Peer Review

Audit Practitioner Alert - Single Audit Quality Concerns

Firms that conduct audits for organizations receiving federal awards should be aware of recent industry, regulatory and professional developments in performing single audits.  Most notably, the quality of audits performed in accordance with Circular A-133 and the Single Audit Act Amendments of 1996 (the Single Audit Act) have come under scrutiny.

Several federal agencies’ Offices of Inspector’s General (OIGs) have recently expressed concerns about the quality of these audits during congressional oversight hearings on the Single Audit Act.   Together with other federal agencies, they announced their intent to consider developing a comprehensive, statistically based benchmark measure of single audit quality and to continue to monitor audit quality over time.   Some agencies will begin to measure the quality of audits submitted to the Federal Audit Clearinghouse (FAC) for single audits in the coming months.

The OIG findings of substandard audits have resulted and will continue to result in referrals to state licensing officials and, if they are members, to the AICPA for disciplinary action. Recent peer reviews and AICPA disciplinary investigations also have found deficiencies in single audits.  Deficiencies detected through the disciplinary process could result in published suspensions or expulsions from AICPA membership.

The AICPA and the Pennsylvania Institute of CPAs urges firms that conduct audits to consider their quality control policies and procedures applicable to Circular A-133 single audits. Members with specific questions about single audits, should call the AICPA Technical Hotline at 1-888-777-7077.  Below are some commonly noted deficiencies in conducting single audits. 

Deficiencies Commonly Noted in Circular A-133 Single Audits

• Failure to audit as major programs Type A programs not qualifying as low-risk.  Circular A-133 requires a Type A program to be audited as a major program unless it qualifies as low risk.  For a program to be considered low risk, it must, among other criteria, have been audited as a major program in at least one of the two most recent audit periods.  Applying these criteria has led to many errors.  No auditor judgment is permitted in evaluating this historical two-year look-back criterion, and the reason why a Type A program was not audited in the prior two audit periods is irrelevant. Errors often occurred when a Type A program was not audited in the first year it became a Type A program (e.g., a new program or a program that had previously been Type B). See the refresher on selecting major programs for Circular A-133 audits in Appendix B to this Alert.

• Failure to audit Type A programs as major because of errors made in determining the Type A/Type B program dollar threshold.  Circular A-133 includes criteria for determining the dollar threshold for Type A programs.  Any program that does not meet these criteria is considered a Type B program. No rounding is permitted for this threshold. Some auditors made mathematical computation errors in determining the threshold and some erroneously based calculations on interim rather than final federal awards expended amounts.

• Failure to audit all programs included in a cluster of programs.  Clusters are defined in Part 5 of the Compliance Supplement and should be considered as one program in determining major programs. A significant number of errors were made by auditors in identifying programs as part of a program cluster.

• Failure to meet the percentage-of-coverage requirement in Circular A-133, section 520(f).  The percentage-of-coverage requirement is applied as the last step in the risk-based approach and must always be met.  At least one program must always be audited as a major program.  The OIGs found significant errors in the reviewed audits' compliance with the percentage-of-coverage requirement.

• Inadequate or outdated reference material.  The auditor used inadequate or outdated reference material related to the engagement performed.  Be sure to keep up with new SASs and newly issued accounting standards and to use the most current versions of the Compliance Supplement, Yellow Book, and SOP 98-3.  If using a federal agency audit guide, make sure it’s up-to-date.

• Audit programs that fail to address all requirements.  The audit program did not always address all applicable Circular A-133 requirements. When developing audit programs, be sure to consider the most up-to-date reference materials (see the bullet above).  Also, chapter 4 of SOP 98-3 provides useful guidance for planning a single audit.

• Engagement letter deficiencies.  The engagement letter did not include proper references to Circular A-133 requirements or record retention policies, or include a copy of the latest peer review report. Refer to SAS No. 89, Establishing an Understanding with the Client, as amended by SAS No. 89, Audit Adjustments (AICPA, Professional Standards, vol. 1, AU sec. 310) for a listing of the matters that generally should be included when the auditor establishes an understanding with the auditee.  SOP 98-3 also includes additional matters that the auditor might want to consider in the communication when engaged to perform a single audit.

• Inadequate Government Auditing Standards reports.  The required Government Auditing Standards reports for internal control or compliance were not prepared or were not referred to in the report on the financial statements.  You need to prepare Yellow Book reporting when the audit is required to be performed in accordance with Government Auditing Standards (either by law, regulation, or contract).  Remember that there is also a linkage paragraph required in the report on the financial statements that informs the reader that the Yellow Book report has been issued and that it is an integral part of the audit and should be read in conjunction with the financial statement report. SOP 98-3 includes illustrative Yellow Book reporting with recommended AICPA wording.

• Inadequate Circular A-133 reporting.  The appropriate Circular A-133 reports were not included in some cases.  In others, the appropriate report wording was not used. You are required to issue a Circular A-133 report in every single audit. SOP 98-3 includes illustrative Circular A-133 reporting with recommended AICPA wording. Sometimes the Circular A-133 report was not modified when it appeared that it should be.  When the audit of an auditee's compliance with requirements applicable to a major program detects material instances of noncompliance with those requirements, you should express a qualified or adverse opinion.  Chapters 6 and 10 of SOP 98-3 discuss compliance auditing requirements and auditor reporting.

• Problems with compliance and internal control work.  In some cases, the required compliance testing was not performed, sometimes because the auditor did not follow the guidance in Part 7 of the Compliance Supplement for identifying the applicable compliance requirements to test and report on.  In others, internal control and compliance tests were not adequately designed or documented to support the reports issued. In performing compliance tests, be sure that you have identified the applicable compliance requirements—those that may have a direct and material affect on each major program. It is imperative that you use the most recent version of the Compliance Supplement to make this identification.  If the program you are auditing is not included in the Supplement, follow the guidance in Part 7 of the Supplement for identifying the applicable compliance requirements. Further, in performing compliance tests, be sure to consider relevant portions of the entity's internal control over compliance.  Remember that you must test controls unless they are likely to be ineffective in preventing or detecting noncompliance.  Consult SOP 98-3, chapter 6 and 8, for detailed guidance on both compliance and internal control testing. Also, Appendix C of this Alert includes a Circular A-133 Audit Internal Control Refresher. 

• Inadequate management representation letter.  The management representation letter did not follow the requirements of SAS No. 85, Management Representations, as amended (AICPA, Professional Standards, vol. 1, AU sec. 333), or include the additional representations required by SOP 98-3 for a Circular A-133 audit.  You should refer to both SAS No. 85 and SOP 98-3 to ensure all required components of the management representation letter are included.  Also, the AICPA non-authoritative Circular A-133 publication titled, Auditing Recipients of Federal Awards: Practical Guidance for Applying OMB Circular A-133, Audits of States, Local Governments, and Non-Profit Organizations, Second Edition, includes an illustrative representation letter.

• Problems with the schedule of expenditures of federal awards.  The schedule of expenditures of federal awards was not presented or reported on.  Circular A-133 requires the auditor to determine whether the schedule of expenditures of federal awards is presented fairly in all material respects in relation to the auditee's financial statements taken as a whole.  The schedule, prepared by the auditee, reports the total expenditures for each federal program.  You should refer to chapters 5 and 10 of SOP 98-3, which cover the identification of federal awards, the general presentation requirements governing the schedule, pass-through awards, non-cash awards, endowment funds, and the auditor's reporting on the schedule. 

• Noncompliance with Yellow Book Continuing Professional Education (CPE) and audit documentation requirements. Under the Yellow Book, certain auditors must complete 80 hours of CPE every two years with at least 24 of those hours in subjects directly related to the government environment and to government auditing.  Further, the Yellow Book contains audit documentation requirements that are in addition to those required by GAAS.  You should refer to the Yellow Book for the detailed requirements in these areas, as well as SOP 98-3.  Further, the GAO has issued an Interpretation of Continuing Education and Training Requirements—Government Auditing Standards that is helpful in understanding the specific CPE requirements for auditors working on audits performed in accordance with Government Auditing Standards.

• Audit documentation lacking.  In some cases, audit documentation did not make it clear that major programs were properly identified.  Further, problems with audit documentation could be the root of other problems discussed earlier in this section.  You should refer to SAS No. 96, Audit Documentation (AICPA, Professional Standards, vol. 1, AU sec. 339), for the new AICPA requirements in this area. SAS No. 96 is also discussed further in the section of this Alert entitled, "Audit and Attestation Issues and Developments." It is important also to remember that the Yellow Book requires that the auditor prepare working papers such that an experienced auditor having no previous connection with the audit can ascertain from them the evidence that supports the auditor's significant conclusions and judgments. 

• Noncompliance with federal audit guides.  It was found that auditors did not always appropriately follow certain federal audit guides.  Chapter 11 of SOP 98-3 discusses program-specific audits and the use of federal audit guides.  

The following AICPA resources are available to assist firms in conducting single audits.

• Audit Risk Alert, Audits of Organizations Receiving Federal Awards: Single Audits Performed in Accordance with Office of Management and Budget Circular A-133, Audits of States, Local Governments, and Non-Profit Organizations-2002.  This alert provides a more complete description of the federal OIG findings and additional sources of guidance in performing single audits.

• Statement of Position (SOP 98-3, Audits of States, Local Governments, and Not-for-Profit Organizations Receiving Federal Awards)

• Auditing Recipients of Federal Awards: Practical Guidance for Applying OMB Circular A-133, Audits of States, Local Governments, and Non-Profit Organizations, Second Edition (product no. 006607kk).  This Practice Aid contains comprehensive analyses and guidance on applying OMB Circular A-133, including numerous audit checklists and illustrative examples to help auditors comply with regulations.

If you would like to order the resources above, please call the AICPA/CPA2Biz Customer Service Center at (888) 777-7077 or fax (800) 362-5066.