Every organization that spends $1,000,000 or more in federal awards during a fiscal year will face a Single Audit.1 This is not a possibility; it is a regulatory certainty. The audit itself is rarely the problem. The problem is what auditors find when they arrive, and those findings carry real financial consequences: questioned costs that must be returned to the federal government, restricted future funding, and escalated oversight that consumes staff time for years.2
Between 2019 and 2023, the Government Accountability Office reported that the most common Single Audit deficiencies involved internal controls, subrecipient monitoring, and allowable costs.3 These are not obscure compliance technicalities. They are the basic operational functions that determine whether your organization can demonstrate it spent public money as intended. A single questioned cost finding can range from $22,000 to $144,000 or more, depending on the program and the nature of the deficiency.4
This post walks through what the audit actually examines, how to prepare at each stage, and what to do when findings occur. If your organization has never been through a Single Audit, or if your last one produced findings you need to avoid repeating, this is a practical starting point.
What the Audit Actually Tests
A Single Audit under 2 CFR Part 200, Subpart F has two components: a financial statement audit and a compliance audit of your major federal programs.5 The compliance audit is where most findings originate, and the areas tested are defined by the OMB Compliance Supplement, published annually for each federal program.6
Auditors test whether expenditures were authorized by the award (activities allowed or unallowed), whether costs meet the standards in Subpart E (allowable costs and cost principles), and whether you minimized the time between drawing down federal funds and disbursing them (cash management).7 They examine whether program beneficiaries met eligibility criteria, whether matching contributions were documented, and whether all costs fell within the authorized grant period.8 Procurement practices are tested against federal standards, including verification that vendors are not on the excluded parties list.9 Reporting accuracy and timeliness are reviewed. If you passed funds to subrecipients, the auditor will test whether you monitored them as required.10
The critical point is that auditors test whether controls operated effectively throughout the audit period, not just at a single point in time. A control that worked in January but broke down in August will generate a finding for the entire year.
Six Months Out: Build the Foundation
Compile Your Federal Awards Schedule Early
The Schedule of Expenditures of Federal Awards (SEFA) is a required audit component that lists every federal award your organization expended during the fiscal year: the Assistance Listing number (formerly CFDA), the awarding agency, any pass-through entity, and total expenditures.11 Errors in the SEFA itself can generate a finding, which means the schedule you prepare to support the audit can become a source of problems if you compile it under time pressure. Start six months out.
Close Out Prior Year Findings
If your organization had findings in the prior year, the auditor is required to follow up on every one of them.12 Review your corrective action plan from the last audit and verify that each remediation step is complete, documented, and supported by evidence. This matters because repeat findings are treated more seriously than first-time findings. A repeat finding can trigger additional federal oversight, including the designation of your organization as “high risk,” which imposes special conditions on future awards.13
Audit Your Own Policies
Auditors will request your written policies for financial management, procurement, travel, time and effort reporting, and conflict of interest. Each policy must reflect current practice and reference current regulations. The 2024 revision to 2 CFR Part 200 changed several thresholds (notably the micro-purchase and simplified acquisition thresholds), so any policy written before that revision is likely out of date.14 An outdated policy functions the same as a missing one: both produce findings.
Three Months Out: Test What the Auditors Will Test
Pull Your Own Transaction Samples
Select a sample of transactions from each major program and verify that you can produce the complete documentation trail. For personnel costs, that means timesheets, pay stubs, and the allocation methodology. For procurement, it means the solicitation, evaluation criteria, selection memo, executed contract, invoice, and proof of payment. For subrecipient payments, it means the subaward agreement, risk assessment, monitoring documentation, and invoice review records.
If any transaction is missing documentation now, you have time to locate or reconstruct it. During the audit, you will not have that time, and the gap will become a finding.
Reconcile the SEFA to Your General Ledger
The total federal expenditures on your SEFA must reconcile to your general ledger. Discrepancies between these two sources are one of the most common audit findings because they suggest either misclassification of costs or incomplete tracking of federal funds.15 Run the reconciliation now. Resolve every difference before the auditor asks about it.
Verify Subrecipient Monitoring Files
If you passed federal funds to subrecipients, your file for each one must contain a written subaward agreement with the required terms from 2 CFR 200.332, a pre-award risk assessment, documentation of ongoing monitoring (financial report reviews, site visits, or desk reviews), and verification of each subrecipient’s Single Audit status through the Federal Audit Clearinghouse.16 Missing any one of these elements can produce a finding, even if the subrecipient performed well.
During the Audit: Execution Matters
Assign one person to coordinate all auditor interactions: receiving document requests, scheduling interviews, and tracking what has been provided. This prevents duplicated effort, ensures consistent responses, and keeps the audit on schedule. Auditors work within budgeted hours, and delays in providing documentation extend the timeline, increase costs, and can be noted in the audit report itself.
When auditors ask about unusual transactions or deviations from standard procedures, provide clear written explanations with supporting documentation. Verbal explanations are insufficient because the auditor needs evidence that can be referenced in their workpapers. If the explanation involves context not already in the transaction file, write a memo and add it to the file while the audit is still in progress.
After the Audit: Corrective Action Is Operational, Not Ceremonial
If the audit produces findings, you must submit a corrective action plan that identifies the specific steps to address each finding, the person responsible for each step, and the target completion date.17 Federal agencies and pass-through entities track whether corrective actions are completed. Unresolved findings compound: they carry forward into the next audit cycle, increase the likelihood of additional oversight, and can restrict your ability to receive new awards. Treat the corrective action plan as an operational commitment with deadlines, not a document you file and forget.
Find Your Gaps Before the Auditors Do
The most effective Single Audit preparation is knowing where your compliance gaps are before someone else identifies them. Our free diagnostic evaluates your compliance posture across five domains (financial management, internal controls, procurement, personnel, and subrecipient monitoring) in about 10 minutes. You get a scored report with specific, actionable recommendations.
Take the Free Grant Readiness Assessment
Notes
1 2 CFR 200.501(a). The Single Audit threshold was raised from $750,000 to $1,000,000 effective October 1, 2024, per the 2024 revision to 2 CFR Part 200.
2 2 CFR 200.338 lists remedies for noncompliance, including disallowance of costs, suspension, and withholding of future awards.
3 GAO, “Single Audits: Improvements Needed in Selected Agencies’ Oversight of Federal Award Recipients” (GAO-23-105453, 2023).
4 OIG audit reports across HHS, DOJ, and DOL programs. Range reflects questioned costs in individual findings from publicly available audit resolution summaries.
5 2 CFR 200.514 describes the scope of the Single Audit, including the requirement for both a financial statement audit and a federal awards compliance audit.
6 OMB Compliance Supplement (2 CFR Part 200, Appendix XI). Updated annually and available at whitehouse.gov.
7 2 CFR 200.303 (internal controls), 2 CFR 200.305 (cash management requirements for federal funds).
8 2 CFR 200.306 (cost sharing and matching), 2 CFR 200.403(g) (period of performance for costs).
9 2 CFR 200.318-326 (procurement standards), 2 CFR 200.214 (suspension and debarment verification via SAM.gov).
10 2 CFR 200.332 (requirements for pass-through entities monitoring subrecipients).
11 2 CFR 200.510(b) details the SEFA requirements, including the requirement to list the Assistance Listing number for each program.
12 2 CFR 200.511(b) requires the auditor to follow up on prior audit findings and report the status of corrective actions.
13 2 CFR 200.208 authorizes federal agencies to impose specific conditions on recipients with a history of noncompliance.
14 2 CFR 200.320 (methods of procurement). The 2024 revision raised the micro-purchase threshold to $10,000 and aligned the simplified acquisition threshold with 41 U.S.C. 134.
15 2 CFR 200.510(b) requires that SEFA amounts reconcile to the recipient’s financial records.
16 2 CFR 200.332(d)-(f) specifies monitoring requirements for pass-through entities, including risk assessment, ongoing monitoring activities, and verification of subrecipient audit compliance via the Federal Audit Clearinghouse.
17 2 CFR 200.511(c) requires the auditee to prepare a corrective action plan addressing each audit finding.
Leave a Reply