In Brief

The past several years have seen large sums of federal assistance directed to not-for-profit organizations in order to aid in dealing with and recovering from the COVID-19 pandemic. This funding has come with changes to audit requirements for recipients. CPAs advising such organizations should stay up to date on federal programs and single audit requirements.


The COVID-19 pandemic resulted in a tremendous amount of additional federal financial assistance being awarded to nonfederal entities over the past three years. Some of the programs that these funds were awarded from were newly created to aid organizations during the pandemic. This caused significant changes to single audits and the requirements nonfederal entities must comply with.

Brief History of Single Audits

The Single Audit Act of 1984 established requirements for audits of states, local governments, and Indian tribal governments that administer federal financial assistance programs. Federal financial assistance can be in the form of grants, loans, cooperative agreements, noncash contributions or donations of property, food commodities, direct appropriations, loans, loan guarantees, interest subsidies, insurance, and other assistance.

In 1990, the Office of Management and Budget (OMB) administratively extended the single audit process to notfor-profit organizations by issuing OMB Circular A-133, Audits of Institutions of Higher Education and Other Non-Profit Organizations.

In 2013, Circular A-133 and various other circulars were superseded by the issuance of 2 CFR Part 200 Uniform Grant Guidance which, among other changes, codified the administrative requirements and cost principles along with the audit requirements.

Single Audits Pre–COVID-19

The Single Audit Act requires that audits be performed annually, except for certain entities that have been grandfathered in for biennial audits, on behalf of all federal agencies by independent accounting firms or by individual states’ internal auditors. Single audits are intended to provide assurance to the federal government that a nonfederal entity has adequate internal controls in place and is generally in compliance with a program’s requirements. These audits are required when nonfederal entities receive and expend $750,000 or more of federal financial assistance in their fiscal year.

Every year, OMB releases the Compliance Supplement, which provides audit objectives and suggested procedures for auditors to utilize in their single audits. Prior to the additional funding provided due to the COVID-19 pandemic, auditors relied primarily on the OMB Compliance Supplement to plan and execute the single audit. Now, auditors also need to refer to any recently issued addendums to the supplement, federal register postings, and additional guidance issued by individual federal agencies in order to ensure the completeness of their audit procedures.

Single Audits Post–COVID-19

The 2020 Coronavirus Aid, Relief and Economic Security (CARES) Act and the 2021 Coronavirus Response and Consolidated Appropriations Act provided fast and direct economic assistance for American workers, families, small businesses, and industries. The CARES Act implemented a wide variety of programs to address issues related to the onset of the COVID-19 pandemic. The Consolidated Appropriations Act continued many of these programs by adding new phases, new allocations, and new guidance to address issues related to the continuation of the COVID-19 pandemic.

The American Rescue Plan Act of 2021 is a $1.9 trillion economic stimulus package intended to speed up the country’s recovery from the economic and health effects of the COVID-19 pandemic and the ongoing recession. The package builds upon many of the measures in the CARES Act of 2020 and the Consolidated Appropriations Act of 2021.

These laws and the associated additional federal financial assistance resulted in significant changes affecting single audits. The most prominent changes are described in greater detail below.

The Issuance of the OMB Compliance Supplement Addendums

The first OMB Compliance Supplement was issued in the mid-1990s; it is only recently that the OMB felt the need to issue addendums to the annually updated document.

In December 2020, OMB issued an addendum to the August 2020 Supplement, adding 13 new programs, modifying the reporting compliance requirements, and including waivers for USDA programs impacted by COVID-19. For the 2021 Supplement, OMB issued two addenda, which added five new federal programs and changes to four programs that were already included; there were several other new COVID-19 programs that were never included in the two addenda. For the 2023 Supplement, OMB advised that there will not be an addendum—an announcement that was welcomed by auditors as good news.

The Provider Relief Fund (PRF) Program

Now named “Provider Relief Fund (PRF) and American Rescue Plan (ARP) Rural Distribution” (Assistance Listing Number 93.498), this program totals $186.5 billion in funding. The PRF/ARP is intended to help prevent, prepare for, and respond to the COVID-19 pandemic, domestically or internationally, for necessary expenses to reimburse (through grants or other mechanisms) eligible healthcare providers for healthcare-related expenses or lost revenues that attributable to COVID-19.

Providers must use a consistent basis of accounting to determine expenses. PRF/ARP rural distribution recipients may use payments for eligible expenses incurred prior to receipt of those payments (i.e., pre-award costs) dating back to January 1, 2020, so long as these expenses are to prevent, prepare for, and respond to COVID-19.

Recipient organizations may only use payments for eligible expenses, including services rendered and revenues lost, during the period of availability, as outlined in the Exhibit.


Reporting Periods

Payment Received Period (Payments Exceeding $10,000 in Aggregate Received); Period of Availability; PRF and ARP Rural Portal Reporting Time Period Period 1; Apr. 10, 2020—Jun. 30, 2020; Jan. 1, 2020—Jun. 30, 2021; Jul. 1, 2021—Sep. 30, 2021 Period 2; Jul. 1, 2020—Dec. 31, 2020; Jan. 1, 2020—Dec. 31, 2021; Jan. 1, 2022—Mar. 31, 2022 Period 3; Jan. 1, 2021—Jun. 30, 2021; Jan. 1, 2020—Jun. 30, 2022; Jul. 1, 2022—Sep. 30, 2022 Period 4; Jul. 1, 2021—Dec. 31, 2021; Jan. 1, 2020—Dec. 31, 2022; Jan. 1, 2023—Mar. 31, 2023 Period 5; Jan. 1, 2022—Jun. 30, 2022; Jan. 1, 2020—Jun. 30, 2023; Jul. 1, 2023—Sep. 30, 2023

Normally, expenditures reported on the Schedule of Expenditures of Federal Awards (SEFA) must be declared for the same period as the organization’s fiscal year; however, as noted in the Exhibit, payments may have been received in a period earlier than the date being reported on the SEFA. Also, as stated in the Exhibit, amounts are reported on the SEFA when they are received, not when they are expended. The reporting of amounts on the SEFA for different periods than the general purpose financial statements has resulted in issues related to the “in-relation-to” opinion on the SEFA in accordance with AU-C 725 Supplementary Information. During November 2021, the AICPA issued a nonauthoritative Technical Questions and Answers (TQA) to address this issue and advised that auditors may provide an in-relation- to opinion on the SEFA as long as the SEFA can be reconciled back to the underlying accounting and other records used in preparing the financial statements.

In addition to the concept of the reporting of expenditures on the SEFA for periods that did not coincide with the organization’s financial statements, this program introduced two additional new concepts for single audits: funding for lost revenues, and allowable pre-award costs being used to support funds received.

PRF program funds were given to nonfederal organizations and commercial for-profit hospitals and other for-profit healthcare providers. These organizations would be subject to the single audit requirements, or a financial audit performed under Government Auditing Standards, if they triggered the audit threshold. This was not typical, as the single audit requirements were not intended for for-profit entities.

The Shuttered Venues Operating Grant

The U.S. Small Business Administration’s (SBA) Office of Disaster Assistance created the Shuttered Venue Operators Grant (SVOG) program as part of both the Consolidated Appropriations Act (CAA) of December 2020 and the ARPA of March 2021. The program (Assistance Listing Number 59.075) included $16 billion in assistance available to a variety of shuttered venues and production companies, including for-profit entities.

Most of these awards were granted in 2021; however, this program was not included in the 2021 OMB Supplement. Therefore, auditors had to determine which compliance requirements needed to be tested using Part 7 and Part 3 of the supplement.

This program is now included in the 2022 OMB Supplement for nonfederal entities that have year-ends of June 30, 2022, and thereafter. The 2022 OMB Supplement included guidance stating that there is nothing to preclude an auditor from using the guidance in the 2022 Supplement as a resource, along with the guidance in Part 7, when developing the audit approach for organizations that are subject to a single audit under the 2021 Supplement. The SBA also posted the “SVOG Post Application Guidance and Post-Award FAQs” on its website (

This guidance applies to both for-profits and not-for-profits. In July 2022, the SBA also issued on their website for-profit audit guidance titled, “Shuttered Venue Operators Grant Audit and Attestation Requirements for For-Profit Recipients” ( For-profit entities have the later of nine months after the release of the SVOG For-Profit Guidance, which is April 22, 2023, or nine months after the entities’ fiscal year to submit their audit packages to the SBA.

Typically, the audit threshold for a single or program-specific audit of federal awards is based on expenditures. Because for-profit entities are not required to adhere to the audit requirements in 2 CFR Part 200, the SBA has the flexibility to define audit requirements and thresholds specific to the SVOG program. Therefore, the SBA has defined the audit threshold for a for-profit entity that has received an SVOG award based on the GAAP principle of revenue recognition, specifically applied to recognition of an SVOG award. Pre-award costs are allowed.

If a for-profit entity receives an SVOG award and has recognized revenue in the amount of $750,000 or more during the entity’s fiscal year, the entity will select from one of the four audit options:

  • A single audit conducted in accordance with 2 CFR 200, Uniform Guidance;
  • A program-specific audit conducted in accordance with 2 CFR 200, Uniform Guidance;
  • An audit of the entity’s financial statements; or
  • A compliance examination engagement performed under Government Auditing Standards and AICPA AT-C section 315.

This program also was not typical of a pre–COVID-19 single audit, as this federal financial assistance was awarded to for-profit organizations, allowed pre-award costs and expenditures that are not typically allowed in a single audit, such as interest and principal payments on previous debt and alcohol purchases (under certain circumstances).

The Coronavirus State and Local Fiscal Recovery Funds Program

The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program, a part of the ARPA, delivered $350 billion to state, local, and tribal governments across the country to support their response to and recovery from the COVID-19 public health emergency (Assistance Listing Number 21.027). This program resulted in numerous small governmental entities requiring a single audit for the first time. To ease the compliance burden, an alternative to a full single audit or program-specific audit was developed specifically for this program.

The alternative engagement is a compliance examination engagement which is to be performed in accordance with the AICPA Statements on Standards for Attestation Engagements (i.e., AT-C section 315, Compliance Attestation) and Government Auditing Standards. The engagement will focus on two narrowly scoped compliance requirements, related to “Activities Allowed and Unallowed” and “Allowable Cost/Cost Principles.”

This alternative is only available to certain eligible recipients, under the following conditions: CSLFRF recipients that expend $750,000 or more during the recipient’s fiscal year in federal awards and that meet both criteria listed below have the option of following the alternative CSLFRF compliance examination engagement:

  • The recipient’s total CSLFRF award received directly from Treasury or received (through states) as a non-entitlement unit of local government is at or below $10 million; and
  • The other federal award funds the recipient expended (not including their CSLFRF award funds) are less than $750,000 during the recipient’s fiscal year.

This program is clearly federal financial assistance; however, certain recipients are allowed to not have a full single audit, but instead can opt for this alternative compliance examination.

The Additions of Higher-Risk Programs

Before COVID-19, the only program designated as higher risk was the Medicaid Cluster program. But due to the additional risk associated with certain COVID-19 funding, additional programs were designated as higher risk in the 2021 and 2022 Supplements.

These are currently the programs with higher-risk designations:

  • 84.425 Education Stabilization Fund
  • 32.009 Emergency Connectivity Fund Program
  • 93.461 Testing for the Uninsured
  • 93.498 Provider Relief Fund
  • 93.778/93.777/93.775 Medicaid Cluster
  • 20.106 Airport Improvement Program
  • 20.500/20.507/20.525/20.526 Federal Transit Cluster
  • 20.315 National Railroad Passenger Corporation Grants
  • 21.023 Emergency Rental Assistance
  • 21.027 Coronavirus State and Local Fiscal Recovery Funds.

Type A programs (minimum of $750,000 or higher based on the total federal expenditures for all programs) can normally be designated as a low-risk program by their auditors if the program has been audited at least once in the last two years and does not have significant findings in the past year. The higher-risk designation will most likely result in these programs needing to be audited every year unless they meet both of the following criteria:

  • The program otherwise meets the criteria for a low-risk Type A program under section 200.518 of the Uniform Guidance; and
  • The percentage of COVID-19 funding in the program or other cluster during the nonfederal entity’s fiscal year is not material to the program as a whole.

Continuing Challenges

The frequent issuance of addenda to the OMB Supplement, the addition of higher-risk programs, the concept of funding of lost revenues and pre-award costs, and the reporting of expenditures for a different period on the SEFA have made it challenging for not-for-profit auditors to properly perform their single audits as well as for non-federal entities to comply with the new regulations. In addition, many for-profit organizations are now subject to single audits or an alternative for the first time because of initiatives such as the PRF and SVOG programs.

John D’Amico, CPA is a managing director in the professional standards group, CBIZ Marks Paneth, and shareholder of Mayer Hoffman McCann.