If you haven't renewed your PICPA membership yet, do so today to avoid losing access to your benefits! Renew now.

CPA Now Blog

Best Practices in Single Audit Testing

Single audits are required when a governmental or nonprofit entity expends more than $750,000 of federally allocated funds in their fiscal year. In recent years, the number of single audits has increased significantly. This blog looks at four areas of focus to conduct an effective single audit.

Mar 11, 2024, 03:47 AM

Brian McCallBy Brian T. McCall, CPA, CGFM

Single audits are required when a governmental or nonprofit entity expends more than $750,000 of federally allocated funds in their fiscal year. With the influx of both new and expanded federally funded programs over the past few years, the number of single audits has increased significantly. Single audits help grantors determine if an entity has complied with direct and material requirements for certain federal programs, as well as provide insight into the internal controls in place over those federal programs.

To conduct an effective single audit, there are four areas of focus:

  • Determination of federal awards expended and reported on the Schedule of Federal Awards (SEFA).
  • Determination of the “major” programs – those programs to be tested in detail.
  • The actual testing of the major programs.
  • Ensuring appropriate reporting of the results.

Auditor reviewing graphs, pie charts, and financial documentsIn all the areas bulleted, remember that the best tool to ensure you comply with the complex single audit rules is documentation. As federal guidance on the use of federal awards seems to change quickly and constantly, there are now more “gray” areas than ever before. Be sure to document your rationale in evaluating and testing these federal programs.


The SEFA serves as the foundation for determining the major programs requiring single audit testing. Without an accurate SEFA, you could end up selecting a program that didn’t need to be tested or, worse, you end up not selecting a program that should be tested! The most commonly used procedures to ensure a client has provided you with an accurate SEFA include a reconciliation of SEFA amounts to amounts reported on the financial statements and obtaining confirmation of federal funds awarded/paid to your client or a review of grant agreements. Always ensure the amounts reported on the SEFA are based on expenditures, not revenues. And don’t forget to check for clusters, which are certain federal programs that are grouped together and treated as one program for single audit purposes.

Major Program Determination

Major program determination can be one of the more complex areas in a single audit. Ensure you closely follow your checklists for this process. They will walk you step by step through the complexities.

Determine if the client is a low-risk auditee, and also perform the risk assessment for Type A and Type B federal programs. To be considered a low-risk auditee, there must be no modification to the compliance opinions or material weaknesses in internal controls in the prior two audits, and the audits must have been submitted timely to the Federal Audit Clearinghouse. It is similar for the evaluation of an individual federal program as high risk or not high risk. Please be aware that there have been multiple waivers regarding the timing of audit submissions in recent years, as well as certain COVID programs that are deemed to be higher risk by the federal government. Make sure you are aware of these tagged programs since they may require a program to be tested, regardless of auditor judgment of risk.

Direct and Material Compliance Areas and Testing

Did you know the federal government is only allowed to select six of the predetermined compliance areas to be direct and material for the auditors to test? But you should also determine if those areas are direct and material to your client. Much of the guidance in the Office of Management and Budget Compliance Supplement is focused on first-tier recipients, such as states, and might not apply to how your client uses the funding. Whatever you determine as direct and material, be sure to document how you reached your conclusion.

When you start your testing, discuss the internal controls with your client. I try to always start with, “What do you do to make sure XYZ is approved/reported/captured correctly?” Many times, internal controls over compliance differ greatly from the controls we might test during a financial statement audit.

Also, determining your population could range from very easy to very hard. Is it a single grant for a single project? Are multiple state and federal grants being spent on a wide-ranging project? Were federal expenditures tracked separately in the general ledger or just the revenues? Is the grant for a single year or multiple years? Remember to determine if the dollars spent were federal in nature or not. You can often look to what was reported to the grantor as a check against what you see on the SEFA, as those amounts should reconcile.

One final area of focus is procurement. There are many governments and nonprofit entities that previously did not receive significant federal funding, but that changed over the past few years. Often, these entities do not have purchasing policies updated to comply with federal procurement regulations and may simply be following municipal code or their internal policy. Purchasing cooperatives often do not meet the federal requirements for obtaining quotes. Spend a little extra time in this area and in determining the types of expenditures.


For all involved, hopefully there are no findings to report as the result of a single audit, but findings are not uncommon. These findings require attention to detail to ensure you report all of the required components. Make sure you determine if the finding is solely internal control related, or if it’s also a noncompliance finding. A noncompliance finding represents an instance of material noncompliance. If the noncompliance isn’t material, it should not impact the compliance opinion.

Finally, remember that we report on internal control; we don’t give an opinion on internal control. So, even if there are no functioning internal controls over certain compliance areas, you wouldn’t modify your opinion. Instead, you would report a significant deficiency or material weakness in internal control.

Brian T. McCall, CPA, CGFM, is vice president at Maher Duessel in Pittsburgh. He can be reached at bmccall@md-cpas.com.

Sign up for PICPA's weekly professional and technical updates by completing this form.

Statements of fact and opinion are the authors’ responsibility alone and do not imply an opinion on the part of the PICPA's officers or members. The information contained herein does not constitute accounting, legal, or professional advice. For actionable advice, you must engage or consult with a qualified professional.

PICPA Staff Contributors


Statements of fact and opinion are the authors’ responsibility alone and do not imply an opinion on the part of PICPA officers or members. The information contained in herein does not constitute accounting, legal, or professional advice. For professional advice, please engage or consult a qualified professional.

Stay informed about
PICPA blogs, upcoming events, and more

Subscribe to PICPA communications