Playing by the Rules Ch. 7
Chapter 7
Audits
Contents Page
7.1 General Audit Requirements .....................................................................................................................7-3
7.2 Internal Control and Compliance Review ..............................................................................................7-4
7.3 Audit Reporting ..............................................................................................................................................7-4
7.4 Auditor Selection/Procurement ................................................................................................................7-5
7.5 Audit Services ..................................................................................................................................................7-6
7.6 Audit Review and Resolution (2 CFR 200.511) .....................................................................................7-6
Exercise for Chapter 7—Audits Questions .....................................................................................................7-8
Exercise for Chapter 7—Audits Answers ........................................................................................................7-9
Playing by the Rules: CDBG Administrative Systems | Chapter 7-1
Playing by the Rules: CDBG Administrative Systems | Chapter 7-2
Notes
Chapter 7: Audits
Typically, you will have an independent auditor (2 CFR 200.1) review your fnancial and program
results to determine whether you are meeting your goals and complying with fnancial manage-
ment requirements. As a recipient of Community Development Block Grant (CDBG) funds, you
share the responsibility with your grantee to ensure that you are expending Federal resources
“efciently, economically, and efectively to achieve the purposes for which the funds were
furnished.”1 The fnancial and performance audits discussed in this chapter and noted in 2 CFR
Part 200, Subpart F—Audit Requirements are designed to ensure that grantees and subrecipi-
ent agencies are accountable to the public and meet this mutual responsibility, in particular for:
1. Financial audit: an independent, objective review of your agency’s fnancial reporting
processes and fnancial statements, indicating they are accurate and complete.
A primary purpose is to give assurance that your agency adheres to specifc fnancial re-
quirements related to your accounting systems and procedures and that your fnancial
statements are prepared in accordance with accepted accounting standards.
2. Performance audit: an independent examination of a program, function, operation, or
management systems and procedures of your agency.
The audit assesses whether your agency has efciently and efectively carried out your
operations and achieved the intended results from your programs.
In general, a formal audit by an independent public accounting (IPA) frm is the third phase of
what may be a four-part examination process. The frst phase involves your internal bookkeep-
ing systems and procedures, including your operating results for a given period of time. Here,
you are comparing your agency’s fnancial and program results for that period against your
overall goals and objectives. A second phase may involve an outside accountant’s collection
and review of your operating data for a given period. However, such a review may be informal
and result in the accountant’s formal opinion as to the reliability and accuracy of the results.
The third phase of the examination, discussed in this chapter, involves a “single audit” that
must be performed by an IPA frm any time your agency expends $750,000 or more in Federal
funds in a year (2 CFR 200.501(a)). The primary goal of the audit is to determine whether your
agency has adequate systems in place to assure that:
• Goals and objectives are met.
• Resources are safeguarded.
• Laws and regulations are followed.
• Reliable data are obtained, maintained, and accurately disclosed.
This level of review should always result in a formal opinion of the accuracy and reliability of
the data presented as expressed in a management letter, included as part of the audit.
The fourth phase of an audit may involve a detailed evaluation by the Government Account-
ability Ofce (GAO) or HUD’s Ofce of Inspector General (OIG). Such a review is designed to
improve the compliance of agencies using Federal funds by identifying and correcting poor
management practices within the agency. These types of audits are not discussed in detail
here, but your grantee or local HUD ofce can provide you with information on GAO and OIG
procedures and standards.
This chapter summarizes Federal requirements for IPA audits of subrecipients subject to the
provisions of the Single Audit Act and discusses:
• General audit requirements (2 CFR 200.501).
• Internal control and compliance reviews (2 CFR 200.61).
• Audit reports (2 CFR 200.515).
• Auditor selection and procurement (2 CFR 200.509).
• Audit costs (2 CFR 200.425).
• Audit review and resolution procedures.
U. S. General Accounting Ofce, Government Accounting Standards (U.S. Government Printing Ofce: Washington,
D.C., 19
1
Playing by the Rules: CDBG Administrative Systems | Chapter 7-3
Notes
Chapter 7: Audits
This chapter summarizes the procedures needed to comply with Federal requirements and
demonstrates how an IPA audit can measure the strengths and weaknesses of your program
to improve your agency’s performance.
AS YOU READ THIS CHAPTER, THINK ABOUT…
1. Which of your agency’s activities may involve or be afected by any of the requirements
summarized in this chapter?
2. Based on prior fnancial reviews or audits, does your agency have sufcient control over your
fnancial situation and your CDBG-related activities?
3. Are there any specifc fnancial or program concerns that you need to address as part of your
next audit?
4. Before your next audit, what fles, records, or procedures need to be organized and updated
so that the auditor can more efciently collect and organize your data to provide feedback
on your fnancial and program results?
7.1 General Audit Requirements
Agencies that expend $750,000 or more in total Federal fnancial assistance in a year are re-
sponsible for obtaining an independent audit in accordance with the Single Audit Act of 1984
(with amendment in 1996) 2 CFR 200, Subpart F—Audit Requirements.
A single audit covers the entire operations of your agency, or at the option of the agency, a series
of audits that cover departments, agencies, and other organizational units that expended or
otherwise administered Federal awards during such audit period. The audit must include both
the entity’s fnancial statements and the Federal funds it has expended (see 2 CFR 200.514(a)).
The total computation of assistance includes all Federal funds received by the entire entity and
not just the department or division receiving the CDBG funding. To determine the amount of Fed-
eral assistance expended, all Federal assistance must be considered, including funds received:
• Directly from a Federal agency.
• Through a state or local government.
• Through nonproft organizations.
• Through any combination thereof (2 CFR 200.502(a-j)).
If you expend less than $750,000 per year in Feder-
al fnancial assistance, you are exempt from Federal
audit requirements. However, your records must still
be available for review by HUD, the grantee, or GAO
(2 CFR 200.337). Also, there may be separate state or
local laws imposing additional audit requirements.
Federal fnancial assistance includes:
• Grants
• Loans
• Contracts
• Cooperative agreements
• Loan guarantees
• Property
• Interest subsidies
If your agency has expended more than $750,000 in a year under only one Federal program and you received no other Federal funding, you may elect to have a program-specifc audit
conducted in lieu of a single audit. If your agency elects this option, the auditor(s) will perform
the compliance testing for the individual grant program in accordance with program-specifc
audits noted in 2 CFR 200.501(c) and 2 CFR 200.507.
Whether your agency has a single audit or a program audit, you will be responsible for provid-
ing the auditor with:
• Access to personnel, accounts, books, records, supporting documentation, and other infor-
mation as needed (2 CFR 200.508(c)).
• Financial statements that refect your fnancial position, results of operations or change in
your net assets, and cash fows for the fscal year (2 CFR 200.510(a-b)).
• A summary schedule of any prior audit fndings noting whether corrective action was taken
and the status of corrective actions not yet completed.
Playing by the Rules: CDBG Administrative Systems | Chapter 7-4
Notes
Chapter 7: Audits
7.2 Internal Control and Compliance Review
See 2 CFR 200.1 Defnitions.
The Single Audit Act requires, among other things, that the independent auditor determine and
report on whether your organization or governmental entity has internal control systems
to provide reasonable assurance that you are managing your Federal assistance programs in
compliance with applicable laws and regulations (see 2 CFR 200.514(c)(2-3)). The auditor will
perform tests of these controls to evaluate the efectiveness of the design and operation of
your policies and procedures in preventing or detecting material noncompliance.
The auditor will also conduct compliance testing (2 CFR 200.514 (c-d)). For the CDBG program,
the auditor will examine a sample of transactions to determine whether:
• Your reported expenditures were for allowable services, and your records document the
eligibility of the benefciaries that received program benefts.
• Your established applicable limitations (such as ceilings on administrative costs, or funding
for public services, as well as allocations for activities to principally beneft low- and moder-
ate-income individuals) were met (24 CFR 570.206).
• Your fnancial reports and claims for advances and reimbursements contain information
that is supported by the systems and records from your basic fnancial statements.
• Program income received was properly recorded and used before drawing additional grant
funds (24 CFR 570.504).
• Your claimed expenses comply with the applicable cost principles and uniform administra-
tive requirements (24 CFR 570.502).
7.3 Audit Reporting
See 2 CFR 200.515.
An audit report must be prepared following the completion of the audit. The auditor’s reports
may be in the form of either combined or separate reports and must state that the audit was
conducted in accordance with 2 CFR 200.515. For a single audit, the report must contain:
• An opinion (or disclaimer of opinion) on whether your financial statements are pre-sented fairly in all material respects in accordance with generally accepted accounting
principles, and an opinion (or disclaimer of opinion) on whether your schedule of Federal
award expenditures is fairly stated in all material respects in relation to your fnancial state-
ments as a whole (2 CFR 200.515(a)).
• A report on your internal control measures over your financial reporting and compli-ance (2 CFR 200.515(b)) with provisions of laws, regulations, contracts, and award agree-
ments, noncompliance with which could have a material efect on your fnancial statements.
This report must describe the auditor’s scope of testing of your internal controls and the
results of these tests and, where applicable, refer to the separate schedule of fndings and
questioned costs (see 2 CFR 200.515(d)). This report is expected to identify your internal
accounting controls and those controls designed to ensure that your Federally-assisted
programs are being managed in compliance with applicable laws and regulations.
• A report on compliance for each major program (2 CFR 200.518) and a report on inter-nal control over compliance describing the auditor’s scope of testing and an opinion (or
disclaimer of opinion) that your organization complied with Federal statutes, regulations,
terms, and conditions of Federal awards for each major Federally-assisted program being
administered (2 CFR 200.515(c)).
• A statement of positive assurance for those items tested.
• Negative assurance for those items not tested.
• A summary of all instances of noncompliance.
• Identifcation of total amounts questioned.
Playing by the Rules: CDBG Administrative Systems | Chapter 7-5
Notes
Chapter 7: Audits
• A schedule of findings and questioned costs must include the following three compo-
nents (2 CFR 200.515(d)):
1. A summary of the auditor’s results (2 CFR 200.515(d)(1)).
2. Findings related to the fnancial statements (2 CFR 200.515(d)(2)).
3. Findings and questioned costs (2 CFR 200.515(d)(3)).
The audit must be completed and submitted within the earlier of 30 calendar days after receipt
of the auditor’s report(s), or 9 months after the end of the audit period. If the due date falls on a
Saturday, Sunday, or Federal holiday, the reporting package is due the next business day (2 CFR
200.512(a)(1)). You must electronically submit the data collection form SF-SAC used in the audit
to the Federal Audit Clearinghouse (FAC) along with a copy of the reporting package indicating
that the audit was completed accordingly (2 CFR 200.512(b)(1)), and provides:
• Information about your organization.
• Your Federal programs.
• The results of your audit.
• Necessary information for Federal agencies to ensure the integrity of Federal programs.
• The data elements and format used, include collections of information from the reporting
package (2 CFR 200.512(c)).
• A signed statement from a senior representative (director of fnance, chief executive ofcer,
chief fnancial ofcer) of your organization indicating:
• Compliance with the preparation and collection of data.
• Exclusion of protected personally identifable information.
• All of the information included is accurate and complete.
• The reporting package and form can be publicly available on the FAC website.
Your auditor must complete the data collection form and sign a statement indicating:
• The source of the information.
• The auditor’s responsibility for the information.
• The form is not a substitute for the reporting package (2 CFR 200.512(b)(3)(c)(1-4)).
• The content is limited to the collection of information prescribed by OMB (2 CFR 200.512(b)
(3)).
You must submit a copy of the reporting package to HUD and your grantee. Unless restricted
by Federal statutes or regulations, you must make copies available for public inspection, en-
suring the reporting package does not include protected personally identifable information (2
CFR 200.512(a)(2)).
You should maintain copies of your audit reports on fle for a minimum of 4 years from the
date of their issuance. Similarly, you should ensure that your auditor maintains copies of their
audit work information for a minimum of 4 years from the date of the report issuance. If there
remain unresolved audit issues at the end of this 4-year period, you should notify the auditor
in writing to extend the retention period.
7.4 Auditor Selection/Procurement
In arranging for audit services, you must follow the procurement requirements found in 2 CFR
200.509(a-c). You must ensure that small audit frms and audit frms owned and controlled
by minorities or women have the maximum practicable opportunity to participate in audit
contracts (2 CFR 200.321).
Your request for proposals for audit services should clearly state the objectives and scope of
the audit. In selecting an auditor you should consider such factors as:
• The responsiveness to the request for proposal.
• Relevant experience.
Playing by the Rules: CDBG Administrative Systems | Chapter 7-6
Notes
Chapter 7: Audits
• Availability of staf with professional qualifcations and technical abilities.
• The results of peer and external quality control reviews.
• Price.
An auditor who prepares an indirect cost proposal or allocation plan cannot also perform your
audit when your organization receives indirect costs in excess of $1 million. This restriction
applies to the year the auditor prepared your indirect cost proposal or allocation plan and any
subsequent years where this indirect cost agreement or allocation plan is used to recover costs
(2 CFR 200.509(b)).
7.5 Audit Services
See 2 CFR 200.425.
A reasonably proportionate share of the costs of audits made in accordance with the Single
Audit Act Amendments of 1996 (2 CFR 200.425(a)) is an allowable charge to Federal assistance
programs. This charge can be treated as either a direct cost or an allocated indirect cost.
For allocated indirect costs, the percentage of costs generally charged to Federal assistance
programs for a single organization-wide audit should not exceed the percentage that your
organization’s Federal funds represent of total funds expended during the applicable year. The
percentage may be exceeded, however, if appropriate documentation demonstrates higher
actual costs.
The following audit charges are not allowed:
• When the audit(s) is not conducted in accordance with the Single Audit Act Amendments
and Subpart F—Audit Requirements (2 CFR 200.425(a)(1)).
• When auditing an organization whose Federal award expenditures are less than $750,000
during its fscal year (2 CFR 200.425(a)(2)).
7.6 Audit Review and Resolution
See 2 CFR 200.511.
As noted in section 7.3 above, you must provide a copy of the reporting package to HUD and
your grantee. Unless restricted by Federal statutes or regulations, you must make copies avail-
able for public inspection, ensuring the reporting package does not include protected per-
sonally identifable information. In its role as the entity providing the funds, your grantee will
review all such reports to determine whether they meet relevant standards and are acceptable.
Your organization must establish a system to ensure a timely and appropriate resolution to
audit fndings and recommendations. This system must address both independent audits per-
formed relative to the Single Audit Act and audits completed on your organization’s operations
by the HUD OIG, GAO, or other governmental bodies.
Your frst step in the resolution of an audit is the preparation of your “Management Response”
to the fndings and recommendations in the audit report for follow-up and corrective action
on all audit fndings. Your response should provide a summary schedule of any prior audit
fndings (2 CFR 200.511(b)) noting:
• If the audit fndings were fully corrected (2 CFR 200.511(b)(1)).
• If the audit fndings were not corrected or only partially corrected—the summary schedule
must describe the reasons (2 CFR 200.511(b)(2)).
• The audit fndings are no longer valid or warrant no further action (2 CFR 200.511(3)).
• For fndings/recommendations with which your organization agrees: Information on the
actions you have taken (or plan to take) to correct the specifed noncompliance or fnancial
system defciencies.
• For fndings/recommendations with which your organization does not agree: The basis for
your belief that an audit fnding or recommendation is inaccurate or inappropriate, includ-
Playing by the Rules: CDBG Administrative Systems | Chapter 7-7
Notes
Chapter 7: Audits
ing relevant documentation.
Typically, the written management response is due within 30 days of your organization’s re-
ceipt of an audit report. If, in its management response, your organization disagrees with any
of the audit fndings or recommendations, your grantee will re-examine the points in question
to determine whether any revisions to the report’s fndings and recommendations are war-
ranted and issue a management decision concerning the fnding(s) or recommendation(s) (2
CFR 200.521) within six months of acceptance of the audit report.
If your organization agrees with the fndings and recommendations, or if your challenge to the
audit report is not upheld in the grantee’s management decision, the next step in the resolu-
tion process is:
• The development of a corrective action plan.
• Implementation of procedures to prevent the defcient conditions from re-occurring.
This corrective action plan must address each audit fnding and provide:
• The name(s) of the contact person(s) responsible for the corrective action.
• The action planned.
• The anticipated completion date (2 CFR 200.511(c)).
In general, action to correct fndings or to implement recommendations must be initiated as
rapidly as possible and begin no later than upon receipt of the audit report (2 CFR 200.521(d)).
Your grantee may perform a site visit or require documentation that the corrective action has
been implemented or may require your organization’s independent auditor to report on wheth-
er you have implemented the prior year’s corrective action plan and/or recommendations.
A “repeat finding” (a defciency or area of noncompliance that appears in more than one suc-
cessive audit for your organization) will be viewed very seriously by a grantee and can result
in special conditions being attached to your organization’s CDBG funding or other sanctions (2
CFR 200.505 and 2 CFR 200.339).
Occasionally, the fndings from an audit will result in “questioned costs.” Your organization’s
costs associated with its CDBG funding may be questioned for any of the following reasons:
• There is inadequate documentation to support the expenditure or the amount charged to
the grant.
• The expenditure does not appear to be related to the grant project.
• You incurred the cost outside the efective period of the subrecipient agreement or before
environmental review clearance was achieved.
• The expense is unallowable under the program regulations and applicable cost principles
(2 CFR 200.410).
• The cost required the prior approval of the grantee, and no prior approval was obtained (2
CFR 200.407).
To resolve a questioned cost (2 CFR 200.1), you must:
• Provide the missing documentation to support the expenditure and amount.
• Ofer a detailed explanation of how the cost relates to the grant program.
• Seek retroactive approval for an expense that required prior approval (which your grantee
may or may not give).
If you are not able to resolve a questioned cost to the satisfaction of the auditor and/or your
grantee, the expense will be disallowed. A disallowed expense for which Federal funds were
originally used must be reimbursed from non-CDBG/non-Federal funds. On occasion, you may
be able to negotiate a repayment schedule with your grantee or the other relevant ofcials
(e.g., HUD/OIG representatives).
Playing by the Rules: CDBG Administrative Systems | Chapter 7-8
Notes
Chapter 7: Audits
Exercise for Chapter 7—Audits Questions
Circle the correct answer.
1. A nonproft subrecipient that has expended $35,000 in Federal fnancial assistance in a
year from multiple Federal programs must have:
a. An audit of its entire operations.
b. A program-specifc fnancial audit for each Federal award.
c. Either (a) or (b).
d. No audit is required.
2. A nonproft subrecipient that has expended a total of $750,000 in Federal fnancial assis-
tance in a single year, but only from one Federal program, must have:
a. An audit of its entire operations.
b. A program-specifc fnancial audit for the Federal award.
c. Either (a) or (b).
3. Which of the following are necessary components of a fnancial audit report under the
Single Audit Act? Select all that apply.
a. An organizational chart or description of the entity’s organizational structure.
b. Financial statements and schedule of Federal assistance.
c. An inventory of non-disposable property.
d. An itemization of personnel positions and salaries.
e. An evaluation of internal control systems.
f. A report on compliance.
g. An assessment of the entity’s efciency and efectiveness in its operation of the
Federal program(s).
4. A subrecipient may procure independent audit services from any source of its choosing.
TRUE FALSE
5. Cost considerations must be the dominant factor in the selection of auditors.
TRUE FALSE
6. Since the Single Audit Act mandates a single audit for nonproft subrecipients that expend
a total of $750,000 or more in a single year from multiple Federal programs, the nonproft
can charge the full cost of the audit to those Federal programs.
TRUE FALSE
The answers are on the next page.
Playing by the Rules: CDBG Administrative Systems | Chapter 7-9
Notes
Chapter 7: Audits
Exercise for Chapter 7—Audits Answers
1. (d) No audit is required. No audit is required because the subrecipient expended less
than the $750,000 in total Federal assistance that would have triggered the requirement
for an audit.
2. (c), Either (a) or (b).The subrecipient may have either type of audit.
3. (b), (e), and (f).
4. FALSE. Subrecipients must follow procurement rules in either the Federal Acquisition
Regulation or in 2 CFR 200, Subpart D, as applicable.
5. FALSE. Cost should only be a selection factor when the other selection criteria such as the
qualifcations and independence of the frms being considered have been met.
6. TRUE. Since the audit is a mandated Federal requirement, the Federal programs can pay
the full cost of the audit.