This guide breaks down the current federal grant audit requirements under 2 CFR Part 200 Subpart F, also known as the Uniform Guidance. We'll cover who must comply, what the audit process involves, and how you can prepare—ensuring you protect your funding and avoid costly mistakes.
TLDR: Federal Grant Audit Requirements at a Glance
- The Trigger: Expending $1 million or more in federal awards requires an audit (effective for fiscal years after Oct 1, 2024).
- The Scope: A CPA firm must audit your financial statements, internal controls, and federal program compliance.
- The Deadline: Submit the audit package to the FAC within 30 days of the report or 9 months after your fiscal year ends.
- The Stakes: Non-compliance can lead to funding suspension, repayment demands, and heightened federal scrutiny.
What Is a Federal Grant Audit and Why Does It Matter?
What Is a Federal Grant Audit and Why Does It Matter?
A federal grant audit is much more than a standard financial review. It’s a rigorous compliance check designed to verify that federal funds were spent exactly as required by law, federal regulations like the Uniform Guidance (2 CFR 200), and the terms of your grant. While a typical financial audit confirms your books are accurate, a federal grant audit asks a tougher question: did you follow every single rule?
The stakes are high. Non-compliance isn't just a paperwork error; it has serious financial and reputational consequences.
Failing an audit can lead to severe consequences:
- Requires repayment of any funds spent on unapproved expenses.
- Freezes current funding by suspending access to your remaining grant balance.
- Bars future eligibility for receiving federal awards.
- Damages your reputation with federal agencies and other funders.
For any organization dependent on federal dollars, a clean audit is essential for maintaining financial stability and securing future grant opportunities.
Who Needs a Federal Grant Audit: The $1 Million Threshold Explained
Who Needs a Federal Grant Audit: The $1 Million Threshold Explained
The primary rule is found in 2 CFR §200.501: any non-federal entity that expends $1,000,000 or more in total federal awards during its fiscal year is required to undergo a Single Audit.
This threshold was updated from $750,000 to $1 million for all fiscal years beginning on or after October 1, 2024. The threshold that applies to your organization depends on its fiscal year start date.
A few key points often cause confusion:
- Applies to total expenditures: The threshold covers all federal funds spent in your fiscal year, not just spending from a single grant or agency.
- Includes more than just cash: The term "expended" also covers non-cash assistance like donated property, insurance, and certain loan balances.
- Counts pass-through funds: Money you receive indirectly from state or local agencies as a "subrecipient" still counts toward the $1 million total.
Some organizations are exempt. If you expend less than $1 million in a fiscal year, you are exempt from the formal Single Audit but must still keep detailed records available for review. For-profit entities and contractors (as opposed to subrecipients) follow different, often program-specific, audit rules.
Understanding "Major Programs" and How They're Selected
Auditors don't test every single grant with the same level of intensity. Instead, they use a risk-based approach defined in 2 CFR §200.518 to select "major programs" for in-depth compliance testing.
First, programs are classified by size into Type A (larger) and Type B (smaller). The auditor then assesses the risk of each program based on prior audit findings and inherent program complexity. This ensures audit resources focus on programs with the most funding and highest risk of non-compliance.
Ultimately, the selected major programs must account for at least 40% of your total federal expenditures. However, organizations that qualify as a "low-risk auditee" by maintaining a clean audit record for two consecutive years only need to have 20% of their expenditures covered, significantly reducing the audit burden.
Single Audit vs. Program-Specific Audit: Which One Applies to You?
Single Audit vs. Program-Specific Audit: Which One Applies to You?
Once you cross the $1 million expenditure threshold, you generally have two audit options. The one you choose depends on how many federal programs you manage.
Single Audit
A Single Audit is the most common type. It's a comprehensive, organization-wide audit required when you expend $1 million or more across multiple federal programs. It has two main components:
- Financial Statement Audit: An auditor reviews your financial statements to ensure they are presented fairly under Generally Accepted Accounting Principles (GAAP).
- Compliance Audit: An auditor tests your major federal programs to verify adherence to all applicable rules and regulations.
The final reporting package is extensive and must be submitted to the Federal Audit Clearinghouse (FAC). Key components include:
- Your organization's financial statements
- A Schedule of Expenditures of Federal Awards (SEFA)
- All auditor’s reports
- A schedule of findings and questioned costs
- Your corrective action plan
Program-Specific Audit
A program-specific audit is a much narrower option. You can only elect this type of audit if you meet two strict criteria:
- You expended federal awards under only one federal program.
- That program's rules do not require a full financial statement audit of your entire organization.
This option is less common because most organizations that receive significant federal funding manage awards from more than one program. If you do qualify, the audit focuses solely on that one program, following the same rigorous standards as a major program test in a Single Audit.
Regardless of the audit type, the process doesn't end with the report submission. The funding agency has six months to issue a "management decision"—an official response that confirms or disputes the findings and outlines required corrective actions, including any fund repayments.
How the Federal Grant Audit Process Works
The audit process follows a clear, four-step progression. Understanding each stage will help you prepare and ensure a smoother experience.
Select a Qualified Auditor Your audit must be conducted by an independent, licensed CPA firm experienced with federal grants and Government Auditing Standards (GAGAS), also known as the "Yellow Book."
The selection process is a formal procurement. You must review the auditor's peer report, evaluate their experience with your specific programs, and verify there are no conflicts of interest.
Prepare the Schedule of Expenditures of Federal Awards (SEFA) This is your responsibility, not the auditor's. The SEFA is a detailed report listing every federal award your organization expended during the fiscal year. Each entry must include the Assistance Listing Number (ALN), program name, and pass-through entity details.
Errors on the SEFA are one of the most common audit findings, so absolute accuracy is critical.
The Audit Itself (Scope and Testing) During the audit, the CPA firm will focus on three key areas:
- Financial Statements: Are they presented fairly and accurately?
- Internal Controls: Do you have processes in place to prevent or detect non-compliance?
- Compliance: Did you follow the specific rules for each major program, such as those related to allowable costs, reporting, and procurement? The auditor will test transactions to verify compliance.
Submission and Deadlines Once the audit is complete, you must submit the final reporting package and a Data Collection Form to the Federal Audit Clearinghouse. The deadline is strict: within 30 days of receiving the auditor's report or nine months after your fiscal year ends—whichever is earlier.
You must also provide copies of the report to any pass-through entities that provided you with funding.
Most Common Federal Grant Audit Findings and What They Cost You
Auditors frequently cite a handful of recurring issues at schools, nonprofits, and government entities. Understanding these common pitfalls is the first step to avoiding them.
- Inaccurate or Incomplete SEFA: Missing federal awards, using incorrect ALNs, or failing to list pass-through details can lead to an immediate finding.
- Weak Internal Controls: This is a broad category that includes poor segregation of duties (e.g., the same person approves and pays invoices), undocumented approval processes, or missing time-and-effort reports for staff who work on multiple grants.
- Compliance Failures: This happens when grant funds are spent on unallowable costs, procurement rules are violated, or programmatic performance goals are not met and documented.
When an auditor finds a potential issue, they may identify "questioned costs." Under 2 CFR §200.516, any known questioned costs exceeding $25,000 for a single compliance requirement must be reported.
These are expenditures the auditor believes may be unallowable, unsupported, or unreasonable. A questioned cost finding can quickly turn into a repayment demand from the federal agency.
Even worse are repeat findings. If the same issue appears in a subsequent audit, it signals a systemic failure to implement corrective actions. This dramatically increases the risk of funding suspension or other serious penalties.
How to Build an Audit-Ready Compliance Framework from Day One
The time to prepare for a federal grant audit is not a few weeks before the auditor arrives. It starts the moment you accept the award. Building a strong compliance framework from day one is the only way to ensure you're always ready.
Foundational Practices:
- Segregate Funds: Maintain separate general ledger codes or fund accounts for each federal award. This prevents commingling of funds and makes tracking expenditures simple.
- Document Everything: Every expenditure charged to a federal grant needs a clear approval trail. You must be able to prove that each cost was allowable, allocable to the grant, and reasonable.
- Reconcile Continuously: Reconcile your grant accounts and your SEFA throughout the year, not just in a panic at year-end. This helps you catch errors early.
Your organization must also establish and maintain effective internal controls over its federal awards. The government’s own guidance in 2 CFR §200.303 points to recognized frameworks like the COSO Internal Control-Integrated Framework or the GAO's "Green Book."
This means conducting an annual risk assessment, designating a point of contact for grant compliance, and running routine internal checks to find problems before your auditor does.
Meeting Program-Specific Requirements
For organizations like K-12 schools, houses of worship, and museums receiving complex federal security grants, the compliance burden is even heavier. It extends beyond finances to include documenting that every security measure funded by the grant meets specific program objectives.
At EMD, our structured grant management process is built to establish this compliance infrastructure from the moment funding is secured. By managing procurement, documentation, and reporting, we help our clients reduce the risk of findings that could jeopardize their critical security projects and future awards.
Frequently Asked Questions
Ensure Compliance with Expert-Led Grant Audit Solutions
Request a quote and our experts will contact you within 24 hours with tailored solutions and pricing.
For immediate assistance, feel free to give us a direct call at (833) 363.6921. You can also send us a quick email at info@emdnyc.com.
For immediate assistance, feel free to give us a direct call at (833) 363.6921. You can also send us a quick email at info@emdnyc.com.