
Since the completeness of the SEFA is generally high risk on many single audits (especially in light of the new funding streams), it’s wise to perform extended procedures by completing a search for unrecorded grant awards. Additionally, in all instances, one should also obtain a GN-06 report from the State of New Jersey (since some client awards are pass-through funding). If there are any payments that look out of sync or have a different program name or description, ask about it.
3. Update the SEFA
Once you have the SEFA, you’ll need to update it and report any findings that arrived from testing for completeness as well as additional items required for pandemic-related funding. In 2020, this is critical because one needs to: 1) strip out any grants that were received for personal protective equipment (PPE), as the addendum specifies they should not be included; 2) include a footnote to the SEFA, marked as “unaudited” to describe the nature of fair value of PPE received; and 3) separately identify COVID-19 expenditures on the SEFA on a separate line by CFDA number with “COVID-19” as a prefix to the program name.
It is important to note that per the Office of Management and Budget Memorandum M-20-21 and the CARES Act Pub. L. No. 116-136, reporting requirements apply to recipients receiving $150,000 or more in funding related to the pandemic.
4. Complete the Matrix
After identifying major programs — including any “new” programs in light of the pandemic — use the Matrix (in both the compliance supplement and addendum to the supplement) to test internal controls and the specified various compliance components. The addendum advises that for audits of fiscal years after Sept. 30, 2020, regardless of pandemic-related funding, if reporting is identified on the Matrix for a major program that will be tested, the auditor is required to test Federal Funding Accountability and Transparency Act (FFATA) reporting. However, auditors do not have to conduct FFATA testing for clients who do not receive direct federal funding or do not make subawards over certain dollar thresholds.
The basic questions requiring a response are as follows:
- Did the client make a subaward of $25,000 or more?
- If so, did they register in the FFATA Subaward reporting system (FSRS)?
- If so, did they report subaward data through FSRS?
5. Document and Report
Lastly, conclude report and finalize documentation for the audit.
The information available through the OMB, Audit Quality Center, Federal and State Award agencies websites and elsewhere on the internet can be overwhelming. However, considering all of the changes; the reporting may look a little different, but the process generally remains the same. So, the best advice is to just follow the steps.
Colleen Cullari, MBA, is an audit manager at Cullari Carrico, LLC. She is a member of the NJCPA Accounting & Auditing Standards and Nonprofit interest groups.
More content by Colleen Cullari:
This article appeared in the Summer 2021 issue of New Jersey CPA magazine. Read the full issue.