The Corona Aid, Relief, and Economic Security Act (CARES) is intended to provide relief to individuals and businesses in need. Guidance continues to be released a day or week at a time. While there are many questions that are still left unanswered, we are beginning to receive answers to some pertinent questions as it relates to the CARES Act and the impact on single audit.
For those who have never had to complete a single audit before, compliance is key.
Paycheck Protection Program and Economic Injury Disaster Relief Loans
Paycheck Protection Program (PPP) loans will not be subject to single audit. Therefore, organizations that received PPP funding will not have to worry about recording the loan balance (or forgiveness) on the Schedule of Expenditures of Federal Awards (SEFA).
However, on May 4, 2020, information released by the Governmental Audit Quality Center of the AICPA indicated that organizations that received the Economic Injury Disaster Loan (EIDL) directly from the SBA will need to include the loan balance (or amounts forgiven) on the SEFA, as EIDL will be subject to single audit.
Coronavirus Relief Fund (CRF)
The $150 billion distribution to states, large counties and cities from the U.S. Department of Treasury is subject to single audit. In general, the use of these funds is limited to expenditures (not revenue replacement) that were incurred as a direct result of COVID-19 and were not previously budgeted. Each jurisdiction has its own authority on how to use and expend the funds. There is a broad range of allowable expenditures (in relation to COVID-19).
From a larger perspective, funding is expected to be passed-through from the recipients to organizations at lower tiers (i.e., small businesses, nonprofits, small counties and cities). Since this funding is subject to single audit, the pass-through monies are also subject to single audit. Organizations that receive CRF funding from their state, county, or city will be required to record the expenditures on their SEFA.
In general, most other programs under the CARES Act are also subject to single audit. These include the Provider Relief Funds, Education Stabilization and Relief Funds, and many other individual programs. Each program has its own specific uses (allowable costs). Organizations must read the guidance published by the federal agencies for each of these programs.
Single Audit and Internal Controls
Now that we know the majority of programs under the CARES Act will be subject to single audit, organizations need to be prepared for what that means. For those organizations that have never had a single audit, the audit will be required if total federal expenditures (and loans) exceed $750,000 in the fiscal year.
The crux of every single audit and whether it will be successful or not is internal controls. Recipients are required to maintain internal controls when receiving federal grants, loans, or other federal assistance.
We recommend tracking the costs for these programs, ensuring reimbursement is not being duplicated for the same costs, documenting your secondary review process and increasing communication with your grantors and auditors. It is likely that many of these programs will be treated as high-risk by auditors, and auditors will almost certainly be reviewing policies and procedures, expenses, and overall stewardship of these funds.
Need help understanding how to prepare for a single audit?
The upcoming draft of the compliance supplement is not expected to include COVID-19 related items. However, the Office of Management and Budget (OMB) has indicated that an addendum to the compliance supplement will be published in September 2020, which will include the guidance for these programs. Unfortunately, that timeline may be late in the game and close to filing deadlines. Communication with your auditor is key to ensuring everyone is aware of the requirements and the steps to mitigate questioned costs, filing deadline impact, and general confusion.
We broke down general single audit requirements to consider in our single audit deficiency series.