May 1992 PCIE Position Statement No. 6 ISSUE Not-for-profit organizations, auditors, and Inspectors General need clarifications and additional guidance to effectively implement the Office of Management and Budget ("OMB") Circular A-133 ("A-133"). BACKGROUND AND DISCUSSION A-133 was issued March 8, 1990, to implement the single audit concept for not-for-profit organizations. A-133 supersedes the audit provisions of OMB Circular A-110. While preparing for and performing the first A-133 audits, not-for-profit organizations and their auditors have raised a number of questions to the Inspectors General. The following questions and answers have been prepared from questions frequently asked. The purpose is to provide clarifications and additional practical working guidance to those participating in A-133 audits. POSITION The Inspectors General should provide guidance to not-for-profit organizations and their auditors consistent with the following questions and answers. Also, Inspectors General should accept A-133 audits which they determine to be consistent with A-133 and the guidance in these questions and answers. Issued by the President's Council on Integrity & Efficiency Standards Subcommittee PRESIDENT'S COUNCIL ON INTEGRITY & EFFICIENCY Standards Subcommittee (1991-1992) James B. Thomas, Jr., Chairman, U.S. Department of Education Paul A. Adams, U.S. Department of Housing & Urban Development John J. Connors, U.S. Department of Housing & Urban Development John C. Martin, Environmental Protection Agency Leon Snead, U.S. Department of Agriculture Hubert Sparks, Appalachian Regional Commission The Standards Subcommittee gratefully acknowledges the contributions made by: U.S. Department of Education: (Project Managers) Terry Ramsey George Rippey Agency for International Development: John Competello Roosevelt Holt U.S. Department of Agriculture: Herbert Gruenebaum U.S. Department of Health & Human Services: Barbara Bennett John Fisher U.S. Department of Housing & Urban Development: Peter Bell U.S. Department of Labor: Jerry Cubbison Environmental Protection Agency: Gary Greening National Science Foundation: Clifford Bennett Office of Management and Budget: Palmer Marcantonio The Standards Subcommittee also gratefully acknowledges the contributions by the American Institute of Certified Public Accountants, National State Auditors Association, public accounting firms, and all others who commented and provided input on the draft questions and answers. CONTENTS Page PCIE Position Statement No. 6. . . . . . . . . . . . . . . . . . . . . . i Standards Subcommittee . . . . . . . . . . . . . . . . . . . . . . . . . ii Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1. Effective Date and Implementation of A-133 . . . . . . . . . . 1 2. Audits Before Federal Agency Implements A-133. . . . . . . . . 1 3. Status of PCIE Position Statement No. 5. . . . . . . . . . . . 1 4. Audit Guidance During A-133 Implementation . . . . . . . . . . 2 Audit Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 5. When Audit Required - Program-Specific or Single Audit . . . . 3 6. Only Prior Year Loans. . . . . . . . . . . . . . . . . . . . . 3 7. Basis for Determining Awards Received. . . . . . . . . . . . . 4 8. Medicare . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 9. Medicaid . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 10. If Receive Only SFA or R&D -- Program-Specific Audit . . . . . 5 11. $20,000 R&D and $100,000 SFA . . . . . . . . . . . . . . . . . 6 12. Matching Funds . . . . . . . . . . . . . . . . . . . . . . . . 7 13. Organization Associated with a Not-for-profit. . . . . . . . . 7 14. Total Over $100,000; Each Award Less Than $25,000. . . . . . . 8 15. Free Rent Over $100,000. . . . . . . . . . . . . . . . . . . . 8 16. Foreign Not-for-profit Organizations . . . . . . . . . . . . . 8 17. Additional Audit Requirements for Subrecipients. . . . . . . . 9 Audit Requirements - A-128 or A-133. . . . . . . . . . . . . . . . . . . 10 18. Not-for-profit Subrecipient Previous A-128 Audit . . . . . . . 10 19. Determining If Subrecipients Follow A-128 or A-133 . . . . . . 10 20. Institution of Higher Education - A-128 or A-133 . . . . . . . 10 Program-Specific Audits. . . . . . . . . . . . . . . . . . . . . . . . . 11 21. Program-Specific Audit Definition. . . . . . . . . . . . . . . 11 22. Program-Specific Audit Reporting . . . . . . . . . . . . . . . 11 23. Compliance Requirements in Program-Specific Audits . . . . . . 12 Major and Nonmajor Programs. . . . . . . . . . . . . . . . . . . . . . . 13 24. Program Definition . . . . . . . . . . . . . . . . . . . . . . 13 25. Major Program Test . . . . . . . . . . . . . . . . . . . . . . 13 26. Loan and Loan Guarantee Programs . . . . . . . . . . . . . . . 14 27. Guaranteed Student Loans Not Made by the Institution . . . . . 14 28. R&D (SFA) Programs - Two Over $100,000 & One Under . . . . . . 15 Reporting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 29. Schedule Presentation of R&D, SFA, Individual Awards . . . . . 16 30. Audit Reporting Required by A-133 . . . . . . . . . . . . . . 18 31. Combined Audit Reports . . . . . . . . . . . . . . . . . . . . 20 32. Including Additional Schedule with Audit Report. . . . . . . . 20 33. Audit Due Date . . . . . . . . . . . . . . . . . . . . . . . . 21 34. Distribution of Audit Reports. . . . . . . . . . . . . . . . . 21 35. Audits in Addition to A-133 Requirements . . . . . . . . . . . 22 36. Reporting Expenditures in Excess of Award. . . . . . . . . . . 22 37. GAAP Statements. . . . . . . . . . . . . . . . . . . . . . . . 22 38. Program-Specific Audit vs. Single Audit Reporting . . . . . . 23 39. Audit Period Fiscal Year . . . . . . . . . . . . . . . . . . . 23 40. CFDA Number Unknown or Not Available . . . . . . . . . . . . . 24 Audit Findings and Resolution. . . . . . . . . . . . . . . . . . . . . . 25 41. Audit Findings . . . . . . . . . . . . . . . . . . . . . . . . 25 42. Criteria for Nonmaterial Compliance Findings . . . . . . . . . 26 43. Criteria for Reportable Conditions . . . . . . . . . . . . . . 27 44. Management's Responsibility for Audit Findings . . . . . . . . 27 45. Audit Findings Resolution. . . . . . . . . . . . . . . . . . . 28 Subrecipient and Vendor. . . . . . . . . . . . . . . . . . . . . . . . . 30 46. Distinguishing Between Subrecipient and Vendor . . . . . . . . 30 47. Recipient Monitoring Responsibility for Subrecipient . . . . . 31 48. Recipient Auditor's Responsibility for Subrecipient. . . . . . 31 49. Recipient & Auditor's Responsibility over For-Profit Subrecipient . . . . . . . . . . . . . . . . . . . . . . . . . 32 50. Subrecipient Audit Effect on Recipient Audit . . . . . . . . . 33 51. Recipient Consequences When No Subrecipient Audit. . . . . . . 33 52. Recipient Program-Specific Audit of Subrecipient . . . . . . . 33 53. Use of Internal Auditor to Audit Subrecipient. . . . . . . . . 34 54. Audit When Subrecipient Not Aware of Federal Award . . . . . . 34 55. Federal Part of Award to Subrecipient Unknown. . . . . . . . . 35 56. Individual Student Receiving Over $25,000. . . . . . . . . . . 35 57. Not-for-profit Compliance Responsibility for Vendors . . . . . 35 58. Auditor's Compliance Responsibility for Vendors. . . . . . . . 36 Internal Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 59. Auditor's Internal Control Responsibility. . . . . . . . . . . 37 60. 50% Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 61. Cyclical Approach for Other Nonmajor Programs. . . . . . . . . 38 Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 62. Auditor's Compliance Responsibility. . . . . . . . . . . . . . 40 63. Guidance for Compliance Tests. . . . . . . . . . . . . . . . . 40 64. Financial Reports & Allowable Costs/Cost Principles. . . . . . 41 65. Compliance Responsibility - Related Party Transactions . . . . 42 66. Responsibility for Testing Indirect Costs. . . . . . . . . . . 42 67. Responsibility for Program Income. . . . . . . . . . . . . . . 43 68. Drug-Free Workplace Act. . . . . . . . . . . . . . . . . . . . 43 Sampling; Sample Sizes . . . . . . . . . . . . . . . . . . . . . . . . . 44 69. Program-Specific Audit vs. Sample Sizes. . . . . . . . . . . . 44 70. Compliance Sample from All Major Programs. . . . . . . . . . . 44 Two Year (Biennial) Audits . . . . . . . . . . . . . . . . . . . . . . . 45 71. Annual A-133 Single Audit if Annual Financial Audit. . . . . . 45 72. Implementation Year for Two Year Audits. . . . . . . . . . . . 45 73. Two Year Audit Cover Both Years. . . . . . . . . . . . . . . . 46 74. Major Program Determination for Two Year Audits. . . . . . . . 46 75. Two Year Audits Not Always Permitted . . . . . . . . . . . . . 46 Audit Costs; Audit Fees. . . . . . . . . . . . . . . . . . . . . . . . . 47 76. Audit Cost Recovery - Overhead or Direct . . . . . . . . . . . 47 77. Audit Costs Exceeding Allowable Administrative Costs . . . . . 47 78. When Audit Costs Charged . . . . . . . . . . . . . . . . . . . 47 79. Charging Audit Costs in Advance. . . . . . . . . . . . . . . . 47 80. Charges for Quality Control Reviews. . . . . . . . . . . . . . 48 Hospitals. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 81. Hospital Definition. . . . . . . . . . . . . . . . . . . . . . 49 82. When Under A-128, A-133, or Excluded as Not-Affiliated . . . . 49 Other Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 83. Coordinated Audit Approach . . . . . . . . . . . . . . . . . . 51 84. Close-Out Audit. . . . . . . . . . . . . . . . . . . . . . . . 51 85. Assignment of Cognizant & Oversight Agencies . . . . . . . . . 52 86. Working Papers and Report Retention. . . . . . . . . . . . . . 52 87. Quality Checklists . . . . . . . . . . . . . . . . . . . . . . 53 88. Auditors Suspended or Debarred from Federal Programs . . . . . 53 89. Foreign Auditors . . . . . . . . . . . . . . . . . . . . . . . 53 90. Reference Correction in A-133. . . . . . . . . . . . . . . . . 54 Appendix I - Federal Agency Contact Points for A-128 & A-133 Audits. . . 55 Implementation 1. Effective Date and Implementation of A-133 What is the effective date of A-133 and how is it being implemented? A-133 is directed to Federal agencies with an effective date for fiscal years beginning on or after January 1, 1990. Each Federal agency must implement A-133 by regulation or contract. The effective date of implementation by the Federal agency will determine the effective date for the recipient. In some cases States or other recipients have implemented A-133 early for their subrecipients. A-133 encourages early implementation and Federal agencies should now accept A-133 audits. Circular A-110, Attachment F, sub-paragraph 2h requirements must be met until A-133 is implemented. 2. Audits Before Federal Agency Implements A-133 A not-for-profit organization receives Federal awards from two Federal agencies, one which has implemented A-133 in regulation and one which has not. Is the not-for-profit required to comply with A-133? The not-for-profit should have an audit in accordance with A-133 and include the Federal awards from both agencies. An audit done in accordance with A-133 will meet the requirements of A-110. 3. Status of PCIE Position Statement No. 5 Does A-133 supersede PCIE Position Statement No. 5 ("PCIE No. 5")? PCIE No. 5, issued September 1989, recommended using the Health and Human Services Guidelines for Audits of Federal Awards to Nonprofit Organizations ("HHS Guide") for A-110 audits. A-133 supersedes A-110 audit requirements and expands the audit and reporting requirements beyond those contained in the HHS Guide. Because an audit conducted in accordance with the HHS Guide would not meet the requirements of A-133, PCIE No. 5 does not apply to A-133 audits. However, PCIE No. 5 remains in effect for A-110 audits performed prior to implementation of A-133. 4. Audit Guidance During A-133 Implementation What guidance should auditors follow during the initial implementation of A-133? Federal Inspectors General recognize that full guidance from the American Institute of Certified Public Accountants ("AICPA") and other sources may not be available for the first A-133 audits. The Federal agencies and their respective Inspectors General are available to provide guidance and technical advice and to otherwise encourage the prompt implementation of A-133. The basic premise is that A-133 and A-128 both follow the same single audit concept. Therefore, until specific guidance is available, it is logical that auditors follow A-128 guidance which is not in conflict with A-133. Guidance on A-128 audits is available in the AICPA Audit and Accounting Guide, Audits of State and Local Governmental Units, and Statements of Position ("SOP") 89-6 and 90-9 that amend the Audit Guide. In August 1991, the AICPA exposed a draft SOP titled Audits of Not-for-profit Organizations Receiving Federal Awards. When issued, this SOP will provide guidance for conducting and reporting on audits made in accordance with A-133. In December 1991, the AICPA issued Statement on Auditing Standards ("SAS") No. 68, Compliance Auditing Applicable to Governmental Entities and Other Recipients of Governmental Financial Assistance. SAS No. 68 supersedes SAS No. 63 and includes auditor responsibilities under A-133 Audit Requirements. 5. When Audit Required - Program-Specific or Single Audit What determines when an audit is required and whether a program-specific audit or A-133 single audit is required? The determination of when an audit is required is based on the dollar value of total Federal awards received during the fiscal year under audit. The definition of "awards received" is discussed in question number 7. The determination of when a program-specific audit may be elected is based on the dollar value of total awards received and the number of programs. The definition of a program-specific audit is discussed in question number 21 and the definition of a program is discussed in question number 24. The following table shows when no audit is required, when a program- specific audit may be elected, and when the A-133 single audit is required. Total Federal More Than Awards One Program One Program $0 - $24,999 No Audit No Audit $25,000 - $99,999 Program-Specific or Program-Specific or A-133 Single Audit A-133 Single Audit $100,000 and More Program-Specific or A-133 Single Audit A-133 Single Audit 6. Only Prior Year Loans What are the A-133 audit requirements when the only Federal awards received by a not-for-profit organization are prior year outstanding loans or loan guarantees ("Loans")? If the only Federal assistance is prior year Loans, then the not-for- profit may have an audit in accordance with the laws and regulations governing the Loans. However, the Loans may be one time financing with no continuing audit or other compliance requirements except to make repayment. In cases such as this, when the only Federal awards are Loans and the Federal agencies providing the Loans do not require an audit, then A-133 would not require an audit. 7. Basis for Determining Awards Received What basis is used to determine when a Federal award (Financial assistance or cost-type contract) is received? The definition of receipt of Federal awards is based on how the not-for- profit organization recognizes and reports its revenue. Generally this means an entity has "received" Federal awards when it has obtained Federal cash, or it has incurred expenditures which will be reimbursed under a Federal award. Receipt of an award is not tied to when the contract or grant agreement is signed or awarded to the not-for-profit. Since the Federal government is at risk for loans and loan guarantees ("Loans") until the debt is repaid, the balance of prior year Loans is considered current year financial assistance in each year they are outstanding. See question number 29 "SFA" and "General Schedule Presentation Guidance" for discussion of disclosure of Loans in the Schedule of Federal Awards. For non-cash programs that involve the receipt of tangible assets (such as food stamps, food commodities, WIC program vouchers, and donated surplus property), "receives" should be based on when the revenue is recognized according to generally accepted accounting principles. For non-cash programs that do not involve the transfer of tangible assets (such as guarantee and insurance programs), "receives" should be based on the transaction or event which gives rise to the award. Determining the year in which an award is received is particularly important when a not-for-profit does not have an audit each year. For example, a not-for-profit may meet the dollar threshold requiring an audit in one year, but not in the next. In this case, the fiscal year audited should match the fiscal year when the related award activity (expenditure or non-cash transaction) occurs. 8. Medicare Are Medicare funds paid to a not-for-profit provider for health care services considered Federal financial assistance subject to A-133 audits? Medicare funds paid to a not-for-profit provider for health care services rendered to Medicare eligible individuals are not considered Federal financial assistance subject to A-133 audits. 9. Medicaid Under what circumstances are Medicaid funds paid to not-for-profit organization subject to A-133 audits? Medicaid funds paid to a not-for-profit provider for health care services under a fixed price arrangement generally are not subject to A-133 audits. However, under certain circumstances, Medicaid funds may be subject to A-133 audits. The following are the most likely circumstances: - Because State and local funds are also part of the Medicaid program, the State may require the not-for-profit to have an audit in accordance with A-133 (or any other requirements) and/or require expanded coverage for a number of reasons. - When Medicaid funds are paid to a not-for-profit to assist the State or local government in administering the Medicaid program, an A-133 single or program-specific audit would be required. The following are examples of a not-for-profit administering the Medicaid program: - The State contracts with a not-for-profit peer review organization to administer the Medicaid utilization review function. - The State contracts with a not-for-profit to handle the claims processing function. 10. If Receive Only SFA or R&D -- Program-Specific Audit When a not-for-profit organization receives awards of $100,000 or more in only one category, either Student Financial Aid ("SFA") or Research and Development ("R&D"), may a program-specific audit be performed on the SFA or R&D category in lieu of the A-133 single audit? SFA The U.S. Department of Education ("Education") and U.S. Department of Health and Human Services ("HHS") have agreed to accept an SFA program- specific audit when the only awards are SFA. The current Education audit guide, Audits of Student Financial Assistance Programs, must be used and supplemented as necessary with the program requirements for SFA programs of other Federal agencies. The basis for accepting a program-specific audit when there are only SFA category awards is the agreement between Education and HHS, who normally provide SFA; and the fact that not-for-profit organizations normally administer SFA programs through a central office of student financial aid. R&D An A-133 single audit is required when there are multiple R&D awards totaling $100,000 or more. A program-specific audit is not acceptable for multiple R&D awards because R&D can be received from many Federal agencies and R&D often involves multiple offices or accounting systems within the not-for-profit organization. An exception is that a program-specific audit of R&D is permitted when all of the following conditions are met: - There are only R&D awards and all awards are received from a single Federal agency, or a single prime recipient in the case of a subrecipient. - The Federal agency's Office of Inspector General, or prime recipient in the case of a subrecipient, approves in advance a program-specific audit. The approval process should include a determination that the program-specific audit will provide at least the same level of audit coverage over Federal funds as the A-133 single audit. - The program-specific audit is performed in accordance with Government Auditing Standards and guidance provided by the Federal agency's Office of Inspector General, or prime recipient in the case of a subrecipient. 11. $20,000 R&D and $100,000 SFA A not-for-profit organization annually receives $20,000 from Research and Development Awards ("R&D") and $100,000 or more in Student Financial Aid ("SFA"). Can the R&D and SFA each be audited as separate programs? The A-133 single audit is required because total Federal Awards are $100,000 or more and there is more than one program. Separate program- specific audits would not be allowed. 12. Matching Funds Are non-federal matching funds considered Federal awards in determining whether or not an audit is required? For example, how would a $20,000 Federal award with a $5,000 matching requirement be considered in determining whether an audit is required? Only the amount of the Federal award is considered in determining whether an audit is required. In this example, the $20,000 award is added to any other Federal awards to determine whether an audit is required. However, once it is determined that an audit is required, the auditor must consider any audit procedures applicable to the matching funds. 13. Organization Associated with a Not-for-profit When does a not-for-profit organization associated with a not-for-profit ("Associated Organization") need an audit under A-133? Not-for-profit organizations often create Associated Organizations to perform certain functions for the not-for-profit (e.g., a university athletic association, a university association to provide dormitory housing, a not-for-profit creating a separate not-for-profit organization to hold real estate, or a national not-for-profit organization that sponsors local chapters). Common reasons for forming these Associated Organizations are for exemption from restrictions on the not-for-profit, to raise funds, or to further the purpose of the not-for-profit. In many cases the same individuals may hold offices in both organizations or the not-for-profit may otherwise exercise control over the Associated Organization. When an Associated Organization receives Federal awards, either as a prime recipient or subrecipient, it would be subject to A-133 audit requirements. When an Associated Organization is included in the not-for-profit's indirect cost plan, the not-for-profit's auditor may need to test transactions of the Associated Organization in procedures performed relative to indirect costs. Also, the auditor will need to consider any transactions between the not-for-profit and Associated Organization that affect Federal awards or otherwise need to be tested as part of the not-for-profit's A-133 audit. Question number 65 discusses the auditor's compliance responsibility for related party transactions. An Associated Organization which meets all of the following conditions does not need to be audited under A-133: - Receives no direct or indirect Federal Awards; - Is not included in the not-for-profit's indirect cost plan; and - Otherwise does not receive payments or benefits from the not-for- profit which are paid out of Federal funds. 14. Total Over $100,000; Each Award Less Than $25,000 A subrecipient not-for-profit receives over $100,000 in Federal awards from eight cities for different programs. Each award is less than $25,000. No city receives as much as $25,000 in Federal assistance. What are the audit responsibilities of the subrecipient not-for-profit and the recipient cities? The subrecipient not-for-profit is required to have an A-133 single audit because it received over $100,000 in Federal awards and had more than one program. A copy of the audit report should be sent to each city. Since the cities received and provided less than $25,000 of Federal assistance, they are not required to have an audit. They are subject to State and local audit requirements and are required to maintain and provide Federal agencies access to records. 15. Free Rent Over $100,000 The only Federal award a not-for-profit organization receives is one program for free office space with an annual fair market rental value of $100,000. Does the not-for-profit fall under A-133? Free rent by itself would not require an audit under A-133. However, the not-for-profit would be subject to monitoring, audit, or other requirements if imposed by the Federal agency providing free rent. In some cases, the free rent is received as part of a Federal award or other assistance to "carry out a program." In these cases, the free rent would fall under the definition of "other non-cash assistance" and would be included in the total amount awarded for the program. 16. Foreign Not-for-profit Organizations What are the audit requirements for foreign not-for-profit organizations? A foreign not-for-profit, which is affiliated with or a sub-office of a U.S. based not-for-profit, should be included as part of the audit of the U.S. based operation and not considered a subrecipient. A foreign not-for-profit, which is a subrecipient of a U.S. based not- for-profit, would be subject to A-133. (See question number 5 concerning requirements for the A-133 single audit or a program-specific audit.) A foreign not-for-profit receiving a Federal award directly from the U.S. government would be subject to the audit requirements of the terms and conditions of the award. 17. Additional Audit Requirements for Subrecipients May prime recipients require not-for-profit subrecipients to obtain audits beyond the requirements of A-133? Prime recipients have a responsibility to ensure that Federal awards passed through to subrecipients are expended in accordance with Federal laws and regulations. Prime recipients may also need to ensure that funds provided to subrecipients from non-federal sources meet applicable compliance requirements. Prime recipients may, by agreement with the not-for-profit subrecipient, increase the requirements under A-133 or add other audit requirements. These additional audit requirements should not conflict with the subrecipient meeting the A-133 requirements. Also, audit fees for additional audit requirements related to non-federal programs should not be charged to Federal awards. Audit Requirements - A-128 or A-133. 18. Not-for-profit Subrecipient Previous A-128 Audit A not-for-profit subrecipient was contractually required by a prime recipient to have an audit performed in accordance with A-128. Will the subrecipient now be required to have two audits; one in accordance with A-128 and one in accordance with A-133? Before the promulgation of A-133, it was not uncommon for State and local government prime recipients to contractually require A-128 audits of their not-for-profit subrecipients. The subrecipient should not need two audits. The subrecipient should clarify the matter with the prime recipient requiring an A-128 audit. Most likely, the contract can be changed to require an A-133 audit. New contracts with not-for-profit organizations should reference A-133 audit requirements. 19. Determining If Subrecipients Follow A-128 or A-133 Does the type of organization the prime recipient is or the type of organization the subrecipient is determine whether A-128 or A-133 applies to the subrecipient? The type of organization the subrecipient is determines which circular is applicable. A-128 applies to State or local government subrecipients. A-133 applies to institutions of higher education or other not-for- profit subrecipients. (See the exception in question number 20 for State and local government institutions of higher education.) 20. Institution of Higher Education - A-128 or A-133 Is a State or local government institution of higher education, i.e., a college or university, subject to A-128 or A-133? A State or local government can elect to include institutions of higher education in its A-128 audit. State and local government institutions of higher education excluded from the government's A-128 audit can be audited separately under A-128 or A-133. Program-Specific Audits. 21. Program-Specific Audit Definition What is a program-specific audit? A program-specific audit is an audit of one Federal program in accordance with Federal laws, regulations, or audit guides relative to that particular program. By comparison, an A-133 single audit is an organization-wide audit that covers all Federal awards and requires an audit of the financial statements of the not-for-profit entity. Note: See question number 10 concerning a program-specific audit if only SFA or R&D is received, question number 24 concerning the definition of a program, and question number 39 concerning audit period fiscal year. 22. Program-Specific Audit Reporting What audit reporting is required for a program-specific audit? In many cases a program-specific audit guide will be available to provide specific guidance on compliance testing, audit procedures, and reporting. The auditor should determine the availability of agency prepared supplements or audit guides. This can be done by reviewing the Program Audit Guide Survey (October 1991) ("Survey") prepared by the PCIE Standards Subcommittee. The Survey (order number PCIE-06-064) may be obtained by written request to the Treasury Office of Inspector General, Room 7210, ICC Building, 1201 Constitution Ave., N.W., Washington, D.C. 20220 or FAX 202-927-5418. The auditor may also contact the appropriate Inspector General's Office to determine whether subsequent audit guides have been issued or to obtain a copy of an audit guide. When a current program-specific audit guide is not available, the auditor may obtain guidance from the program laws and regulations, grant agreements, and the compliance supplements. Program-specific audits for which no current Federal agency audit guide is available must conform to the reporting required by Government Auditing Standards. The reporting will normally include an opinion on the financial statements of the program, a report on the program's internal controls, and a report on program compliance with laws and regulations. A schedule of findings and questioned costs, management letter, or report on illegal acts may also be required when applicable. See Note at end of question number 21 for related questions. 23. Compliance Requirements in Program-Specific Audits What guidance should the auditor use for general and specific compliance requirements in program-specific audits? As discussed in question number 22, the auditor should determine whether a program-specific audit guide is available. When a current program- specific audit guide is available, it should be followed for guidance on general and specific compliance requirements and audit procedures. When a current program-specific audit guide is not available, the auditor should use the following guidance for general and specific compliance requirements: - General Requirements The general requirements listed in the Compliance Supplement for Audits of Institutions of Higher Learning and Other Non-profit Institutions (October 1991) ("A-133 Compliance Supplement") should be included as part of every audit that involves Federal financial assistance. The auditor should review the A-133 Compliance Supplement general requirements and consider these in planning the audit. In particular, Federal financial reporting, cash management, allowable costs/cost principles, and administrative requirements will usually apply to all programs. - Specific Requirements The specific requirements may be obtained from the compliance supplements (either the A-133 Compliance Supplement or the A-128 Compliance Supplement titled Compliance Supplement for Single Audits of State and Local Governments (Revised 1990)), program laws and regulations, grant agreements, and the funding agency. The auditor may also look to the compliance supplements for guidance on suggested audit procedures and the types of compliance requirements (i.e., types of services allowed or unallowed; eligibility; matching, level of effort, and/or earmarking requirements; special reporting requirements; and special tests and provisions). See question number 63 for additional guidance on specific compliance tests. See Note at end of question number 21 for related questions. Major and Nonmajor Programs 24. Program Definition What constitutes a program when defining major programs in an A-133 single audit? For other than Research and Development ("R&D") and Student Financial Aid ("SFA"), all awards under the same Catalog of Federal Domestic Assistance ("CFDA") number would constitute a program. For awards not assigned a CFDA number, all awards made for the same purpose would be combined as one program similar to how grants under the same CFDA number from multiple funding years are combined as one program. For example, if funds were expended during the audit period from both an original agreement and a separate award that renewed the original agreement, the two awards would be combined and considered as one program. When only one award is made, the individual award is considered as a program. An exception to the statement that all awards under the same CFDA number constitute a program is when a State government combines different Federal awards into a combined program which is passed through to a not-for-profit subrecipient. In this case, the State government may require the subrecipient to treat the combined program as a single program for both major program determination and to determine whether a program-specific audit may be elected as discussed in question number 5. The sum of expenditures from R&D awards received is considered a program and the sum of expenditures from SFA awards is considered a program. Under an A-133 single audit, expenditures for all R&D awards are tested as one program which may have different compliance requirements within the program. SFA is treated in a like manner. Question number 25 provides guidance in determining a major program. 25. Major Program Test What determines when a program is a major program? The determination of whether a program is major or nonmajor is based on the dollar value of expenditures during the audit period. A program is a major program when total expenditures equal or exceed 3% of total Federal funds expended or $100,000, whichever is greater. A program is nonmajor when expenditures are below this threshold. 26. Loan and Loan Guarantee Programs How is the value of assistance expended under loan and loan guarantee programs calculated for determining major programs? The following guidelines should be used to calculate the value of assistance expended under Federal loan or loan guarantee programs for determining major programs: - Value of new loans made or received during the fiscal year; plus - Balance of loans for previous years for which the government is at risk; plus - Any interest subsidy, cash or administrative costs allowance received. Guaranteed Student Loans made by an institution of higher education ("Institution") should be calculated as described above. However, Guaranteed Student Loans that were not made by the Institution but were received by its students should be calculated as discussed in question number 27. Including a large loan program may distort the base for determining other major programs. In this case the auditor should use judgment in determining major programs. When including a loan program significantly affects the number or size of other major programs, the loan program should be considered a major program, and the value attributed to the loan program should be excluded in determining other major programs. 27. Guaranteed Student Loans Not Made by the Institution How are Guaranteed Student Loan Programs valued when determining major programs at institutions of higher education ("Institution") when the Institution did not make the loan? The value of Guaranteed Student Loans which were not made by the Institution but were received by its students would only be the new Guaranteed Student Loans made during the year. The Institution that did not make the loans would not include the balance of loans from previous years, interest subsidies, or other costs as discussed in question number 26 because the lender accounts for the prior balances and receives the interest subsidies or other cost allowances. The value of these Guaranteed Student Loans, the value of other Federal student loans made by the institution computed as discussed in question number 26, and any other Federal Student Financial Aid ("SFA") would be added together to form the category of SFA. The value of the SFA category total is then compared to the larger of three percent of total Federal funds expended or $100,000, to determine whether SFA is a major program. 28. R&D (SFA) Programs - Two Over $100,000 & One Under The only Federal awards a not-for-profit organization receives are three Research and Development Awards ("R&D"). Expenditures from two awards exceed $100,000 and the other is under $100,000. How many major and how many nonmajor programs does the not-for-profit have? The not-for-profit has one major program which includes all three awards and no nonmajor programs. The definition of major programs groups all R&D into a single category that is then looked at to determine whether it meets the dollar threshold for major programs. The answer would be the same if the example had been for Student Financial Aid. Reporting 29. Schedule Presentation of R&D, SFA, Individual Awards A-133 describes three categories of awards: (1) research and development ("R&D"), (2) student financial aid ("SFA"), and (3) individual awards not in the R&D or SFA category ("Individual Awards - Other"). At what level of detail should these three categories of awards be presented in the Schedule of Federal Awards ("Schedule")? For example, should they be presented as a separate line in the Schedule or should the Schedule show the total expenditures for each category? A-133 could be literally read as permitting the total of R&D or SFA categories to be listed as one line item on the Schedule. However, more specific identification of Federal awards is needed in the Schedule because: - The name of the Federal agency is needed for report distribution. Detailed information on programs is needed for internal report distribution within the Federal agency. - R&D and SFA will often be provided from different Federal agencies and the individual agencies need to verify their funds were audited. Providing detail will reduce inquiries by Federal agencies to not-for-profit organizations and their auditors as to whether certain awards were included in the audit and not overlooked. - The individual dollar amounts of awards within R&D and SFA categories may be significant or material. - Federal agencies may have close out or other audit responsibilities; therefore, detailed information is needed to rely upon the A-133 audit. - The Bureau of Census, Single Audit Clearinghouse plans to use the Schedule to compile Federal assistance by the Catalog of Federal Domestic Assistance ("CFDA") number. R&D Where practical, each individual R&D award should be listed as a separate line in the Schedule. However, in some cases, such as a large not-for- profit organization with many R&D awards, it may not be practical to list each award. In this case, total expenditures may be listed by each Federal agency and major subdivision within each Federal agency. For example, in the Department of Health and Human Services, a major subdivision would be the National Institutes of Health. SFA Where practical, each individual SFA program should be listed as a separate line in the Schedule by CFDA number. It will normally be practical to list each individual SFA program, however, if individual programs are not listed, totals by Federal agency should be provided. For loan programs any interest subsidy, administrative costs, or other expenses paid from Federal funds to the not-for-profit organization should be included in the Schedule. The value of new Federal loans made during the fiscal year plus the balance of Federal loans for previous years should be shown in the Schedule or a footnote. For Guaranteed Student Loans received by students of an institution of higher education ("Institution") which were not made by that Institution, the amount would only be new loans made during the year (See question number 27). Individual Awards - Other (Major) Each Individual Award - Other, which is a major program, should be listed as a separate line in the Schedule by CFDA number. Individual Awards - Other (Nonmajor) Each individual nonmajor award should be listed as a separate line in the Schedule by CFDA number under the caption "Other Federal Assistance." Where individual listing is not practical, the cognizant or oversight agency should be contacted for advice. General Schedule Presentation Guidance As general guidance on schedule presentation: - The entity and period covered by the Schedule should be the same as the entity and period covered by the financial statements. - While the same program (e.g., same CFDA number) from different program years may be combined on one line, where feasible, presenting different program years separately may make the Schedule more useful. - Major programs should be specifically identified as being major. - The existence and value of Federal loans, loan guarantees, or insurance programs at the end of the fiscal year should be disclosed in the Schedule or a footnote. Any interest subsidy or administrative cost allowance received under a Federal loan or loan guarantee program should be included in the Schedule. - Federal non-cash assistance such as free rent, interest subsidies, food stamps, food commodities, WIC program vouchers, or donated property should be shown in either the Schedule or footnotes and valued at fair market value at the time of receipt. WIC program vouchers may be valued at either maximum allowed redemption value or average redeemed value. - Federal funds passed through from other recipients should be identified as pass-through funds and include the name of the awarding organization, the program identifying number, and the CFDA number. - As a general rule, the more detailed the listing of programs in the Schedule, the fewer the follow-up calls from Federal agencies to identify the programs audited. - While not required, it is recommended that where feasible, the not- for-profit provide additional requested information which will make the Schedule easier for Federal agencies to use. Examples are identification of matching funds, funds passed through to a subrecipient, individual grant numbers or amounts, and program income. 30. Audit Reporting Required by A-133 What audit reports are required to comply with an A-133 single audit? An A-133 single audit requires the auditor to report on the following: Financial 1. General purpose or basic financial statements ("Financial Statements"). 2. Supplementary Schedule of Federal Awards (with auditor's opinion in relation to Financial Statements). Internal Control 3. Entity-wide internal control matters based on the auditor's understanding of the internal control structure and the assessment of control risk, made as part of the financial statement audit. [Yellow Book requirement] 4. Internal controls (accounting and administrative) designed to provide reasonable assurance of compliance with laws and regulations applicable to Federal awards. [A-133 requirement] Compliance 5. Compliance which may be material to the financial statements. [Yellow Book requirement] 6. Opinion on compliance with laws and regulations applicable to each major Federal Program and a statement of positive assurance on those items that were tested under A-133 for compliance and negative assurance on those items not tested. [A-133 requirements] In single audit practice, auditors have interpreted these requirements to be met with the following three reports: a. Report on compliance with general requirements (opinion disclaimer with positive/negative assurance). {Applicable for all A-133 single audits} b. Opinion on compliance with specific requirements applicable to each major program. The opinion should include whether Federal financial reports and claims for advances and reimbursements contain information supported by books and records; and whether amounts claimed or amounts used for matching are in accordance with allowable costs/cost principles (see question number 64). {Applicable only when there are major programs} c. Report on compliance with requirements tested for nonmajor programs (opinion disclaimer with positive/negative assurance). {Applicable only when nonmajor programs are tested} Other Reports (If Prepared) 7. Schedule of Reportable Conditions (including material weaknesses) for internal control findings and a Schedule of Findings and Questioned Costs for compliance findings (if not included in the internal control or compliance reports). 8. Management letter. 9. Separate communication of nonmaterial findings relative to Federal programs. 10. Report of illegal acts. The auditor should reference AICPA guidance for specific reporting language and other guidance. The not-for-profit organization is responsible for preparing a written corrective action plan. Question numbers 41 through 45 provide additional information on audit findings and their resolution. 31. Combined Audit Reports Is it acceptable for auditors to combine the Government Auditing Standards ("GAS") and A-133 internal control reports or the GAS and A-133 compliance reports? It is acceptable to use one internal control report to meet the internal control reporting requirements of both GAS and A-133. Similarly, one compliance report and one financial report would be acceptable. In combining reports, care should be taken to ensure that all required items are included in the combined report. The three parts of the audit report (Financial, Internal Control, and Compliance) may be bound into a single document, or presented at the same time as separate documents. Specific concerns about reporting format may be discussed with the cognizant or oversight agency. 32. Including Additional Schedule with Audit Report A Federal agency has requested its recipients to include additional schedules with their audit reports (e.g., Schedule of Indirect Costs). Does the A-133 single audit require recipients to include additional schedules requested by grantor agencies? The specific reporting required by A-133 is described in question number 30. The A-133 single audit does not require recipients to provide additional schedules such as a Schedule of Indirect Costs. Although not required, the recipient may include any additional information which will make the A-133 audit reports more useful to the Federal agencies. For example, a Federal agency may need a Schedule of Indirect Costs to use in lieu of performing a separate audit. In this case, it may be mutually beneficial for the not-for-profit organization to include the schedule as part of the audit. 33. Audit Due Date When is the A-133 audit report due? The audit is required to be completed within 12 months after the end of the not-for-profit organization's fiscal year. Prime recipients may by contract require earlier reporting by subrecipients. The audit report is due to Federal grantor agencies and prime recipients 30 days after being received by the not-for-profit organization. The 30 days after report receipt are to give the not-for-profit organization time to prepare the corrective action plan (if needed) and submit the report. For example, an audit for a June 30, 1991 year end with report received October 31, 1991, would be due on or before November 30, 1991. The latest due date for an audit of a June 30, 1991 year end would be audit completion by June 30, 1992, and report submission by July 30, 1992. 34. Distribution of Audit Reports What is the responsibility to distribute the audit reports? The not-for-profit organization is responsible to submit all reports (See list of reports in question number 30) to each Federal agency that provides direct Federal funds. Also, subrecipients must distribute copies of reports to all prime recipients that provide them Federal funds. The report distribution requirements are met when the report is distributed by either the not-for-profit or its auditor. The not-for-profit should include with the report submission a plan for corrective action taken or planned and comments on the status of corrective action taken on prior findings. See question number 44 which describes management's responsibility to respond to audit findings. Both recipients and subrecipients receiving Federal awards over $100,000 are required to send a copy of the report to the central clearinghouse designated by Office of Management and Budget. The address is: Federal Audit Clearinghouse Bureau of the Census 1201 E. 10th Street Jeffersonville, Indiana 47132 35. Audits in Addition to A-133 Requirements If a not-for-profit organization has received unqualified reports with no findings under an A-133 audit, is it still subject to audits from the various Federal granting agencies? A not-for-profit is still subject to other audits because A-133 does not limit Federal authority to make additional audits or reviews. Any additional auditing should build upon the A-133 audit. The Federal agency shall perform or arrange funding for additional audits. 36. Reporting Expenditures in Excess of Award Should the Schedule of Federal Awards ("Schedule") show only those expenditures within the award or should it show total expenditures, even if total expenditures exceed the award? Expenditures may exceed awards when additional non-federal sources provide support not required by the award. The Schedule should separately identify Federally funded expenditures but may also show non-federal expenditures as separate amounts on the Schedule or in a footnote. A-133 requires not-for-profit organizations to identify in their accounts all Federal funds received and expended and the programs under which they were received. Therefore, when Federally funded expenditures cannot be separately identified, the auditor should have a finding recommending that the not-for-profit separately identify Federal funds in subsequent periods. When expenditures in excess of current awards represent additional amounts the not-for-profit intends to bill a Federal program, the amount and circumstances concerning the excess should be disclosed in a footnote. 37. GAAP Statements Does an A-133 single audit require the not-for-profit organization's basic financial statements be prepared in conformity with generally accepted accounting principles ("GAAP")? An A-133 single audit does not require GAAP statements. For various reasons, such as convenience or legal or regulatory requirements, some not-for-profit organizations prepare their financial statements on a basis of accounting other than GAAP (for example, the cash basis). GAAP statements may be mandated by program statutes and therefore would be required. For example, Section 330 of the Public Health Act requires Community Health Centers to adhere to GAAP in their financial statements. In all cases, the auditor is required to report whether or not the financial statements are in conformity with GAAP. 38. Program-Specific Audit vs. Single Audit Reporting For A-133 single audits, must the auditor report additional information required in program-specific audit guides? For example, the U.S. Department of Education Audit Guide, Audits of Student Financial Assistance Programs requires a separate "Schedule of Student Financial Aid Expenditures" and the "lead auditor's name." An A-133 single audit does not require the additional reporting in program-specific audit guides. 39. Audit Period Fiscal Year Should the audit period be the not-for-profit organization's fiscal year or the award fiscal year? For an A-133 single audit the audit period should be the not-for- profit's fiscal year. A program-specific audit may cover either the not-for-profit's fiscal year or the award year depending upon the requirements of the Federal agency providing the awards. However, for first time audits or changes to existing audit periods, the auditor should contact the Federal agency's Office of Inspector General or review the program-specific audit guide, laws, and regulations concerning the proper audit period. Stub periods may occur when converting from one type of audit to another or when changing audit periods. Arrangements should be made to meet audit requirements for Federal expenditures during the stub period. This is usually done either as a separate audit of the stub period or by including Federal expenditures during the stub period with the current audit. The cognizant, oversight, or grantor agency should be contacted for advice on audit procedures for stub periods. 40. CFDA Number Unknown or Not Available How should expenditures be presented in the Schedule of Federal Awards ("Schedule"), if the Catalog of Federal Domestic Assistance ("CFDA") number is unknown or not available? The CFDA number should be available for most domestic Federal financial assistance. Federal agencies and prime recipients are required to provide the CFDA number to recipients and subrecipients when awarding assistance. Not-for-profit organizations are required to identify in their accounts the programs under which funds are received. When the CFDA number is not available, the not-for-profit should include in the Schedule (1) the awarding agency name and (2) the program name or other identifier obtained from the award documents when the program name is not available. Audit Findings and Resolution 41. Audit Findings What should the auditor include in audit findings? Audit findings (including internal control findings, compliance findings, and questioned costs) should be presented in sufficient detail to allow for resolution of the finding and corrective action. This will generally include the elements of a finding as described in Government Auditing Standards as condition, criteria, effect, and cause. So that Federal, State, local, and other officials can efficiently resolve findings, the following specific information should be included in findings: - The award name, award number, grantor, Catalog of Federal Domestic Assistance ("CFDA") number, and grant year; - The condition found, including facts relied on that indicate that noncompliance occurred; - Specific requirement for which noncompliance is found, including regulatory, statutory, or other citation; - Identification of the questioned costs and how they were computed; - The cause of the noncompliance; - Recommendation for corrective action to prevent future occurrences of noncompliance; - Pertinent views of responsible officials of the audited entity concerning the findings and what corrective action is planned; and - Other information necessary to determine the cause and effect in order to take proper corrective action. Material findings should be presented in their proper perspective by relating the extent (number and dollar amount) of noncompliance to the number of cases examined, dollar amount tested, and the size of the universe. The auditor also should disclose the status of significant or material prior audit findings that have not been corrected. 42. Criteria for Nonmaterial Compliance Findings A-133 Attachment, Paragraph 15e provides that nonmaterial findings need not be disclosed with the compliance report but should be reported in a separate written communication. What criteria should the auditor use to determine whether compliance findings are nonmaterial? In determining whether a compliance finding is nonmaterial, the auditor should consider both quantitative (monetary value) and qualitative factors (cumulative effect and impact of nonmaterial items, objectives of the work, and use of information by grantors). Also, in audits of government programs, the materiality level may be lower than in similar type audits in the private sector because of public accountability of the entity and the visibility and sensitivity of government programs, activities, and functions. A quantitative factor indicating a nonmaterial compliance finding is the cost of reporting and recovery (assuming finding and amount are not disputed) exceeding the monetary value of the finding. Qualitative factors indicating a nonmaterial compliance finding are low risk of public or political sensitivity, a single exception with low risk of being pervasive, and the auditor's judgment and experience are that Federal agencies or prime recipients would normally not need to resolve or take follow-up action. By separately reporting nonmaterial compliance findings, the auditor can focus the compliance report. Even though nonmaterial findings may be excluded from the compliance report, the auditor should report them in writing to the not-for-profit and reference this separate communication in the compliance report. The not-for-profit should forward all separate communications of compliance findings to the Federal agencies and prime recipients. Since auditor judgment is exercised in determining whether a finding is nonmaterial, forwarding the separate communications allows the Federal agencies and prime recipients to review whether items reported as nonmaterial require additional follow-up action. 43. Criteria for Reportable Conditions What is the basis for determining whether an internal control finding for Federal programs is a reportable condition (including material weaknesses)? For example, is a reportable condition relative to total Federal awards, a major program, or a Federal program? The determination of whether an internal control finding is a reportable condition (including material weaknesses) is relative to a Federal program. The reason for this is that the auditor must perform certain minimum internal control procedures (gain an understanding of internal controls and assess risk) for each Federal program. Since procedures must be performed for each program, the auditor's internal control report should include reportable conditions relative to a Federal program. There may be separate systems related to Student Financial Aid ("SFA") and Research and Development ("R&D") which are treated as one program under an A-133 single audit. In this case, when evaluating whether a finding is a reportable condition, the auditor should consider the condition in relation to the system being reviewed as well as the overall program. 44. Management's Responsibility for Audit Findings What is management's responsibility to respond to audit findings? In summary, management should (1) promptly evaluate findings reported by auditors, (2) determine proper actions in response to audit findings, and (3) complete, within established time frames, all actions that correct or otherwise resolve the matters brought to management's attention. Management should provide the auditor their views on findings so the auditor can include views of responsible officials with the finding. This communication should occur prior to or at the close of the audit. Also, management needs to prepare a written report on findings, referred to as a corrective action plan. This corrective action plan should include all findings in the auditor's reports. Although not required, it would be helpful in audit resolution if the corrective action plan also included nonmaterial findings communicated separately. The corrective action plan has the following two parts: 1. Plan for corrective action - Identify each finding as reported by the auditor - Identify planned action: - State who will take what corrective action by what date, or - When management does not agree with the finding or believes corrective action by management is not required, management should provide an explanation and specific reasons (e.g., regulatory or legal requirements) why no corrective action is required. 2. Comments on the status of corrective action taken on prior findings - Identify prior findings individually or by groupings where corrective action has been taken. - Identify prior findings individually where corrective action has not been taken. Identify any changes in status from the original corrective action plan such as changes in who will take what action by what date. (Only a reference is needed when prior findings are included with current year findings and plan for corrective action.) The corrective action plan should be submitted with the audit report, which is due within 30 days after the audit is received by the auditee. 45. Audit Findings Resolution What is the process for Federal agencies resolving audit findings? The Federal agencies responsible for audit resolution will evaluate the auditor's findings and recommendations along with the not-for-profit's corrective action plan. Each Federal agency responsible for audit resolution shall issue a management decision within six months of receipt of the audit report. The management decision is the Federal agency's response to the auditor's findings and not-for-profit's planned corrective action. A management decision can include additional actions necessary to resolve the findings. Resolution normally occurs when the Federal agency responds with a management decision. Upon learning of the finding, the not-for-profit should proceed with corrective action as rapidly as possible. Resolution of findings that relate to the programs of a single Federal agency is the responsibility of that agency. Resolution of findings affecting programs of more than one Federal agency is coordinated by the cognizant agency. A prime recipient is required to ensure that appropriate corrective action is taken by a subrecipient. Sanctions such as disallowed costs, or withholding or suspending awards are available to Federal agencies when proper corrective action on audit findings is not made in a timely manner. Subrecipient and Vendor 46. Distinguishing Between Subrecipient and Vendor What distinguishes a subrecipient from a vendor? A subrecipient is an entity that receives Federal assistance passed through from a prime recipient or another subrecipient to carry out or administer a program. Distinguishing characteristics of a subrecipient include items such as: - Determining eligibility for assistance; - Performance measured against meeting the objectives of the program; - Responsibility for programmatic decision making; - Responsibility for applicable program compliance requirements; and - Use of the funds passed through to carry out a program of the sub- entity as compared to providing goods or services for a program of the prime recipient. A vendor is an entity responsible for providing generally required goods or services related to the administrative support of the Federal award. These goods or services may be for the prime recipient or subrecipient's own use or for the use of beneficiaries of the program. Distinguishing characteristics of a vendor include items such as: - Providing the goods and services within normal business operations; - Providing similar goods or services to many different purchasers; - Operating in a competitive environment; and - Program compliance requirements do not pertain to the goods or services provided. There may be unusual circumstances or exceptions to the distinguishing characteristics of a subrecipient and vendor listed above. In making the determination of whether a subrecipient or vendor relationship exists, the substance of the relationship is more important than the form of the agreement. The Federal cognizant, oversight, or grantor agency may be contacted for guidance in making these determinations. Prime recipient monitoring and audit requirements for subrecipients are covered by A-133 (See question numbers 47 through 49). Grantee monitoring and audit requirements for vendors are based upon the grantee's responsibility to ensure compliance (See question numbers 57 and 58). A not-for-profit may be a prime recipient, subrecipient, and/or a vendor. The awards received as a prime recipient or subrecipient would be subject to audit under A-133. The amounts received only to provide goods or services as a vendor would not be considered Federal awards. 47. Recipient Monitoring Responsibility for Subrecipient What monitoring responsibilities do prime recipients have for subrecipients in addition to obtaining and acting on subrecipient audit reports? The prime recipient is ultimately responsible for all Federal awards passed through to subrecipients. Prime recipients should monitor subrecipients during the grant period to ensure compliance with applicable Federal requirements and achievement of performance goals. A good system of internal control by prime recipients should include provisions in contracts with subrecipients for appropriate sanctions when subrecipients fail to comply with program or audit requirements. 48. Recipient Auditor's Responsibility for Subrecipient What is the prime recipient auditor's responsibility for auditing the subrecipient? The prime recipient auditor's responsibilities are to determine whether: - The prime recipient's system for monitoring subrecipients and obtaining and acting on subrecipient audit reports is adequate; - The subrecipient has complied with A-128 or A-133 audit requirements, as applicable, and subrecipient audit reports are current; and - Subrecipient questioned costs or compliance findings which may be material or otherwise require adjustment of the prime recipient records are properly reflected by the prime recipient. The prime recipient auditor is not responsible for auditing the subrecipient. As long as the audit report of the subrecipient is current, it need not cover the same period as the prime recipient's audit. See discussion in question number 51 when there is no subrecipient audit. 49. Recipient & Auditor's Responsibility over For-Profit Subrecipient What are a prime recipient and its auditor's responsibilities when the subrecipient is a for-profit organization? Prime Recipient A prime recipient has the same responsibilities for funds passed through to for-profit subrecipients as not-for-profit subrecipients (See question numbers 47 and 48) except A-128 and A-133 do not establish for-profit subrecipient audit requirements. Since audit requirements are not specified, the monitoring procedures over for-profit subrecipients are more important. The contract with the for-profit subrecipient should include applicable administrative, general, and specific compliance requirements. Also, the prime recipient should consider establishing appropriate audit requirements and include them in contracts with for-profit subrecipients. Audit requirements a prime recipient may consider including in contracts with a for-profit subrecipient are: - A single audit in accordance with the requirements of A-128 or A-133; - A program-specific audit to determine compliance with applicable laws and regulations; and - Audits and monitoring similar to when vendors are responsible for compliance as discussed in question numbers 57 and 58. Prime Recipient's Auditor The prime recipient's auditor may determine that the for-profit subrecipient was required to obtain an audit which provides adequate compliance assurances for the prime recipient's programs. In this situation the auditor's responsibilities are the same as those described in question number 48 except the audit obtained is substituted for the A-128 or A-133 audit. When the for-profit subrecipient has not had an audit, the prime recipient's auditor is responsible to obtain reasonable assurance that the for-profit subrecipient materially complied with applicable laws and regulations. The auditor may obtain compliance assurances by either reviewing the not-for-profit's records and monitoring procedures, performing additional procedures to determine compliance such as testing the for-profit subrecipient's records, or a combination of procedures. In addition, the prime recipient's auditor is responsible to determine whether the prime recipient's system for monitoring subrecipients is adequate and whether subrecipient noncompliance necessitates adjustment of the prime recipient's records. 50. Subrecipient Audit Effect on Recipient Audit How can a subrecipient's audit affect the prime recipient's audit? Subrecipient audits may affect the prime recipient's audit in two ways. First, deficiencies in the prime recipient's system for monitoring subrecipients or acting on subrecipient audit reports could result in a prime recipient finding. Second, results of subrecipient audits may necessitate adjustment of the prime recipient's records. For example, findings in subrecipient audits could be significant enough to require an adjustment in the prime recipient's basic financial statements or Schedule of Federal Awards. In this example, the prime recipient report may include the subrecipient finding to help explain the adjustment. 51. Recipient Consequences When No Subrecipient Audit What are the consequences to a prime recipient when a subrecipient is required to be audited, but refuses, goes out of business, or otherwise does not perform the required audit? The prime recipient is required to ensure that subrecipients to whom it provides $25,000 or more in Federal awards meet applicable audit requirements. Possible consequences for lack of subrecipient audits are modifications to the prime recipient's audit reports, disallowed costs, or other adverse actions by Federal agencies. An alternative when a prime recipient is unable to obtain an audit for a subrecipient is to expand the prime recipient audit to include testing of subrecipient records for programs from the prime recipient. Even though the expanded testing could permit a clean prime recipient audit opinion and show proper accountability for Federal awards, there would still be a compliance finding for lack of subrecipient audits. 52. Recipient Program-Specific Audit of Subrecipient May a prime recipient engage an auditor to perform a program-specific audit on a not-for-profit subrecipient in lieu of requiring an A-133 single audit? If the subrecipient qualifies for a program-specific audit (See question number 5), then it would be appropriate for either the prime recipient or subrecipient to engage an auditor to perform the program- specific audit. When an A-133 single audit is required, separate program-specific audits will not meet the A-133 requirements. 53. Use of Internal Auditor to Audit Subrecipient May a prime recipient use its internal auditor to perform the audit required under A-133 for a subrecipient? A prime recipient government's internal auditor who is independent and otherwise meets the qualifications and standards prescribed by A-133 and Government Auditing Standards ("GAS") may perform the audit required by A-133 for a subrecipient. However, nongovernmental internal auditors could not perform subrecipient audits under A-133 because they are not included in the A-133 definition of independent auditor. A prime recipient internal auditor, either governmental or nongovernmental, may be used to monitor the subrecipient or assist the independent auditor. 54. Audit When Subrecipient Not Aware of Federal Award If a prime recipient does not identify awards to subrecipients as Federal or require the subrecipient to have an A-133 audit, does this relieve the subrecipient of the audit requirements? If the prime recipient does not inform the subrecipient that a Federal award is being passed through, and the subrecipient otherwise is not aware that the award is Federal or that an audit is required, then the prime recipient is responsible to make arrangements with the subrecipient for the proper audit. The prime recipient is ultimately responsible for Federal awards passed through to a subrecipient. The determining factor for A-133 audit requirements is the dollar amount of Federal awards received (See question numbers 5 and 7), not whether the audit is requested. All not-for-profit subrecipients whose total Federal awards received meet the dollar thresholds are required to have an A-133 audit. However, it is essential that the prime recipient identify Federal awards to the subrecipient. If the prime recipient fails to advise the subrecipient that the award is Federal, this should be considered a weakness in the prime recipient's internal control system for monitoring subrecipients. 55. Federal Part of Award to Subrecipient Unknown What does a not-for-profit subrecipient do when the prime recipient is unable or unwilling to indicate how much of an award is Federal? Prime recipients are responsible to identify Federal awards to subrecipients. However, when the not-for-profit subrecipient is unable to determine the amount of the award which is Federal, the full amount should be audited as a Federal award. The full amount should also be reported on the Schedule of Federal Awards with a footnote that the Federal amount is undeterminable. 56. Individual Student Receiving Over $25,000 If a student receives more than $25,000 in Federal financial assistance, is the student a subrecipient subject to audit under A-133? An individual who is a beneficiary of a program is not a subrecipient and therefore not subject to A-133 audit. 57. Not-for-profit Compliance Responsibility for Vendors What are a not-for-profit organization's responsibilities when the vendor is responsible for compliance or the vendor's records must be reviewed to determine compliance by the not-for-profit? In most cases, the not-for-profit's compliance responsibility for vendors is only to ensure that the procurement, receipt, and payment for goods and services comply with laws and regulations. Compliance requirements normally do not pass through to vendors. However, some transactions may be structured such that the vendor should also be responsible for compliance or the vendor's records must be reviewed to determine compliance. In these cases, the not- for-profit is responsible to ensure compliance for applicable transactions by vendors. Methods to ensure this compliance are pre-award audits, monitoring during the contract, and post-award audits. Audits may be done or procured by the not-for-profit or the terms and conditions of the contract may require the vendor to procure the audit. When necessary, contracts with vendors should include compliance requirements, audit and monitoring requirements, or the right to audit. Including the compliance requirements will establish a benchmark to measure compliance. Including audit and monitoring requirements and the right to audit provides the authority to access a vendor's records for monitoring or to obtain audit assurances. 58. Auditor's Compliance Responsibility for Vendors What are the not-for-profit auditor's responsibilities when the vendor is responsible for compliance or the vendor's records must be reviewed to determine compliance by the not-for-profit? As discussed in question number 57, compliance requirements normally do not pass through to vendors. However, some transactions may be structured such that the vendor should also be responsible for compliance or the vendor's records must be reviewed to determine compliance. In these cases, the auditor is still responsible to determine compliance for applicable vendor transactions. When the auditor cannot obtain compliance assurances from reviewing the not-for-profit's records and monitoring procedures, the auditor will need to perform additional procedures to determine compliance. These procedures may include testing the vendor's records or relying on work performed by the vendor's independent auditor. Internal Control 59. Auditor's Internal Control Responsibility What is the auditor's responsibility for obtaining an understanding of the internal control structure, assessing control risk, and testing internal control structure policies and procedures for Federal awards in an A-133 single audit? The auditor is responsible for obtaining an understanding of the internal control structure (including whether relevant controls have been placed in operation) and assessing control risk for Federal awards. Additionally, the auditor must perform tests to evaluate the effectiveness of the design and operation of significant policies and procedures in preventing or detecting material noncompliance. These tests should include both accounting controls and administrative controls (controls designed to ensure compliance with laws and regulations). The auditor's internal control responsibility under A-133 also includes testing a not-for-profit's system for monitoring subrecipients and the controls in effect to ensure direct and indirect costs were properly computed and billed. The auditor is not required to perform tests of controls for areas where the internal control structure policies and procedures are not likely to be effective in preventing or detecting material noncompliance. When internal controls are not tested for this reason, the auditor's report is required to: - Include the internal control deficiency as either a reportable condition or material weakness; - Identify the programs and requirements for which the relevant internal control policies and procedures were not tested; and - Describe the absence of relevant policies and procedures or other circumstances that cause the auditors to conclude that policies and procedures are likely to be ineffective. As an example, a small not-for-profit organization may have too few employees for effective separation of duties. The auditor would report the lack of separation of duties as a reportable condition or a material weakness. Alternatively, the auditor may determine that there are compensating controls which can be tested. In this case there may not be a reportable condition. The auditor's reporting on internal control is described in question number 30. 60. 50% Rule Does the 50% rule apply to A-133 single audits? The 50% rule, developed for A-128 single audits, states that it is sufficient to perform tests of controls for only major programs, when major program expenditures are at least 50% of total Federal expenditures. However, when major program expenditures are less than 50% of total Federal expenditures, the auditor should test controls over all major programs and the next largest nonmajor programs until controls over at least 50% of total Federal expenditures are subjected to testing. The auditor is required to obtain an understanding of the internal control structure and assess control risk for the remaining nonmajor programs. A preferred alternative to selecting the "next largest" nonmajor programs (to reach the 50% of Federal expenditures) is to select nonmajor programs on a rotating basis so that all but clearly insignificant programs are covered at least once every three years. Use of the 50% rule consistent with existing A-128 single audit guidance is acceptable for A-133 single audits until further guidance is issued. 61. Cyclical Approach for Other Nonmajor Programs Does the cyclical approach apply to A-133 single audits? Use of the cyclical approach for other nonmajor programs (not tested under the 50% rule) consistent with PCIE Position Statement No. 3 is acceptable for A-133 single audits. The cyclical approach provides that in some circumstances, it may not be practical to obtain an understanding of the internal control structure and assess risk for nonmajor programs annually. This may occur when a not-for-profit organization has a large number of nonmajor programs administered by multiple operating components. Under the cyclical approach, in the first year the auditor should gain an understanding of internal controls and assess risk for each nonmajor program. Thereafter, the auditor would obtain an understanding of internal controls and assess control risk for each nonmajor program once every three years. Any new nonmajor programs should be reviewed the first year the program is active. For an annual audit, each nonmajor program should be covered at least once every three years. If two year (biennial) audits are performed, all programs should be covered by every second audit. Compliance 62. Auditor's Compliance Responsibility What is the auditor's responsibility for auditing compliance under the A-133 single audit? The auditor's objective is to determine whether the not-for-profit organization has complied with laws and regulations that may have a direct and material effect on the financial statement amounts and on each major Federal program. Financial statement compliance is the normal responsibility under generally accepted auditing standards. Federal program compliance is the additional A-133 single audit responsibility. Question number 63 discusses how the auditor should determine applicable laws, regulations, and compliance tests. The extent of the tests is up to the auditor's judgment. While the A-133 audit objective is to determine compliance relative to major Federal programs, the auditor must also test any nonmajor program transactions that are otherwise selected during the audit. These nonmajor program transactions selected as part of the financial statement audit or internal control work should be tested for compliance with Federal laws and regulations that may apply to the transaction. The transaction tests are normally for allowable costs/cost principles, administrative requirements, types of services allowed or unallowed, eligibility, and other relevant compliance requirements applicable to the transaction. 63. Guidance for Compliance Tests What guidance should the auditor follow for compliance tests? General Compliance For testing general compliance requirements, the Compliance Supplement for Audits of Institutions of Higher Learning and Other Non-Profit Institutions (October 1991) ("A-133 Compliance Supplement") sets forth the compliance requirements and suggested audit procedures. Specific Compliance For testing specific compliance requirements of programs listed, the A-133 Compliance Supplement or the A-128 Compliance Supplement titled Compliance Supplement for Single Audits of State and Local Governments (Revised 1990) set forth the specific compliance requirements and suggested audit procedure. For programs contained in a compliance supplement which have not had subsequent changes, an audit of the requirements contained in the compliance supplement will meet the A-133 single audit requirements. If there have been changes, then the auditor should follow the provisions of the compliance supplement as modified by the changes. For testing specific requirements of programs not listed in the compliance supplements, the auditor should determine the availability of agency prepared supplements or audit guides. This can be done by reviewing the Program Audit Guide Survey (October 1991) prepared by the PCIE Standards Subcommittee (See question number 22 for how to order the Survey). The auditor may also contact the appropriate Inspector General's Office to determine whether subsequent audit guides have been issued or to obtain a copy of an audit guide. Guidance on specific compliance requirements is also available from grant agreements, laws, regulations, or the Catalog of Federal Domestic Assistance ("CFDA"). Even when programs are not listed, the compliance supplements can provide overall guidance on suggested audit procedures and the types of compliance requirements (i.e., types of services allowed or unallowed; eligibility; matching, level of effort, and/or earmarking requirements; special reporting requirements; and special tests and provisions). Auditors should be alert to changes in Federal laws and regulations and modify their audit procedures as appropriate. For major programs, auditors should review grant agreements to determine whether specific requirements reflected in the compliance supplement have changed. 64. Financial Reports & Allowable Costs/Cost Principles Does A-133 require two general requirements, Federal financial reports and allowable costs/cost principles, to be tested as specific compliance requirements? The auditor's opinion on major programs must also include two compliance categories which are listed in the compliance supplements as general requirements (See discussion in question number 30, item 6b). Therefore the auditor's testing to support the compliance opinion on major programs must include the general requirements of Federal financial reports and allowable costs/cost principles (including claims for advances, reimbursements, and matching). Following is a list of categories of compliance requirements which, if applicable, must be included in the compliance opinion on major programs: - Types of services allowed or unallowed; - Eligibility; - Matching, level of effort, and/or earmarking requirements; - Reporting: - Financial reporting; - Special reporting; - Special tests and provisions (describe any specific tests and provisions); and - Allowable costs/cost principles (including claims for advances, reimbursements, and matching). 65. Compliance Responsibility - Related Party Transactions What is the auditor's compliance responsibility under A-133 for related party transactions when these transactions involve Federal awards? Transactions may occur between a not-for-profit and another party which the auditor must consider as related party transactions in accordance with generally accepted auditing standards. Because the requisite conditions of competitive, free market dealings may not exist, transactions involving related parties cannot be presumed to be carried out on an arm's-length basis. When related party transactions involve Federal awards, the not-for-profit's auditor is responsible for determining whether these transactions would be in compliance with Federal laws and regulations and allowable if originated by the not-for-profit charging the Federal award. Depending on the Federal award involved and the type of cost, related party charges paid from Federal awards should not result in a profit. Also, the organizational structure should not result in claiming of costs that would otherwise be unallowable under Federal regulations. Question number 13 discusses audit requirements for organizations associated with a not-for-profit organization ("Associated Organizations"). 66. Responsibility for Testing Indirect Costs What is the auditor's responsibility for testing indirect costs? Indirect costs testing is part of the testing for total costs (indirect costs plus direct costs). A-133 requires total costs to be tested for internal controls and compliance as part of allowable costs/cost principles and amounts claimed for advances, reimbursements, and matching. If indirect costs were claimed as expenditures on Federal programs during the audit period, the auditor should determine whether the amounts claimed were determined in accordance with appropriate cost principles. Federal departments and agencies should rely on the work done by independent auditors on cost allocation procedures and practices to avoid duplicate audits. The A-133 Compliance Supplement provides suggested audit procedures for both direct and indirect costs. The extent of testing of total costs should be sufficient to support the opinion on compliance for each major program. 67. Responsibility for Program Income What is the auditor's responsibility for Federal program income? Program income compliance requirements and suggested audit procedures are included in the A-133 Compliance Supplement under the " Administrative Requirements," part of "General Requirements." Also, since program income will normally be included in Federal financial reports, the auditor should consider program income in determining whether Federal financial reports contain information that is supported by books and records from which the basic financial statements are prepared. The auditor's responsibility for Federal program income is the same as the responsibility for Federal expenditures. The auditor is responsible for internal controls over program income consistent with the auditor's internal controls responsibility discussed in question number 59 and for compliance over program income consistent with the auditor's compliance responsibility discussed in question number 62. 68. Drug-Free Workplace Act Does the Drug-Free Workplace Act apply to subrecipients? The Drug-Free Workplace Act applies to recipients who receive grants directly from Federal agencies. The Drug-Free Workplace Act does not apply to subrecipients. However, if a subrecipient is also a prime recipient, then the auditor must test for compliance with the Drug- Free Workplace Act. Also, in some cases the prime recipient may by contract pass the Drug-Free Workplace requirements on to a subrecipient. Sampling; Sample Sizes 69. Program-Specific Audit vs. Sample Sizes The U.S. Department of Education ("Education"), Audits of Student Financial Assistance Programs ("Audit Guide") specifies testing procedures and minimum sample sizes. Under A-133, is the auditor required to follow these procedures and minimum sample sizes? For an A-133 single audit, the Education Audit Guide procedures and minimum sample sizes are not required, but the auditor may use them as guidance. However, if the entity elects to have a program-specific audit because it has only one program or it received less than $100,000 in Federal awards, the auditor must use the Education Audit Guide. 70. Compliance Sample from All Major Programs Is the auditor required to select a sample from each major program for compliance testing? The selection and testing must include a sufficient number of transactions from each major program to support the opinion on each major program. Under certain circumstances, such as when programs have similar compliance requirements, it may be efficient to select a single sample from multiple programs. However, the auditor should be careful to ensure that sufficient testing is made of the compliance requirements of each major program. Two Year (Biennial) Audits 71. Annual A-133 Single Audit if Annual Financial Audit May a not-for-profit organization perform the financial statement audit annually but perform the A-133 single audit of Federal awards every two years? A-133 states that audits shall usually be performed annually but not less frequently than every two years. The intent was for not-for- profit organizations usually having annual financial audits to also have annual A-133 single audits. The reason for permitting two year audits was to not increase the audit frequency on not-for-profit organizations that were only having audits every two years. Therefore, the A-133 single audit must be annual when the not-for- profit has annual financial audits. Since some not-for-profit organizations and their auditors had interpreted A-133 to allow an A-133 single audit every two years in all cases, the Inspectors General may use judgment in accepting two year audits in the first cycle of audits under A-133. 72. Implementation Year for Two Year Audits A not-for-profit organization has audited Federal programs under A-110 on a two year cycle ending June 30, 1989. The not-for-profit wishes to continue the two year cycle. How should A-133 audits be implemented since A-110 is effective for the first year (year ended June 30, 1990) and A-133 is effective for the second year (year ended June 30, 1991)? The not-for-profit has two choices to implement a two year audit approach under A-133 which is effective for fiscal years that begin on or after January 1, 1990. The first choice is to implement A-133 early with an A-133 audit for the two year period ending June 30, 1991. Early implementation is encouraged by A-133. The second choice is to do a one year A-110 audit for the year ended June 30, 1990. The not-for-profit could then start A-133 audits with a new two year cycle ending June 30, 1992, or do a one year A-133 audit for the year ended June 30, 1991, and keep the original two year cycle ending June 30, 1993. The not-for-profit should consult with the cognizant or oversight agency when implementing a two year audit. 73. Two Year Audit Cover Both Years Must the two year audit cover both years or can the audit skip every other year? A two year audit must cover both years. 74. Major Program Determination for Two Year Audits In two year audits, is the test for major programs based on expenditures in each individual year or the combined expenditures for the two year period? The determination for major programs should be based on expenditures for the two year period. 75. Two Year Audits Not Always Permitted Are two year audits permitted even if the program laws or regulations require an annual audit? A-133 Attachment, paragraph 7 states, "Audits shall usually be performed annually but not less frequently than every two years." However, if the laws or regulations for the program require an annual audit, then an annual audit must be performed. For example, Head Start regulations and Section 330 of the Public Health Act (covering community health centers) both require an annual audit. A-133 guidance should be followed in performing the annual audit. Audit Costs; Audit Fees 76. Audit Cost Recovery - Overhead or Direct A not-for-profit organization currently has a multi-year overhead rate which does not include audit costs under A-133. What can the not-for- profit do to recover the cost of the audit? A-133 allows audit costs to be recovered as either direct or indirect costs in accordance with applicable cost principles. However, there is no special appropriation for audit costs. To recover audit costs, the not-for-profit must build them into the specific grant documents (if direct) or into the overhead proposal (if indirect). 77. Audit Costs Exceeding Allowable Administrative Costs If expenses and A-133 audit costs exceed the maximum allowable for administrative costs, how may the additional audit costs be reimbursed? An example would be student financial aid administrative expenses exceeding the maximum allowed by the programs. Audit costs may be considered as allowable administrative expenses. However, if administrative costs exceed the program maximum, then only the program maximum may be recovered. While A-133 provides that audit costs are allowable, A-133 does not authorize additional funds for audits. 78. When Audit Costs Charged Can the costs of an A-133 single audit be recovered even if part or all of the year being audited has passed? The audit is usually performed and paid for after the audit period. Therefore, it is proper to charge audit costs in the fiscal year immediately following the end of the audit period. 79. Charging Audit Costs in Advance May audit costs be charged in advance of their being incurred? Audit costs, like other expenses, should be reimbursed currently, rather than in advance. However, in some cases there will not be Federal awards in the next year to pay the audit cost. In this case, it would be acceptable to charge the Federal award in the current year and set up a reserve to pay the audit costs in the following year. The charge should be based on a valid contract with the auditor. 80. Charges for Quality Control Reviews How may independent auditors charge for time spent with Federal agencies during quality control reviews ("QCR")? When audits are properly performed and documented, the independent auditor's time with Federal agencies during a QCR is expected to be minimum. QCR time is similar to other time for quality control such as training, auditor policies and procedures, and peer review. Also, the process of having a Federal agency perform a QCR on the auditor's working papers should enhance the quality of the auditor's work. Therefore, Federal agencies do not expect Federal awards to be charged for the independent auditor's time spent on QCRs. Hospitals 81. Hospital Definition What is the definition of a hospital for purposes of A-133? A hospital is a facility that meets the following criteria: - Is primarily engaged in providing by or under the supervision of doctors of medicine or osteopathy, inpatient services for the diagnosis, treatment, and care or rehabilitation of persons who are sick, injured, or disabled; - Is not primarily engaged in providing skilled nursing care and related services for inpatients who require medical or nursing care; - Provides 24-hour nursing service; and - Is licensed or approved as meeting the standards for licensing by the State or local licensing agency as a hospital. 82. When Under A-128, A-133, or Excluded as Not-Affiliated When are hospitals included under A-128 or A-133, or excluded because they are not-affiliated? Under A-128 State and local governments have an option to include their hospitals as part of the State or local government's A-128 audit. Hospitals included as part of a State or local A-128 audit are under A-128. Under A-133 A-133 applies to hospitals affiliated with an institution of higher education but not audited as part of a State or local government under A-128. Since A-133 does not define affiliated, the Department of Health and Human Services ("HHS") has developed a definition to include hospitals with significant research and training funds. The HHS definition of affiliated, which is consistent with the intent of Office of Management and Budget, includes all situations in which: - Either a hospital or an institution of higher education has an ownership interest in the other entity or some other party (other than a State or local unit of government) has an ownership interest in each of them; - An affiliation agreement exists; or - Federal research or training awards to a hospital or institution of higher education are performed in whole or in part in the facilities of, or involve the staff of, the other entity. Excluded as Not-Affiliated A-133 does not apply to not-affiliated hospitals. The basis for excluding not-affiliated hospitals is that they receive most of their Federal reimbursements from Medicare or Medicaid programs which have their own audit mechanisms. Not-affiliated hospitals are subject to program-specific audit requirements imposed by any Federal awards they may receive. Other Questions 83. Coordinated Audit Approach What is the coordinated audit approach? When the independent auditor and other Federal and non-federal auditors each have audit responsibility for a not-for-profit organization, they should coordinate to minimize duplication of audit work. This coordination normally occurs when the Federal and non-federal auditors arrange to do the work at the same time or the non-federal auditors perform the single audit and later the Federal auditors build upon this work. When the work is performed by various auditors and pulled together to meet the A-133 audit requirements, it is referred to as the coordinated audit. A coordinated audit should not limit the scope of work necessary to meet audit objectives or issue timely reports. A coordinated audit must comply with the due professional care requirements of Government Auditing Standards in relying on the work of other auditors. Cognizant and other Federal audit agencies are required to coordinate, to the extent practical, audits made for Federal agencies which are in addition to A-133. The purpose is for these additional audits to rely and build upon the work of the A-133 audit. The coordinated audit approach does not limit the authority of Federal agencies or auditors nor does it authorize a not-for-profit to constrain Federal agencies or auditors in performing audits. To facilitate the audit cooperation, all contracts for not-for-profit audits should provide for appropriate access to working papers by other auditors. 84. Close-Out Audit What is a close-out audit? Federal award terms and conditions sometimes specify that residual funds may not be remitted to the not-for-profit organization until a contract specific audit is performed. This will often occur in cost-type contracts. The specific audit is called a close-out audit. To the extent practical, Federal agencies should rely on A-133 audits for purposes of closing out a contract. If the Federal agency needs to perform or arrange for additional audit work, the additional work should build upon the A-133 audit. See question number 35 for discussion of audits by Federal agencies in addition to A-133. 85. Assignment of Cognizant & Oversight Agencies What is the process for arranging for an assignment of a cognizant agency or oversight agency? The Office of Management and Budget ("OMB") will assign a cognizant agency to larger not-for-profit organizations. Smaller not-for-profit organizations that are not assigned a cognizant agency will be under the general oversight of the Federal agency that provides them with the most direct funds. Where there is no direct funding, the Federal agency with the most indirect funding will be the oversight agency. The oversight agency may assume all or some of the responsibilities performed by the cognizant agency. 86. Working Papers and Report Retention How long must audit working papers and reports be kept? A-133 requires auditors to keep audit reports and working papers for a minimum of three years after the date of the audit report, unless the auditor is notified in writing by the cognizant agency to extend the period. A-133 requires prime recipients and subrecipients to keep their audit reports, and the reports of any of their subrecipients, for this same three year period. When auditors are aware that findings and questioned costs are still unresolved, the applicable Federal agency should be contacted prior to destruction of working papers and reports. 87. Quality Checklists Are the quality control checklists used by the Inspectors General available for practitioners to use in evaluating the quality of their own working papers and reports? Checklists prepared by the President's Council on Integrity & Efficiency (PCIE) are currently available for A-128 audits. They may be obtained by written request to the Treasury Office of Inspector General, Room 7210, ICC Building, 1201 Constitution Ave., N.W., Washington, D.C. 20220 or FAX 202-927-5418. Titles of the 1991 editions of these checklists are Uniform Desk Review Guide for A-128 Single Audits (Order number PCIE-06-056) and the Uniform Quality Control Review Guide for A-128 Single Audits (Order number PCIE-06-057). The PCIE plans to develop separate checklists for A-133 audits. The A-128 checklists may be helpful until the A-133 checklists are developed; however, auditors should consider the differences between the circulars. 88. Auditors Suspended or Debarred from Federal Programs How can a not-for-profit organization determine whether an auditor or audit firm has been excluded from audits of Federal programs, i.e., suspended or debarred? The U.S. General Services Administration issues a monthly publication titled Lists of Parties Excluded From Federal Procurement or Nonprocurement Programs. The Lists of Parties is available from the Superintendent of Documents, U.S. Government Printing Office, Washington, DC 20402. Since either the firm or an individual CPA may be excluded, the not-for-profit should check both the firm name and the name of the key auditors who will be assigned to the audit. The not-for-profit may seek the advice of its cognizant or oversight agency to determine whether a particular firm or auditor has been suspended or debarred. As part of the auditor procurement process, the not-for-profit may wish to obtain a written statement from the audit firm that neither the firm nor anyone assigned to the engagement has been excluded from Federal programs. 89. Foreign Auditors Should reports be accepted from foreign auditors when the auditor did not fully meet Government Auditing Standards? Auditors performing A-133 audits are required to meet Government Auditing Standards. No specific exception is provided for foreign auditors. However, in some cases because of the language capabilities or specialized local knowledge, it is necessary to use independent auditors in developing countries. These auditors may not fully meet Government Auditing Standards such as the requirements for continuing education or external quality control reviews. Under these circumstances, the auditor should disclose the auditing standards which were not met. The Inspectors General, or prime recipients in the case of a subrecipient, should use their judgment on whether to accept the reports. 90. Reference Correction in A-133 In the A-133 Attachment, is the reference to paragraph 13c(3) in paragraph 15 - Audit Reports, sub-paragraph 15c(3) correct? This reference is not correct. The correct reference should be to paragraphs 13c(4) and 13c(5) which describe the specific objectives for the compliance tests and opinion. Appendix I - Federal Agency Contact Points for A-128 & A-133 Audits