[Federal Register Volume 61, Number 84 (Tuesday, April 30, 1996)]
[Notices]
[Pages 19134-19150]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 96-10330]




[[Page 19133]]


_______________________________________________________________________

Part III





Office of Management and Budget





_______________________________________________________________________



Audits of Institutions of Higher Education and Other Non-Profit 
Institutions; Notice

  Federal Register / Vol. 61, No. 84 / Tuesday, April 30, 1996 / 
Notices  

[[Page 19134]]



OFFICE OF MANAGEMENT AND BUDGET


Audits of Institutions of Higher Education and Other Non-Profit 
Institutions

AGENCY: Office of Management and Budget.

ACTION: Final Revision of OMB Circular A-133, ``Audits of Institutions 
of Higher Education and Other Non-Profit Institutions.''

-----------------------------------------------------------------------

SUMMARY: This revision of Office of Management and Budget (OMB) 
Circular A-133 establishes a uniform system of auditing for 
institutions of higher education and other non-profit organizations. 
One of the more significant revisions is that the threshold for when an 
entity is required to have an audit is raised from $25,000 to $300,000. 
This will significantly reduce audit costs for many small non-profit 
organizations. Other significant changes are: additional guidance for 
program-specific audits (Sec. ______.235), audit findings 
(Sec. ______.510), and audit findings follow-up (Sec. ______.315); a 
report submission due date which is shortened from 13 to 9 months and a 
report submission process that includes a certification form and 
streamlined filing requirements (Sec. ______.320); and, a new risk-
based approach for major program determination (Sec. ______.520).

DATES: The standards set forth in Sec. ______.400 of the Attachment to 
this Circular, which apply directly to Federal agencies, shall be 
effective July 1, 1996, and shall apply to audits of fiscal years 
ending on or after June 30, 1997. The standards set forth in this 
Circular that Federal agencies are to apply to non-profit organizations 
shall be adopted by Federal agencies in codified regulations not later 
than November 30, 1996, so that they will apply to audits of fiscal 
years ending on or after June 30, 1997, with the exception that 
Sec. ______.305(b) of the Attachment applies to audits of fiscal years 
ending on or after June 30, 1999.

ADDRESSES: A copy of the Circular may be obtained from the OMB fax 
information line, 202-395-9068, document number 1133; OMB home page on 
the internet which is currently located at http://www.whitehouse.gov/
WH/EOP/omb; or by writing or calling the Office of Administration, 
Publications Office, room 2200, New Executive Office Building, 
Washington, DC 20503, telephone (202) 395-7332.

FOR FURTHER INFORMATION CONTACT: Recipients should contact their 
cognizant or oversight agency for audit, or Federal awarding agency, as 
may be appropriate in the circumstances. Subrecipients should contact 
their pass-through entity. Federal agencies should contact Sheila O. 
Conley, Office of Management and Budget, Office of Federal Financial 
Management, Financial Standards and Reporting Branch, telephone (202) 
395-3993, fax (202) 395-4915.

SUPPLEMENTARY INFORMATION:

A. Background

    The Office of Management and Budget (OMB) received approximately 
150 letters providing approximately 1600 individual comments in 
response to the Federal Register proposal of March 17, 1995 (60 FR 
14594-14606). Letters came from Federal agencies (including Offices of 
Inspectors General), State governments (including State auditors), 
certified public accountants (CPAs), internal auditors, non-profit 
organizations (including colleges and universities), professional 
organizations, and others. All comments were considered in developing 
this final revision.
    Section B presents a summary of the major public comments grouped 
by subject and a response to each comment. Other changes were made to 
increase clarity and readability.

B. Public Comments and Responses

Common Rule Format

    Comment: Several commenters suggested that the implementation of 
the Circular be done using the ``common rule'' format so that all 
affected Federal agencies could codify the provisions of the Circular 
without change and prior to the effective date.
    Response: Circular A-133 was reformatted to facilitate codification 
by Federal agencies.

Uniform Audit Requirements

    Comment: In the preamble of the proposed revision, OMB stated a 
plan to seek modifications to the Single Audit Act of 1984 (31 U.S.C. 
Chapter 75) and OMB Circular No. A-128, ``Audits of State and Local 
Governments,'' such that one law and one circular could cover both 
State and local governments and non-profit organizations. Commenters 
strongly supported this change.
    Responses: Even though Circular A-133 does not apply to State and 
local governments, provisions were made to easily adapt Circular A-133 
to include State and local governments if the Single Audit Act is 
amended. For example, changes were made to the risk-based approach to 
determine major programs for circumstances that most likely will only 
occur in large Statewide single audits.

Increased Threshold for Audit

    Comment: Commenters overwhelmingly supported raising the threshold 
for audit, with the majority supporting the proposed threshold of 
$300,000. A common statement in favor of this change was that it would 
reduce audit costs, while still providing adequate audit coverage of 
Federal programs.
    Response: This final revision raises the audit threshold to 
$300,000. Pass-through entities should make appropriate changes in 
their agreements with subrecipients to reflect that Circular A-133 no 
longer requires an audit for entities expending less than the $300,000 
threshold. Also, pass-through entities will need to consider this 
change, review their overall subrecipient monitoring process, and 
decide what, if any, additional monitoring procedures may be necessary 
to ensure subrecipient compliance for the subrecipients not required to 
have a Circular A-133 audit. It is expected these monitoring procedures 
could be more targeted and less costly than the full Circular A-133 
audit.

Special Provision for Certain Small Subrecipients

    Comment: Most commenters opposed the provision to allow Federal 
agencies to require pass-through entities to arrange for audits of 
subrecipients receiving less than the $300,000. A reason often cited 
was that this provision defeats the purpose of raising the audit 
threshold.
    Response: This provision was included in the proposed revision to 
provide audit coverage of Federal programs, such as the Job Training 
Partnership Act (JTPA) programs, which are structured such that 
substantial service delivery and expenditure of Federal funds are made 
by subrecipients that expend less than $300,000 in Federal awards.
    The provision has not been added to the Circular. However, it is 
important to note that both the pass-through entity and the pass-
through entity's auditor have responsibilities for these funds even 
when an audit of the subrecipient is not required. The pass-through 
entity is still responsible to monitor the activities of the 
subrecipient and ensure that Federal awards are only used for 
authorized purposes. Additional monitoring procedures may be necessary 
when a material amount of program funds is passed through to 
subrecipients which are not audited.

[[Page 19135]]

    The pass-through entity's auditor is responsible for performing 
sufficient tests to support an opinion on compliance for each major 
program. When subrecipients which are not audited expend a material 
amount of funds from a major program, the auditor will need to consider 
obtaining compliance assurances by reviewing the pass-through entity's 
records and monitoring procedures, performing additional procedures to 
determine compliance, such as testing the subrecipient's records, or a 
combination of procedures. In addition, the pass-through entity's 
auditor is responsible for determining whether the pass-through 
entity's system for monitoring subrecipients is adequate and whether 
subrecipient noncompliance necessitates adjustment of the pass-through 
entity's records.

Consideration of Triennial Audit

    Comment: In the preamble of the proposed revision, OMB stated it 
was considering a triennial audit approach and requested comments on 
its feasibility. Commenters from non-profit organizations supported a 
triennial audit approach. Reasons cited were relief of audit burden and 
a reduction in the number of audits required to be reviewed as part of 
subrecipient monitoring.
    However, Federal agency commenters were opposed to a triennial 
audit approach and cited problems, such as it would alert the non-
profit organization in advance of which years should be audited, 
significantly complicate the risk-based approach for selecting major 
programs (e.g., under the risk-based approach a large program is only 
required to be audited once every three years and with triennial audits 
this could be once in every nine years), and result in only limited 
cost savings (e.g., under the triennial audit approach a financial 
statement audit and testing of internal control would still be 
required).
    Response: The triennial audit approach was not added to the 
Circular. However, the Circular does provide significant audit relief 
to non-profit organizations by raising the audit threshold from $25,000 
to $300,000, allowing a risk-based approach to selecting major 
programs, and streamlining the report distribution process by use of a 
certification form. The risk-based approach will permit low-risk non-
profit organizations to reduce the percentage of Federal expenditures 
required to be covered as major programs. The certification form, as 
discussed later in this supplementary information, will simplify the 
pass-through entity's review of subrecipient reports which have no 
audit findings.

Risk-Based Approach To Determine Major Programs

    Comment: Except for comments from CPAs, the commenters supported 
the risk-based approach as presented. CPA commenters opposed the risk-
based approach and cited as reasons that it was inappropriate for the 
auditor to determine major programs, there could be problems in 
submitting a proposal to conduct a Circular A-133 audit when it is not 
known in advance which programs will be audited, and there would 
possibly be cost increases for the auditor to perform risk assessments. 
While State auditor commenters supported the risk-based approach, those 
from the larger States cited implementation problems in performing risk 
assessments on a large number of Type B programs.
    Response: The auditor is best suited to determine major programs 
for reasons, such as independence and the understanding of risk to 
Federal programs obtained as part of the audit. Therefore, the proposal 
has been adopted, with no changes made to the requirement for the 
auditor to determine major programs. However, in recognition of the 
concerns expressed relative to larger audits, Appendix 1 
(Sec. ______.520), Major Program Determination, was modified as 
follows:
    Step 1 (Sec. ______.520(b)(1)) was modified to provide a sliding 
scale in determining Type A programs. This change only affects auditees 
with Federal expenditures over $100 million.
    Step 2 (Sec. ______.520(c)(2)) was modified to permit a Federal 
agency, with OMB approval, to designate that a low-risk Type A program 
could not be considered low-risk. This designation could be for 
reasons, such as to help the Federal agency comply with Section 405 of 
the Government Management Reform Act (P.L. 103-356).
    Step 3 (Sec. ______.520(d)(2)) was modified to add a sliding scale 
which defines relatively small Federal programs in terms of a 
percentage of total Federal expenditures. This benefits very large 
audits by reducing the number of Type B programs for which the auditor 
must perform risk assessments. The decrease in the total amount of 
Federal expenditures subject to audit will be relatively small because 
of the wide difference in size between the largest and smallest Federal 
programs.
    Step 4 (Sec. ______.520(e)) was modified to only require one-half 
of the high-risk Type B programs to be audited as major and provide a 
limit that the number of these Type B programs audited as major need 
not exceed the number of low-risk Type A programs.
    However, should the auditor choose not to exclude a low-risk Type A 
program, this would not affect the limit. The limit is on the number of 
low-risk Type A programs, not the number excluded. Also, even though 
larger dollar Type A programs may be excluded as low-risk, they may 
still need to be audited to meet the 50 percent rule.
    To mitigate any implementation problems with the risk-based 
approach, the provision for deviation from use of risk criteria 
provided in Sec. ______.520(i) applies to the first year this Circular 
is applicable and permits auditors to defer implementation of the risk-
based approach for one year.

Implementation of the Risk-Based Approach To Determining Major Programs

    Comment: A commenter inquired whether a Type A program may be 
considered low-risk when it was audited as a major program in 
accordance with the prior Circular A-133, issued March 8, 1990, and 
otherwise met the criteria in Appendix 1, step 2 to be classified as 
low-risk.
    Response: The reference in Appendix 1, step 2 
(Sec. ______.520(c)(1)) to the two most recent audit periods means 
audit periods in which the audit was performed either under the prior 
Circular A-133 or this revision. Therefore, a Type A program which 
meets the Appendix 1, step 2 (Sec. ______.520(c)(1)) criteria for low-
risk based on the results of an audit performed in accordance with the 
prior Circular A-133 may be considered low-risk. Similarly, the 
reference in the criteria for a low-risk auditee in Appendix 3 
(Sec. ______.530) to the preceding two years applies to audits 
performed either under the prior Circular A-133 or this revision.

Request for a Program To Be Audited as a Major Program

    Comment: Several commenters expressed concern that the provision 
for a Federal agency or pass-through entity to request a program to be 
audited as a major program would significantly increase the work 
required for single audits and requested that it be removed. A few 
commenters also expressed concern that these programs would not count 
towards meeting the 50 percent rule.
    Response: This provision has been adopted; however, a change was 
made to allow programs audited as major under this process to count 
towards

[[Page 19136]]

meeting the 50 percent rule. This process does not significantly change 
the authority Federal agencies and pass-through entities now have to 
perform additional audits as long as they pay for them. The addition is 
that these audits may be incorporated within the framework of the 
single audit and thereby eliminate duplicative audit planning and 
reporting. Since the Federal agency or pass-through entity must still 
pay the full incremental audit cost, OMB does not expect a significant 
increase in major programs from this provision.
    It should be pointed out that any Type A program selected to be 
audited under this provision must be low-risk. If it were not low-risk, 
it would have been audited as a major program under the risk-based 
approach. Therefore, this provision will not reduce the number of high-
risk Type B programs audited as major.

Required Level of Internal Control Testing

    Comment: All CPA commenters and over half of the State auditor 
commenters opposed the proposed requirement for the auditor to plan the 
testing of internal control over Federal programs to achieve a low 
assessed level of control risk. Concerns included that it increases the 
amount of audit work, limits auditor's judgment, and is arbitrary. By 
contrast, one commenter stated support for the proposed requirement 
because it would force the auditor to look at internal control over 
Federal programs and to note reportable conditions when internal 
control is not adequate.
    Response: The proposal has been adopted, with no changes. Some 
commenters appeared to understand this provision to mean that, when 
control exceptions are found, the auditor is required to continue 
testing until a low level of risk is achieved. This is not the case. 
The auditor is not required to expand testing to try to achieve a low 
level of risk. The auditor is only required to plan the audit for a low 
level of assessed risk and report the results of this testing.
    It has been a longstanding Federal policy that the recipient of 
Federal funds is required to establish internal control systems to 
provide reasonable assurance that it is managing Federal funds in 
compliance with applicable laws and regulations. Also, the Single Audit 
Act (31 U.S.C. Chapter 75) requires the auditor to test internal 
control over Federal funds subject to that Act. Therefore, it is 
reasonable to require the auditor to plan the audit consistent with the 
level of internal control the recipient of Federal funds is required to 
maintain. Also, the Circular permits the auditor to not test internal 
controls which are inadequate and instead disclose a reportable 
condition or material weakness and perform additional tests of 
compliance as necessary in the auditor's judgment.

Schedule of Expenditures of Federal Awards

    Comment: Most commenters supported the level of detail included in 
the proposal for the schedule of expenditures of Federal awards. One 
commenter suggested that it would be beneficial for pass-through 
entities to identify in the schedule the amount passed-through to 
subrecipients. This disclosure would tell program managers the amount 
of program expenditures that was subject to audit at the pass-through 
entity level.
    Response: A provision has been added to encourage, but not require, 
pass-through entities to disclose in the schedule the total amount 
provided to subrecipients from each Type A program and from each Type B 
program which is audited as a major program. In most cases this 
information should be readily available and would improve the 
usefulness of the schedule.

Attestation on Internal Control and Compliance

    Comment: The preamble to the proposed revision requested comments 
as to whether a requirement should be added for the audits to include a 
management assertion and auditor attestation for internal control or 
compliance. The majority of commenters were opposed to this change 
because it would impose additional requirements on entity management 
and increase audit cost.
    Response: In light of the concerns raised, this proposed revision 
has not been added to the Circular.

Criteria for Reporting Questioned Costs

    Comment: Commenters' views on the proposed $10,000 threshold for 
reporting known or likely questioned costs varied from describing it as 
too high, too low, or just right. Commenters expressed concern that the 
concept of likely questioned costs needed further clarification.
    Response: OMB believes that the $10,000 threshold for reporting 
questioned costs provides the appropriate balance between reporting all 
questioned costs and only reporting large questioned costs. Also, audit 
findings which do not result in questioned costs but are material to 
the types of compliance requirements or an audit objective in the 
compliance supplements will still be reported as reportable conditions 
under Sec. ______.510(a)(1) or material noncompliance under 
Sec. ______.510(a)(2).
    Generally accepted auditing standards require the auditor to 
project the amount of known questioned costs identified in the sample 
to the items in the major program and to consider the best estimate of 
total questioned costs (both known and likely) in determining an 
opinion on compliance. The Circular does not require the auditor to 
report an exact amount or statistical projection of likely questioned 
costs, but rather to include an audit finding when the auditor's 
extrapolation of these likely questioned costs is greater than $10,000.
    Since the requirement for the auditor to consider likely questioned 
costs is not new, and since likely questioned costs which are greater 
than $10,000 may be significant to a Federal program, OMB believes they 
should be included in audit findings. In reporting likely questioned 
costs, it is important that the auditor follows the requirements of 
Sec. ______.510(b) and provides appropriate information for judging the 
prevalence and consequences of the audit finding.

Requirement To Follow Up on Prior Audit Findings

    Comment: One commenter expressed concern that the requirement for 
the summary schedule of prior audit findings to include audit findings 
from before the prior year may result in many old audit findings being 
reported year after year.
    Response: As a practical matter, unless an audit finding is 
repeated in a subsequent year, there is limited value in continuing to 
follow up on an audit finding when the Federal agency or pass-through 
entity chooses to take no action. Therefore, a provision has been added 
stating that a valid reason for considering an audit finding as not 
warranting further action is that: (a) two years have passed since the 
audit report was filed with the central clearinghouse designated by 
OMB, (b) the Federal agency or pass-through entity is not currently 
following up on the audit finding, and (c) a management decision was 
not issued.
    Also, for the first year the entity is audited under this Circular, 
the prior year report may not have included the equivalent of a summary 
schedule of prior audit findings. In these cases, the auditee may 
exercise judgment and only include, to the extent practical, audit 
findings before the prior year.

[[Page 19137]]

Corrective Action Plan

    Comment: Some college and university commenters expressed concern 
that the requirement to list the name of the contact person responsible 
for corrective action precluded a non-profit organization from naming 
one person responsible for all audit findings.
    Response: The proposal has been adopted, with no changes. Some 
commenters appeared to misunderstand this provision. It is important 
that a non-profit organization name a contact person or persons to be 
responsible for corrective action. However, contrary to the commenters' 
understanding, the non-profit organization has discretion to determine 
whether one person should be responsible for all or a group of audit 
findings or whether a separate person should be responsible for each 
audit finding.

Pass-Through Entity's Responsibility for Subrecipient Audit

    Comment: A few commenters expressed concern that, unless the pass-
through entity gave the subrecipient $300,000, it would be difficult to 
determine whether the subrecipient was required to have an audit under 
the Circular. Specifically, the commenters asked for guidance on how 
the pass-through entity could determine if the subrecipient received 
other Federal awards which cumulatively added up to the $300,000 
threshold for audit.
    Response: This provision has been adopted, with no changes. There 
was no intention that this provision require the passthrough entity to 
perform extensive verification procedures to determine the total 
Federal expenditures of a subrecipient. OMB expects that, in many 
cases, the pass-through entity will have knowledge of the subrecipient 
sufficient to estimate the subrecipient's total Federal expenditures. 
Another technique would be for the pass-through entity to clearly 
explain the audit requirements to the subrecipient and then ask the 
subrecipient the amount of its total Federal expenditures.

Audit Cognizance

    Comment: Some college and university commenters expressed concern 
that the cognizant agency determination was not consistent with the 
proposed revision to OMB Circular A-21, ``Cost Principles for 
Educational Institutions'' (60 FR 7105; February 6, 1995), and could 
result in an entity having one cognizant agency for audit purposes and 
another for indirect cost rate negotiation.
    Response: The responsibilities for audit cognizance and indirect 
cost negotiation are different and, therefore, the same Federal agency 
does not need to be cognizant for both. The name for the cognizant 
agency has been changed to the cognizant agency for audit to clearly 
distinguish it from the cognizant agency for indirect cost rate 
negotiation.

Provision for Small and Minority Audit Firms

    Comment: One commenter expressed concern that the provision for 
small and minority audit firms was proposed for deletion.
    Response: As explained in the preamble to the proposed revision, 
this provision was proposed to be deleted because the requirements 
related to small and minority audit firms are more fully covered in 
Sec. ______.44(b)(4) of OMB Circular A-110, ``Uniform Requirements for 
Grants and Agreements With Institutions of Higher Education, Hospitals 
and Other Non-Profit Organizations'' (58 FR 62992; November 29, 1993). 
There was no intention to change or diminish the requirements for using 
small and minority audit firms. To ensure that these requirements 
continue to receive consideration, a provision has been added to the 
auditor selection paragraph that, whenever possible in procuring audit 
services, non-profit organizations shall make positive efforts to 
utilize small businesses, minority-owned firms, and women's business 
enterprises, as stated in OMB Circular A-110.

Restriction on Auditor Also Preparing Indirect Cost Proposal

    Comment: The preamble to the proposed revision requested comments 
on whether the auditor should also be permitted to prepare the indirect 
cost proposal (including similar documents, such as the cost allocation 
plan, or the disclosure statement required by OMB Circular A-21). All 
Federal agency commenters and most State auditor commenters cited at 
least an appearance of lack of independence when the same auditor both 
performed the audit and prepared the indirect cost proposal. One 
Federal agency commenter stated, ``In preparing the indirect cost 
proposal, the auditor is an advocate for the client before the Federal 
Government. We believe it stretches the bounds of standards for the 
auditor to be considered independent to audit this same indirect cost 
proposal for the purpose of providing assurances to the Federal 
Government.'' In contrast, CPAs and non-profit organizations did not 
see an independence problem and stated there were significant 
efficiency advantages for the same firm to both perform the audit and 
prepare the indirect cost proposal.
    Response: A provision (Sec. ______.305(b)) has been added to 
preclude the same auditor from preparing the indirect cost proposal or 
cost allocation plan when indirect costs exceeded $1 million in the 
prior year. This threshold was chosen to limit this restriction to a 
relatively small number of entities, while still protecting the Federal 
interest. The prior year was chosen because non-profit organizations 
often engage the auditor before the end of the year and at this time it 
may be unknown whether the current year's indirect costs will exceed 
the $1 million threshold. Based on available data, OMB estimates that 
entities with indirect costs exceeding $1 million cumulatively receive 
approximately 90 percent of the total indirect costs charged by non-
profit organizations.
    This restriction applies to the base year from which financial data 
is used to compute the rates even though the audit of the base year 
financial statements is often completed before the indirect cost 
proposal or cost allocation plan is prepared. The base year was 
included to enhance the appearance of independence to the Federal 
agencies which rely upon the auditor's testing of information used in 
both the calculation and application of indirect cost rates.
    The disclosure statements required by OMB Circular A-21 have been 
excluded from this restriction because the disclosure statement is new, 
many of the statements will be submitted before the effective date of 
this Circular A-133 revision, and the disclosure statements are 
expected to have a long life. Under these circumstances, it does not 
seem appropriate public policy to restrict auditors who prepared the 
original disclosure statements from performing the audit for a long 
period of time. Therefore, the disclosure statements required by OMB 
Circular A-21 have been excluded from this restriction on auditor 
selection. OMB will monitor these disclosure statements and may revisit 
this issue again at a later date.
    The implementation date for this provision is delayed two years 
until audits of fiscal years ending on or after June 30, 1999, to 
minimize any effect this provision could have on existing contracts for 
audit services. For example, an auditor that prepared an indirect cost 
proposal or cost allocation which is used as the basis for charging 
indirect costs in the fiscal year ending June 30, 1999, is not 
permitted to perform the 1999 audit.

[[Page 19138]]

Report Due Date

    Comment: Most State auditor and college and university commenters 
expressed opposition to shortening the due date for reports from 13 to 
9 months. However, most State manager and non-profit organization 
commenters supported the change. The view appeared to be that those 
receiving and relying on the reports and those currently completing the 
audit in 9 months liked the change. By contrast, it appears that those 
who were not currently completing the audit in 9 months opposed the 
change.
    Response: This proposal has been adopted, with a change. The 
provision retains the requirement in the Circular that, when the audit 
is completed earlier than the due date, the reporting package must be 
submitted within 30 days of audit report issuance.

Certification

    Comment: Comments were mixed on the certification form. Most State 
auditor and CPA commenters opposed the certification form, citing it as 
an increased burden on them to prepare and duplicative of information 
in the audit reports. Most college and university commenters supported 
the use of the certification form as a method of reducing the volume of 
paper in single audits.
    On a related issue, some State auditor and CPA commenters cited a 
possible logistical problem that the auditor would not be able to 
complete the audit report until the certification form was prepared 
(because the auditor must read the certification form and report as an 
audit finding material inconsistencies with the audit) and the 
certification form could not be prepared until the audit is completed.
    Response: The requirements for the auditor to read the 
certification form and report as an audit finding any material 
inconsistencies has not been adopted. As a preventive control to ensure 
proper distribution of audit reports, a requirement 
(Sec. ______.500(f)) has been added for the auditor to identify to the 
auditee those Federal awarding agencies and pass-through entities which 
are required to receive a copy of the reporting package. Also, a 
requirement (Sec. ______.505(b)) was added for the schedule of findings 
and questioned costs prepared by the auditor to include a summary of 
the auditor's results. This summary will facilitate preparation of the 
certification form by the auditee.

Management Letter

    Comment: Most commenters expressed concern that routinely including 
management letters as part of a public filing of the auditor's reports 
could reduce the effectiveness of management letters.
    Response: OMB agrees that it is not necessary to routinely include 
auditor's management letters as part of the report submission. 
Therefore, this provision has not been adopted. However, because 
management letters may contain information relevant to the needs of 
Federal agencies and pass-through entities to monitor Federal awards, a 
provision has been added that Federal agencies and pass-through 
entities can request a copy of management letters.

Coordinated Audit Approach

    Comment: A few commenters expressed concern that the term 
coordinated audit approach was not used in the proposed revision and 
whether the removal of this term precluded Federal auditors from 
participating in audits required by this Circular.
    Response: The proposed revision does not prohibit the participation 
of Federal auditors in audits required by the Circular, a concept 
referred to as the coordinated audit approach. This term was not 
included in the proposed revision because the definition of auditor 
clearly includes Federal audit organizations and further reference to 
the term coordinated audit approach was not considered necessary. A 
provision (Sec. ______.305(c)) has been added to clarify that Federal 
auditors may perform all or part of the work required under the 
Circular if they fully comply with the requirements of the Circular.

GOCOs and FFRDCs

    Comment: A few Federal agency and non-profit organization 
commenters expressed concern that the proposed revision did not 
specifically address Federal Government owned, contractor operated 
facilities (GOCOs) or Federally Funded Research and Development Centers 
(FFRDCs).
    Response: A provision has been added to the definition of the term 
Federal award that contracts to operate GOCOs are excluded from the 
requirements of this Circular. Also, paragraph Sec. ______.200(e) has 
been added to allow management of an auditee that owns or operates a 
FFRDC to elect to treat the FFRDC as a separate entity for purposes of 
this Circular. If the FFRDC is treated as a separate entity, the 
determination of cognizant agency for audit would be based upon this 
separate entity.

Questions and Answers on OMB Circular A-133

    Comment: In May 1992, the Standards Subcommittee of the President's 
Council on Integrity and Efficiency (PCIE) issued PCIE Position 
Statement No. 6, titled ``Questions and Answers on OMB Circular A-133'' 
(A-133 Q&A). A commenter inquired whether this document could be used 
as guidance in performing audits under the revised Circular A-133.
    Response: Since this revision makes significant changes in OMB 
Circular A-133, the May 1992 A-133 Q&A should not be used as a primary 
source of guidance for audits performed under this revision. However, 
many items in the A-133 Q&A were incorporated in this revision and the 
A-133 Q&A may be a useful historical reference of the single audit 
process. If there are significant questions concerning the revised 
Circular A-133, OMB will consider issuing a revised A-133 Q&A.

Compliance Supplements

    Comment: Some CPA and State auditor commenters expressed concern 
that Federal agencies should keep the compliance supplements current.
    Response: OMB recognizes the need for updated compliance 
supplements and is working with Federal agencies and the PCIE to 
complete this task. OMB's current plans are to issue a revised 
compliance supplement by the end of 1996.

Public Information Collection

    The revision includes an information collection requirement for 
reports from auditors concerning their audit findings to auditees 
(Sec. ______.235(b)(4), Sec. ______.505, and Sec. ______.510) and 
reports from auditees to the Federal Government concerning these report 
(Sec. ______.235(c) and Sec. ______.320). OMB requested comments on the 
proposed information collection described in the Circular in a April 1, 
1996 Federal Register notice (61 FR 14338) in accordance with the 
Paperwork Reduction Act of 1995 (44 U.S.C. Chapter 35 et seq). The 
proposed information collection requirement will not be effective until 
another notice is published in the Federal Register. The subsequent 
notice will provide the effective date and the OMB control number.
Alice M. Rivlin,
Director.
April 22, 1996.

Circular No. A-133, Revised

TO THE HEADS OF EXECUTIVE DEPARTMENTS AND ESTABLISHMENTS

[[Page 19139]]

SUBJECT: Audits of Institutions of Higher Education and Other Non-
Profit Institutions

    1. Purpose. This Circular sets forth standards for obtaining 
consistency and uniformity among Federal agencies for the audit of non-
profit organizations expending Federal awards.
    2. Authority. Circular A-133 is issued under the authority of 
sections 503 and 1111 of title 31, United States Code, and Executive 
Orders 8248 and 11541.
    3. Supersession. This Circular supersedes the prior Circular A-133, 
issued March 8, 1990. For effective dates, see paragraph 10.
    4. Policy. Except as provided herein, the standards set forth in 
this Circular shall be applied by all Federal agencies. If any statute 
specifically prescribes policies or specific requirements that differ 
from the standards provided herein, the provisions of the statute shall 
govern.
    Federal agencies shall apply the provisions of the sections of this 
Circular to non-profit organizations, whether they are recipients 
expending Federal awards received directly from Federal awarding 
agencies, or are subrecipients expending Federal awards received from a 
pass-through entity (a recipient or another subrecipient). Therefore, 
whereas this Circular does not apply to grants, contracts, or other 
agreements between the Federal Government and State or local 
governments (which are covered by Circular A-128, ``Audits of State and 
Local Governments''), this Circular does apply to awards that State and 
local governments make to non-profit organizations covered by this 
Circular. This Circular does not apply to public institutions of higher 
education and hospitals which are audited under Office of Management 
and Budget (OMB) Circular A-128.
    This Circular does not apply to non-U.S. based entities expending 
Federal awards received either directly as a recipient or indirectly as 
a subrecipient.
    5. Definitions. The definitions of key terms used in this Circular 
are contained in Sec. ______.105 in the Attachment to this Circular.
    6. Required Action. The specific requirements and responsibilities 
of Federal agencies and non-profit organizations are set forth in the 
Attachment to this Circular. Federal agencies making awards to non-
profit organizations, either directly or indirectly, shall adopt the 
language in the Circular in codified regulations not later than 
November 30, 1996, unless different provisions are required by Federal 
statute or are approved by OMB.
    7. OMB Responsibilities. OMB will review Federal agency regulations 
and implementation of this Circular, and will provide interpretations 
of policy requirements and assistance to ensure effective and efficient 
implementation.
    8. Information Contact. Further information concerning Circular A-
133 may be obtained by contacting the Financial Standards and Reporting 
Branch, Office of Federal Financial Management, Office of Management 
and Budget, Washington, DC 20503, telephone (202) 395-3993.
    9. Termination Review Date. This Circular will have a policy review 
three years from the date of issuance.
    10. Effective Dates. The standards set forth in Sec. ______.400 of 
the Attachment to this Circular, which apply directly to Federal 
agencies, shall be effective July 1, 1996, and shall apply to audits of 
fiscal years ending on or after June 30, 1997.
    The standards set forth in this Circular that Federal agencies are 
to apply to non-profit organizations shall be adopted by Federal 
agencies in codified regulations not later than November 30, 1996, so 
that they will apply to audits of fiscal years ending on or after June 
30, 1997, with the exception that Sec. ______.305(b) of the Attachment 
applies to audits of fiscal years ending on or after June 30, 1999. In 
the interim period, until the standards in this Circular are adopted 
and become applicable, the audit provisions of Circular A-133, issued 
March 8, 1990, shall continue in effect.
Alice M. Rivlin,
Director.
Attachment

PART____--AUDITS OF INSTITUTIONS OF HIGHER EDUCATION AND OTHER NON-
PROFIT INSTITUTIONS

Subpart A--General

Sec.
____.100  Purpose.
____.105  Definitions.

Subpart B--Audits

____.200  Audit requirements.
____.205  Basis for determining Federal awards expended.
____.210  Subrecipient and vendor determinations.
____.215  Relation to other audit requirements.
____.220  Frequency of audits.
____.225  Sanctions.
____.230  Audit costs.
____.235  Program-specific audits.

Subpart C--Auditees

____.300  Auditee responsibilities.
____.305  Auditor selection.
____.310  Financial statements.
____.315  Audit findings follow-up.
____.320  Report submission.

Subpart D--Federal Agencies and Pass-Through Entities

____.400  Responsibilities.
____.405  Management decision.

Subpart E--Auditors

____.500  Scope of audit.
____.505  Audit reporting.
____.510  Audit findings.
____.515  Audit working papers.
____.520  Major program determination.
____.525  Criteria for Federal program risk.
____.530  Criteria for a low-risk auditee.

    Authority: [Each Federal agency should insert its own rule 
making authority using appropriate United States Code citations.]

Subpart A--General


Sec. ______.100  Purpose.

    This part sets forth standards for obtaining consistency and 
uniformity among Federal agencies for the audit of non-profit 
organizations expending Federal awards.


Sec. ______.105  Definitions.

    Auditee means any organization that expends Federal awards which 
must be audited under this part.
    Auditor means an auditor, that is a public accountant or a Federal, 
State or local government audit organization, which meets the general 
standards specified in generally accepted government auditing standards 
(GAGAS). The term auditor does not include internal auditors of non-
profit organizations.
    Audit finding means deficiencies which the auditor is required by 
Sec. ______.510(a) to report in the schedule of findings and questioned 
costs.
    CFDA number means the number assigned to a Federal program in the 
Catalog of Federal Domestic Assistance (CFDA).
    Cluster of programs means Federal programs with different CFDA 
numbers that are defined as a cluster of programs in the compliance 
supplements because they are closely related programs and share common 
compliance requirements. A cluster of programs shall be considered as 
one program for determining major programs, as described in 
Sec. ______.520, and whether a program-specific audit may be elected 
under Sec. ______.200(c).
    Cognizant agency for audit means the Federal agency designated to 
carry out the responsibilities described in Sec. ______.400(a).
    Compliance supplements refers to the Compliance Supplement for 
Audits of Institutions of Higher Learning and Other Non-Profit 
Institutions and the Compliance Supplement for Single

[[Page 19140]]

Audits of State and Local Governments or such documents as the Office 
of Management and Budget (OMB) or its designee may issue to replace 
them. These documents are available from the Government Printing 
Office, Superintendent of Documents, P.O. Box 371954, Pittsburgh, PA 
15250-7954, telephone (202) 512-1800.
    Corrective action means action taken by the auditee that:
    (1) Corrects identified deficiencies;
    (2) Produces recommended improvements; or
    (3) Demonstrates that audit findings are either invalid or do not 
warrant auditee action.
    Federal agency has the same meaning as the term agency in Section 
551(1) of title 5, United States Code.
    Federal award means Federal financial assistance and Federal cost-
reimbursement contracts. It includes Federal awards made directly by 
Federal awarding agencies or indirectly by recipients of Federal awards 
or subrecipients. It does not include procurement contracts, under 
grants or contracts, used to buy goods or services from vendors. Any 
audits of such vendors shall be covered by the terms and conditions of 
the contract. Contracts to operate Federal Government owned, contractor 
operated facilities (GOCOs) are excluded from the requirements of this 
part.
    Federal awarding agency means the Federal agency that provides an 
award directly to the recipient.
    Federal financial assistance means assistance received or 
administered to carry out a program. Such assistance may be in the form 
of grants, cooperative agreements, donated surplus property, food 
commodities, loans, loan guarantees, property, interest subsidies, 
insurance, direct appropriations, and other assistance.
    Federal program means:
    (1) All Federal awards under the same CFDA number. When no CFDA 
number is assigned, all Federal awards from the same agency made for 
the same purpose should be combined and considered one program. State 
governments may combine funding from different Federal awards in 
providing assistance to their subrecipients when the awards are closely 
related programs and share common compliance requirements. In this 
case, the State government may require the subrecipient to treat the 
combined Federal awards as a single program.
    (2) A category of Federal awards which is a group of awards in the 
categories of:
    (i) Research and development;
    (ii) Student financial aid; or
    (iii) Cluster of programs.
    GAGAS means generally accepted government auditing standards issued 
by the Comptroller General of the United States, which are applicable 
to financial audits.
    Generally accepted accounting principles has the meaning specified 
in generally accepted auditing standards issued by the American 
Institute of Certified Public Accountants (AICPA).
    Internal control has the meaning specified in generally accepted 
auditing standards issued by the AICPA.
    Internal control over Federal programs means a process--effected by 
an entity's management and other personnel--designed to provide 
reasonable assurance regarding the achievement of the following 
objectives for Federal programs:
    (1) Transactions are properly recorded and accounted for to:
    (i) Permit the preparation of reliable financial statements and 
Federal reports;
    (ii) Maintain accountability over assets; and
    (iii) Demonstrate compliance with laws, regulations, and other 
compliance requirements;
    (2) Transactions are executed in compliance with:
    (i) Laws, regulations, and the provisions of contracts or grant 
agreements that could have a direct and material effect on a Federal 
program; and
    (ii) Any other laws and regulations that are identified in the 
compliance supplements; and
    (3) Funds, property, and other assets are safeguarded against loss 
from unauthorized use or disposition.
    Loan means a Federal loan or loan guarantee received or 
administered by a non-profit organization.
    Major program means a Federal program determined by the auditor to 
be a major program in accordance with Sec. ______.520 or a program 
identified as a major program by a Federal agency or pass-through 
entity in accordance with Sec. ______.215(c).
    Management decision means the evaluation by the Federal awarding 
agency or pass-through entity of the audit findings and corrective 
action plan and the issuance of a written decision as to what 
corrective action is necessary.
    Non-profit organization means: (1) any corporation, trust, 
association, cooperative, or other organization which:
    (i) Is operated primarily for scientific, educational, service, 
charitable, or similar purposes in the public interest;
    (ii) Is not organized primarily for profit; and
    (iii) Uses its net proceeds to maintain, improve, or expand its 
operations; and
    (2) The term non-profit organization includes both non-profit 
institutions of higher education and hospitals, and public institutions 
of higher education and hospitals that are not audited in accordance 
with Circular A-128, ``Audits of State and Local Governments'' 
(Available from Office of Administration, Publications Office, room 
2200, New Executive Office Building, Washington, DC 20503; telephone 
(202) 395-7332).
    OMB means the Executive Office of the President, Office of 
Management and Budget.
    Oversight agency for audit means the Federal awarding agency that 
provides the predominant amount of direct funding to a recipient not 
assigned a cognizant agency for audit. When there is no direct funding, 
the Federal agency with the predominant indirect funding shall assume 
the oversight responsibilities. The duties of the oversight agency for 
audit are described in Sec. ______.400(b).
    Pass-through entity means a non-profit organization or other entity 
that provides a Federal award to a subrecipient.
    Program-specific audit means an audit of one Federal program as 
provided for in Sec. ______.200(c) and Sec. ______.235.
    Questioned cost means a cost that is questioned by the auditor 
because of an audit finding:
    (1) Which resulted from a possible violation of a provision of a 
law, regulation, contract, grant, cooperative agreement, or other 
agreement or document governing the use of Federal funds, including 
funds used to match Federal funds;
    (2) Where the costs, at the time of the audit, are not supported by 
adequate documentation; or
    (3) Where the costs incurred appear unreasonable and do not reflect 
the actions a prudent person would take in the circumstances.
    Recipient means a non-profit organization that expends Federal 
awards received directly from a Federal awarding agency to carry out a 
Federal program.
    Research and development (R&D) means all research activities, both 
basic and applied, and all development activities that are performed by 
a non-profit organization. Research is defined as a systematic study 
directed toward fuller scientific knowledge or understanding of the 
subject studied. The term research also includes activities involving 
the training of individuals in research techniques

[[Page 19141]]

where such activities utilize the same facilities as other research and 
development activities and where such activities are not included in 
the instruction function. Development is the systematic use of 
knowledge and understanding gained from research directed toward the 
production of useful materials, devices, systems, or methods, including 
design and development of prototypes and processes.
    Single audit means an audit which includes both the entity's 
financial statements and the Federal awards as described in 
Sec. ______.500.
    Student Financial Aid (SFA) includes those programs of general 
student assistance, such as those authorized by Title IV of the Higher 
Education Act of 1965, as amended, (20 U.S.C. 1070 et seq.) which is 
administered by the U.S. Department of Education, and similar programs 
provided by other Federal agencies. It does not include programs which 
provide fellowships or similar Federal awards to students on a 
competitive basis, or for specified studies or research.
    Subrecipient means the entity that expends Federal awards received 
from a pass-through entity to carry out a Federal program, but does not 
include an individual that is a beneficiary of such a program. A 
subrecipient may also be a recipient of other Federal awards directly 
from a Federal awarding agency. Guidance on distinguishing between a 
subrecipient and a vendor is provided in Sec. ______.210.
    Types of compliance requirements refers to the types of compliance 
requirements listed in the compliance supplements. Examples include 
cash management, Federal financial reporting, allowable costs/cost 
principles, types of services allowed or unallowed, eligibility, and 
matching.
    Vendor means a dealer, distributor, merchant, or other seller 
providing goods or services that are required for the conduct of a 
Federal program. These goods or services may be for an organization's 
own use or for the use of beneficiaries of the Federal program. 
Additional guidance on distinguishing between a subrecipient and a 
vendor is provided in Sec. ______.210.

Subpart B--Audits


Sec. ______.200  Audit requirements.

    (a) Audit required. Non-profit organizations that expend $300,000 
or more in a year in Federal awards shall have a single or program-
specific audit conducted for that year in accordance with the 
provisions of this part. Guidance on determining Federal awards 
expended is provided in Sec. ______.205.
    (b) Single audit. Non-profit organizations that expend $300,000 or 
more in a year in Federal awards shall have a single audit conducted in 
accordance with Sec. ______.500 except when they elect to have a 
program-specific audit conducted in accordance with paragraph (c) of 
this section.
    (c) Program-specific audit election. When an auditee expends 
Federal awards under only one Federal program (excluding R&D) and the 
Federal program's laws, regulations, or grant agreements do not require 
a financial statement audit of the auditee, the auditee may elect to 
have a program-specific audit conducted in accordance with 
Sec. ______.235. A program-specific audit may not be elected for R&D 
unless all expenditures are for Federal awards received from the same 
Federal agency, or the same Federal agency and the same pass-through 
entity, and that Federal agency, or pass-through entity in the case of 
a subrecipient, approves in advance a program-specific audit.
    (d) Exemption when expenditures are less than $300,000. Non-profit 
organizations that expend less than $300,000 a year in Federal awards 
are exempt from Federal audit requirements for that year, except as 
noted in Sec. ______.215(a), but records must be available for review 
or audit by appropriate officials of the Federal agency, pass-through 
entity, and General Accounting Office (GAO).
    (e) Federally Funded Research and Development Centers (FFRDC). 
Management of an auditee that owns or operates a FFRDC may elect to 
treat the FFRDC as a separate entity for purposes of this part.


Sec. ______.205  Basis for determining Federal awards expended.

    (a) Determining Federal awards expended. The determination of when 
an award is expended should be based on when the activity related to 
the award occurs. Generally, the activity pertains to events that 
require the non-profit organization to comply with laws, regulations, 
and the provisions of contracts or grant agreements, such as: 
expenditure/expense transactions associated with grants, cost-
reimbursement contracts, cooperative agreements, and direct 
appropriations; the disbursement of funds passed through to 
subrecipients; the use of loan proceeds under loan and loan guarantee 
programs; the receipt of property; the receipt of surplus property; the 
receipt or use of program income; the distribution or consumption of 
food commodities; the disbursement of amounts entitling the non-profit 
organization to an interest subsidy; and, the period when insurance is 
in force.
    (b) Loan and loan guarantees (loans). Since the Federal Government 
is at risk for loans until the debt is repaid, the following guidelines 
shall be used to calculate the value of Federal awards expended under 
loan programs, except as noted in paragraphs (c) and (d) of this 
section:
    (1) Value of new loans made or received during the fiscal year; 
plus
    (2) Balance of loans from previous years for which the Federal 
Government imposes continuing compliance requirements; plus
    (3) Any interest subsidy, cash, or administrative cost allowance 
received.
    (c) Loan and loan guarantees (loans) at institutions of higher 
education. When loans are made to students of an institution of higher 
education but the institution does not make the loans, then only the 
value of loans made during the year shall be considered Federal awards 
expended in that year. The balance of loans for previous years is not 
included as Federal awards expended because the lender accounts for the 
prior balances.
    (d) Prior loan and loan guarantees (loans). Loans, the proceeds of 
which were received and expended in prior-years, are not considered 
Federal awards expended under this part when the laws, regulations, and 
the provisions of contracts or grant agreements pertaining to such 
loans impose no continuing compliance requirements other than to repay 
the loans.
    (e) Endowment funds. The cumulative balance of Federal awards for 
endowment funds which are federally restricted are considered awards 
expended in each year in which the funds are still restricted.
    (f) Free rent. Free rent received by itself is not considered an 
award expended under this part. However, free rent received as part of 
an award to carry out a Federal program shall be included in 
determining Federal awards expended and subject to audit under this 
part.
    (g) Valuing non-cash assistance. Federal non-cash assistance, such 
as free rent, food stamps, food commodities, donated property, or 
donated surplus property, shall be valued at fair market value at the 
time of receipt or the assessed value provided by the Federal agency.
    (h) Medicare. Medicare payments to a non-profit organization for 
providing patient care services to Medicare eligible individuals are 
not considered Federal awards expended under this part.

[[Page 19142]]

    (i) Medicaid. Medicaid payments to a non-profit organization for 
providing patient care services to Medicaid eligible individuals are 
not considered Federal awards expended under this part unless a State 
requires the funds to be treated as Federal awards expended because 
reimbursement is on a cost-reimbursement basis.


Sec. ______.210  Subrecipient and vendor determinations.

    (a) General. An auditee may be a recipient, a subrecipient, and a 
vendor. Federal awards expended as a recipient or a subrecipient would 
be subject to audit under this part. The payments received for goods or 
services provided as a vendor would not be considered Federal awards. 
The guidance in paragraphs (b) and (c) of this section should be 
considered in determining whether payments constitute a Federal award 
or a payment for goods and services.
    (b) Federal award. Characteristics indicative of a Federal award 
received by a subrecipient are when the organization:
    (1) Determines who is eligible to receive what Federal financial 
assistance;
    (2) Has its performance measured against whether the objectives of 
the Federal program are met;
    (3) Has responsibility for programmatic decision making;
    (4) Has responsibility for adherence to applicable Federal program 
compliance requirements; and
    (5) Uses the Federal funds to carry out a program of the 
organization as compared to providing goods or services for a program 
of the pass-through entity.
    (c) Payment for goods and services. Characteristics indicative of a 
payment for goods and services received by a vendor are when the 
organization:
    (1) Provides the goods and services within normal business 
operations;
    (2) Provides similar goods or services to many different 
purchasers;
    (3) Operates in a competitive environment;
    (4) Provides goods or services that are ancillary to the operation 
of the Federal program; and
    (5) Is not subject to compliance requirements of the Federal 
program.
    (d) Use of judgment in making determination. There may be unusual 
circumstances or exceptions to the listed characteristics. In making 
the determination of whether a subrecipient or vendor relationship 
exists, the substance of the relationship is more important than the 
form of the agreement. It is not expected that all of the 
characteristics will be present and judgment should be used in 
determining whether an entity is a subrecipient or vendor.
    (e) For-profit subrecipient. Since this part does not apply to for-
profit subrecipients, the pass-through entity is responsible for 
establishing requirements, as necessary, to ensure compliance by for-
profit subrecipients. The contract with the for-profit subrecipient 
should describe applicable compliance requirements and the for-profit 
subrecipient's compliance responsibility. Methods to ensure compliance 
for Federal awards made to for-profit subrecipients may include pre-
award audits, monitoring during the contract, and post-award audits.
    (f) Compliance responsibility for vendors. In most cases, the 
auditee's compliance responsibility for vendors is only to ensure that 
the procurement, receipt, and payment for goods and services comply 
with laws, regulations, and the provisions of contracts or grant 
agreements. Program compliance requirements normally do not pass 
through to vendors. However, the auditee is responsible for ensuring 
compliance for vendor transactions which are structured such that the 
vendor is responsible for program compliance or the vendor's records 
must be reviewed to determine program compliance. Also, when these 
vendor transactions relate to a major program, the scope of the audit 
shall include determining whether these transactions are in compliance 
with laws, regulations, and the provisions of contracts or grant 
agreements.


Sec. ______.215  Relation to other audit requirements.

    (a) Audit under this part in lieu of other audits. An audit made in 
accordance with this part shall be in lieu of any financial audit 
required under individual Federal awards. To the extent this audit 
meets a Federal agency's needs, it shall rely upon and use such audits. 
The provisions of this part neither limit the authority of Federal 
agencies, including their Inspectors General, or GAO to conduct or 
arrange for additional audits (e.g., financial audits, performance 
audits, evaluations, inspections, or reviews) nor authorize any auditee 
to constrain Federal agencies from carrying out additional audits. Any 
additional audits shall be planned and performed in such a way as to 
build upon work performed by other auditors.
    (b) Federal agency to pay for additional audits. A Federal agency 
that conducts or contracts for additional audits shall, consistent with 
other applicable laws and regulations, arrange for funding the cost of 
such additional audits.
    (c) Request for a program to be audited as a major program. A 
Federal agency may request an auditee to have a particular Federal 
program audited as a major program in lieu of the Federal agency 
conducting or arranging for the additional audits. To allow for 
planning, such requests should be made at least 180 days prior to the 
end of the fiscal year to be audited. The auditee, after consultation 
with its auditor, should promptly respond to such request by informing 
the Federal agency whether the program would otherwise be audited as a 
major program using the risk-based audit approach described in 
Sec. ______.520 and, if not, the estimated incremental cost. The 
Federal agency shall then promptly confirm to the auditee whether it 
wants the program audited as a major program. If the program is to be 
audited as a major program based upon this Federal agency request, and 
the Federal agency agrees to pay the full incremental costs, then the 
auditee shall have the program audited as a major program. A pass-
through entity may use the provisions of this paragraph for a 
subrecipient.


Sec. ______.220  Frequency of audits.

    Audits required by this part shall be performed annually. However, 
a Federal agency or pass-through entity may allow an auditee that 
elects a program-specific audit under Sec. ______.200(c) to perform the 
audit every two years. Two-year audits must cover both years.


Sec. ______.225  Sanctions.

    No audit costs may be charged to Federal awards when audits 
required by this part have not been made or have been made but not in 
accordance with this part. In cases of continued inability or 
unwillingness to have an audit conducted in accordance with this part, 
Federal agencies and pass-through entities shall take appropriate 
action using sanctions such as:
    (a) Withholding a percentage of Federal awards until the audit is 
completed satisfactorily;
    (b) Withholding or disallowing overhead costs;
    (c) Suspending Federal awards until the audit is conducted; or
    (d) Terminating the Federal award.


Sec. ______.230  Audit costs.

    Unless prohibited by law, the cost of audits made in accordance 
with the provisions of this part are allowable charges to Federal 
awards. The charges may be considered a direct cost or an allocated 
indirect cost, as determined in accordance with the provisions of

[[Page 19143]]

applicable OMB cost principles circulars, Federal Acquisition 
Regulation (48 CFR part 31), or other applicable cost principles or 
regulations.


Sec. ______.235  Program-specific audits.

    (a) Program-specific audit guide available. In many cases, a 
program-specific audit guide will be available to provide specific 
guidance to the auditor with respect to internal control, compliance 
requirements, suggested audit procedures, and audit reporting 
requirements. The auditor should contact the Office of Inspector 
General of the Federal agency to determine whether such a guide is 
available. When a current program-specific audit guide is available, 
the auditor shall follow GAGAS and the guide when performing a program-
specific audit.
    (b) Program-specific audit guide not available. (1) When a program-
specific audit guide is not available, the auditee and auditor shall 
have basically the same responsibilities for the Federal program as 
they would have for an audit of a major program in a single audit.
    (2) The auditee shall prepare the financial statement(s) for the 
Federal program that includes, at a minimum, a schedule of the Federal 
program's expenditures and notes that describe the significant 
accounting policies used in preparing the schedule, a summary schedule 
of prior audit findings consistent with the requirements of 
Sec. ______.315(b), and a corrective action plan consistent with the 
requirements of Sec. ______.315(c).
    (3) The auditor shall:
    (i) Perform an audit of the financial statement(s) for the Federal 
program in accordance with GAGAS;
    (ii) Obtain an understanding of internal control and perform tests 
of internal control over the Federal program consistent with the 
requirements of Sec. ______.500(c) for a major program;
    (iii) Perform procedures to determine whether the auditee has 
complied with laws, regulations, and the provisions of contracts or 
grant agreements that could have a direct and material effect on the 
Federal program consistent with the requirements of Sec. ______.500(d) 
for a major program; and
    (iv) Follow up on prior audit findings, perform procedures to 
assess the reasonableness of the summary schedule of prior audit 
findings prepared by the auditee, and report, as a current year audit 
finding, when the auditor concludes that the summary schedule of prior 
audit findings materially misrepresents the status of any prior audit 
finding in accordance with the requirements of Sec. ______.500(e).
    (4) The auditor's report(s) may be in the form of either combined 
or separate reports and may be organized differently from the manner 
presented in this section. The auditor's report(s) shall state that the 
audit was conducted in accordance with this part and include the 
following:
    (i) An opinion (or disclaimer of opinion) as to whether the 
financial statement(s) of the Federal program is presented fairly in 
all material respects in accordance with the stated accounting 
policies;
    (ii) A report on internal control related to the Federal program, 
which shall describe the scope of testing of internal control and the 
results of the tests;
    (iii) A report on compliance which includes an opinion (or 
disclaimer of opinion) as to whether the auditee complied with laws, 
regulations, and the provisions of contracts or grant agreements which 
could have a direct and material effect on the Federal program; and
    (iv) A schedule of findings and questioned costs for the Federal 
program that is consistent with the requirements of 
Sec. ______.505(a)(4) and includes a summary of the auditor's results 
applicable to the audit of the Federal program and in a format 
consistent with Sec. ______.505(b).
    (c) Report submission for program-specific audits. (1) The audit 
shall be completed and the reporting required by paragraph (c)(2) or 
(c)(3) of this section submitted within nine months after the end of 
the audit period, unless a longer period is agreed to in advance by the 
Federal agency that provided the funding or a different period is 
specified in a program-specific audit guide. Also, this required 
reporting shall be submitted within 30 days after the issuance of the 
auditor's report(s) to the auditee. Unless restricted by law or 
regulation, the auditee shall make report copies available for public 
inspection.
    (2) When a program-specific audit guide is available, the auditee 
shall submit to the central clearinghouse designated by OMB one copy of 
the certification prepared in accordance with Sec. ______.320(b), as 
applicable to a program-specific audit, and the reporting required by 
the program-specific audit guide to be retained as an archival copy. 
Also, the auditee shall submit to the Federal awarding agency or pass-
through entity the reporting required by the program-specific audit 
guide.
    (3) When a program-specific audit guide is not available, the 
reporting package for a program-specific audit shall consist of the 
certification prepared in accordance with Sec. ______.320(b), as 
applicable to a program-specific audit, the financial statement(s) of 
the Federal program, a summary schedule of prior audit findings, and a 
corrective action plan as described in paragraph (b)(2) of this 
section, and the auditor's report(s) described in paragraph (b)(4) of 
this section. One copy of this reporting package shall be submitted to 
the central clearinghouse designated by OMB to be retained as an 
archival copy. Also, when the schedule of findings and questioned costs 
disclosed audit findings or the summary schedule of prior audit 
findings reported the status of any audit findings, the auditee shall 
submit one copy of the reporting package to the central clearinghouse 
on behalf of the Federal awarding agency, or directly to the pass-
through entity in the case of a subrecipient.
    (d) Other sections of this part may apply. Program-specific audits 
are subject to Sec. ______.100 through Sec. ______.215(b), 
Sec. ______.220 through Sec. ______.230, Sec. ______.300 through 
Sec. ______.305, Sec. ______.315, Sec. ______.320(f) through 
Sec. ______.320(j), Sec. ______.400 through Sec. ______.405, 
Sec. ______.510 through Sec. ______.515, and other referenced 
provisions of this part unless contrary to the provisions of this 
section, a program-specific audit guide, or program laws and 
regulations.

Subpart C--Auditees


Sec. ______.300  Auditee responsibilities.

    The auditee shall:
    (a) Identify, in its accounts, all Federal awards received and 
expended and the Federal programs under which they were received. 
Federal program and award identification shall include, as applicable, 
the CFDA title and number, award number and year, name of the Federal 
agency, and name of the pass-through entity.
    (b) Maintain internal control over Federal programs that provides 
reasonable assurance that the auditee is managing Federal awards in 
compliance with laws, regulations, and the provisions of contracts or 
grant agreements that could have a material effect on each of its 
Federal programs.
    (c) Comply with laws, regulations, and the provisions of contracts 
or grant agreements related to each of its Federal programs.
    (d) Prepare appropriate financial statements, including the 
schedule of expenditures of Federal awards in accordance with 
Sec. ______.310.

[[Page 19144]]

    (e) Ensure that the audits required by this part are properly 
performed and submitted when due. When extensions to the report 
submission due date required by Sec. ______.320(a) are granted by the 
cognizant or oversight agency for audit, promptly notify the central 
clearinghouse designated by OMB and each pass-through entity providing 
Federal awards of the extension.
    (f) Follow up and take corrective action on audit findings, 
including preparation of a summary schedule of prior audit findings and 
a corrective action plan in accordance with Sec. ______.315(b) and 
Sec. ______.315(c), respectively.


Sec. ______.305  Auditor selection.

    (a) Auditor procurement. In arranging for audit services, auditees 
shall follow the procurement standards prescribed by Circular A-110, 
``Uniform Requirements for Grants and Agreements with Institutions of 
Higher Education, Hospitals and Other Non-Profit Organizations,'' or 
the Federal Acquisition Regulation (48 CFR part 42), as applicable. 
(Circular available from Office of Administration, Publications Office, 
room 2200, New Executive Office Building, Washington, DC 20503; 
telephone (202) 395-7332.) Whenever possible, auditees shall make 
positive efforts to utilize small businesses, minority-owned firms, and 
women's business enterprises, in procuring audit services as stated in 
OMB Circular A-110 or the Federal Acquisition Regulation (48 CFR part 
42), as applicable. In requesting proposals for audit services, the 
objectives and scope of the audit should be made clear. Factors to be 
considered in evaluating each proposal for audit services include the 
responsiveness to the request for proposal, relevant experience, 
availability of staff with professional qualifications and technical 
abilities, the results of external quality control reviews, and price.
    (b) Restriction on auditor preparing indirect cost proposals. An 
auditor who prepares the indirect cost proposal or cost allocation plan 
may not also be selected to perform the audit required by this part 
when the indirect costs recovered by the auditee during the prior year 
exceeded $1 million. This restriction applies to the base year used in 
the preparation of the indirect cost proposal or cost allocation plan 
and any subsequent years in which the resulting indirect cost agreement 
or cost allocation plan is used to recover costs. To minimize any 
disruption in existing contracts for audit services, this paragraph 
applies to audits of fiscal years ending on or after June 30, 1999.
    (c) Use of Federal auditors. Federal auditors may perform all or 
part of the work required under this part if they comply fully with the 
requirements of this part.


Sec. ______.310  Financial statements.

    (a) Financial statements. The auditee shall prepare financial 
statements that reflect its financial position, results of operations, 
and, where appropriate, cash flows for the fiscal year audited. The 
financial statements shall be for the same organizational unit and 
fiscal year that is chosen to meet the requirements of this part.
    (b) Schedule of expenditures of Federal awards. The auditee shall 
also prepare a schedule of expenditures of Federal awards for the 
period covered by the auditee's financial statements. While not 
required, it is appropriate for the auditee to provide information 
requested to make the schedule easier to use by Federal awarding 
agencies and pass-through entities. For example, when a Federal program 
has multiple award years, the auditee may list the amount of each award 
year separately. At a minimum, the schedule shall:
    (1) List individual Federal programs by Federal agency and major 
subdivision within a Federal agency. For Federal awards received as a 
subrecipient, the name of the pass-through entity and identifying 
number assigned by the pass-through entity shall be included.
    (2) Provide total expenditures for each individual Federal program 
and the CFDA number or other identifying number when the CFDA 
information is not available.
    (3) Identify major programs.
    (4) Include notes that describe the significant accounting policies 
used in preparing the schedule and identify in the notes the dollar 
threshold used to distinguish between Type A and Type B programs, as 
described in Sec. ______.520(b).
    (5) To the extent practical, pass-through entities should identify 
in the schedule the total amount provided to subrecipients from each 
Type A program and from each Type B program which is audited as a major 
program.
    (6) List individual Federal awards within a category of Federal 
awards. However, when it is not practical to list each individual 
Federal award for R&D, total expenditures shall be shown by Federal 
agency and major subdivision within the Federal agency. For example, 
the National Institutes of Health is a major subdivision in the 
Department of Health and Human Services.
    (7) Include, in either the schedule or a note to the schedule, the 
value of non-cash assistance expended, insurance in effect during the 
year, and loans or loan guarantees outstanding at year end.


Sec. ______.315  Audit findings follow-up.

    (a) General. The auditee is responsible for follow-up and 
corrective action on all audit findings. As part of this 
responsibility, the auditee shall prepare a summary schedule of prior 
audit findings. The auditee shall also prepare a corrective action plan 
for current year audit findings. The summary schedule of prior audit 
findings and the corrective action plan shall include the reference 
numbers the auditor assigns to audit findings under Sec. ______.510(c). 
Since the summary schedule may include audit findings from multiple 
years, it shall include the fiscal year in which the finding initially 
occurred.
    (b) Summary schedule of prior audit findings. The summary schedule 
of prior audit findings shall report the status of all audit findings 
included in the prior audit's schedule of findings and questioned 
costs. The summary schedule shall also include audit findings reported 
in the prior audit's summary schedule of prior audit findings except 
audit findings listed as corrected in accordance with paragraph (b)(1), 
or no longer valid or not warranting further action in accordance with 
paragraph (b)(4) of this section.
    (1) When audit findings were fully corrected, the summary schedule 
need only list the audit findings and state that corrective action was 
taken.
    (2) When audit findings were not corrected or were only partially 
corrected, the summary schedule shall describe the planned corrective 
action as well as any partial corrective action taken.
    (3) When corrective action taken is significantly different from 
corrective action previously reported in a corrective action plan or in 
the Federal agency's or pass-through entity's management decision, the 
summary schedule shall provide an explanation.
    (4) When the auditee believes the audit findings are no longer 
valid or do not warrant further action, the reasons for this position 
shall be described in the summary schedule. A valid reason for 
considering an audit finding as not warranting further action is that 
all of the following have occurred:
    (i) Two years have passed since the audit report in which the 
finding occurred was submitted to the central clearinghouse;
    (ii) The Federal agency or pass-through entity is not currently 
following up with the auditee on the audit finding; and

[[Page 19145]]

    (iii) A management decision was not issued.
    (c) Corrective action plan. At the completion of the audit, the 
auditee shall prepare a corrective action plan to address each audit 
finding included in the current year auditor's reports. The corrective 
action plan shall provide the name(s) of the contact person(s) 
responsible for corrective action, the corrective action planned, and 
the anticipated completion date. If the auditee does not agree with the 
audit findings or believes corrective action is not required, then the 
corrective action plan shall include an explanation and specific 
reasons.


Sec. ______.320  Report submission.

    (a) General. The audit shall be completed and the reporting package 
described in paragraph (c) of this section submitted within nine months 
after the end of the audit period, unless a longer period is agreed to 
in advance by the cognizant or oversight agency for audit. Also, the 
reporting package shall be submitted within 30 days after issuance of 
the auditor's report(s) to the auditee. Unless restricted by law or 
regulation, the auditee shall make copies available for public 
inspection.
    (b) Certification. The auditee shall complete a certification form 
which states whether the audit was completed in accordance with this 
part and provides information about the auditee, its Federal programs, 
and the results of the audit. The form shall be approved by OMB, 
available from the central clearinghouse designated by OMB, include 
data elements similar to those presented in this paragraph, and use a 
machine-readable format. The auditee's chief executive officer or chief 
financial officer shall sign a statement that the information on the 
form is accurate and complete as follows:

Certificate of Audit

    This is to certify that, to the best of my knowledge and belief, 
the [specify name of the auditee] has: (1) engaged an auditor to 
perform an audit in accordance with the provisions of OMB Circular 
A-133 for the [specify number] months ended [specify date]; (2) the 
auditor has completed such audit and presented a signed audit report 
which states that the audit was conducted in accordance with the 
provisions of the Circular; and, (3) the information on the attached 
form accurately and completely reflects the results of this audit, 
as presented in the auditor's report. I declare that the foregoing 
is true and correct.

Attachment to Certificate

Information Accompanying Certificate of Audit

    1. The type of report the auditor issued on the financial 
statements of the auditee (i.e., unqualified opinion, qualified 
opinion, adverse opinion, or disclaimer of opinion).
    2. A yes or no statement as to whether the auditor's report on 
the financial statements indicated that the auditor has substantial 
doubt about the auditee's ability to continue as a going concern.
    3. The type of report the auditor issued on compliance for major 
programs (i.e., unqualified opinion, qualified opinion, adverse 
opinion, or disclaimer of opinion).
    4. A list of the Federal awarding agencies and pass-through 
entities which will receive a copy of the reporting package pursuant 
to Sec. ______.320(d)(2) and Sec. ______.320(e)(2) of OMB Circular 
A-133. An explanation should be provided if this list is different 
from the communication the auditor provides to the auditee under 
Sec. ______.500(f) of OMB Circular A-133.
    5. A yes or no statement as to whether the auditee qualified as 
a low-risk auditee under Sec. ______.530 of OMB Circular A-133.
    6. The dollar threshold used to distinguish between Type A and 
Type B programs as defined in Sec. ______.520(b) of OMB Circular A-
133.
    7. The Catalog of Federal Domestic Assistance (CFDA) number for 
each Federal program, as applicable.
    8. The name of each Federal program and identification of each 
major program. Individual awards within a category of awards should 
be listed in the same level of detail as they are listed in the 
schedule of expenditures of Federal awards.
    9. The amount of expenditures in the schedule of expenditures of 
Federal awards associated with each Federal program.
    10. A yes or no statement as to whether there are audit findings 
and the amount of any questioned costs related to the following for 
each Federal program:
    a. Types of services allowed or unallowed.
    b. Eligibility.
    c. Matching, maintenance of level of effort, or earmarking.
    d. Federal financial reporting.
    e. Program income.
    f. Procurement.
    g. Subrecipient monitoring.
    h. Allowable costs/cost principles.
    i. Other.
    11. Auditee Name:
----------------------------------------------------------------------
Employer Identification Number:
----------------------------------------------------------------------
Name and Title of Responsible Official:
----------------------------------------------------------------------
Telephone Number:
----------------------------------------------------------------------
Signature:
----------------------------------------------------------------------
Date:
----------------------------------------------------------------------
    12. Auditor Name:
----------------------------------------------------------------------
Name and Title of Contact Person:
----------------------------------------------------------------------
Auditor Address:
----------------------------------------------------------------------
Auditor Telephone Number:
----------------------------------------------------------------------

    (c) Reporting Package. The reporting package shall include the:
    (1) Certification discussed in paragraph (b) of this section;
    (2) Financial statements and schedule of expenditures of Federal 
awards discussed in Sec. ______.310(a) and Sec. ______.310(b), 
respectively;
    (3) Summary schedule of prior audit findings discussed in 
Sec. ______.315(b);
    (4) Auditor's report(s) discussed in Sec. ______.505; and
    (5) Corrective action plan discussed in Sec. ______.315(c).
    (d) Submission to clearinghouse. All auditees shall submit to the 
central clearinghouse designated by OMB one copy of the reporting 
package described in paragraph (c) of this section for:
    (1) The central clearinghouse to retain as an archival copy; and
    (2) Each Federal awarding agency when the schedule of findings and 
questioned costs disclosed audit findings relating to Federal awards 
that the Federal awarding agency provided directly or the summary 
schedule of prior audit findings reported the status of any audit 
findings relating to Federal awards that the Federal awarding agency 
provided directly.
    (e) Additional submission by subrecipients. In addition to the 
requirements discussed in paragraph (d) of this section, subrecipients 
shall submit to each pass-through entity one copy of the:
    (1) Certification discussed in paragraph (b) of this section; and
    (2) Reporting package described in paragraph (c) of this section 
for each pass-through entity when the schedule of findings and 
questioned costs disclosed audit findings relating to Federal awards 
that the pass-through entity provided or the summary schedule of prior 
audit findings reported the status of any audit findings relating to 
Federal awards that the passthrough entity provided.
    (f) Requests for report copies. In response to requests by a 
Federal agency or pass-through entity, auditees shall submit the 
appropriate copies of the reporting package described in paragraph (c) 
of this section and, if requested, a copy of any management letters 
issued by the auditor.
    (g) Report retention requirements. Auditees shall keep one copy of 
the reporting package described in paragraph (c) of this section on 
file for three years from the date of submission to the central 
clearinghouse designated by OMB. Pass-through entities shall keep 
subrecipients' submissions on file for three years from date of 
receipt.
    (h) Clearinghouse responsibilities. The central clearinghouse 
designated by OMB shall distribute the reporting packages received in 
accordance with

[[Page 19146]]

paragraph (d)(2) of this section and Sec. ______.235(c)(3) to 
applicable Federal awarding agencies, maintain a data base of completed 
audits, provide appropriate information to Federal agencies, and follow 
up with known auditees which have not submitted the required 
certifications and reporting packages.
    (i) Clearinghouse address. The address of the central clearinghouse 
currently designated by OMB is Federal Audit Clearinghouse, Bureau of 
the Census, 1201 E. 10th Street, Jeffersonville, IN 47132.
    (j) Electronic filing. Nothing in this part shall preclude 
electronic submissions to the central clearinghouse in such manner as 
may be approved by OMB. With OMB approval, the central clearinghouse 
may pilot test methods of electronic submissions.

Subpart D--Federal Agencies and Pass-Through Entities


Sec. ______.400  Responsibilities.

    (a) Cognizant agency for audit responsibilities. Recipients 
expending more than $25 million a year in Federal awards shall have a 
cognizant agency for audit. The designated cognizant agency for audit 
shall be the Federal awarding agency that provides the predominant 
amount of direct funding to a recipient unless OMB makes a specific 
cognizant agency for audit assignment and provides notice in the 
Federal Register. To provide for continuity of cognizance, the 
determination of the predominant amount of direct funding shall be 
based upon direct Federal awards expended in the recipient's fiscal 
years ending in 1995, 2000, 2005, and every fifth year thereafter. For 
example, audit cognizance for periods ending in 1996 through 2000 will 
be determined based on Federal awards expended in 1995. A Federal 
awarding agency with cognizance for an auditee may reassign cognizance 
to another Federal awarding agency which provides substantial direct 
funding and agrees to be the cognizant agency for audit. Within 30 days 
after any reassignment, both the old and the new cognizant agency for 
audit shall notify the auditee, and, if known, the auditor of the 
reassignment. The cognizant agency for audit shall:
    (1) Provide technical audit advice and liaison to auditees and 
auditors.
    (2) Consider auditee requests for extensions to the report 
submission due date required by Sec. ______.320(a). The cognizant 
agency for audit may grant extensions for good cause.
    (3) Obtain or conduct quality control reviews of selected audits 
made by non-Federal auditors, and provide the results, when 
appropriate, to other interested organizations.
    (4) Promptly inform other affected Federal agencies and appropriate 
Federal law enforcement officials of any direct reporting by the 
auditee or its auditor of irregularities or illegal acts, as required 
by GAGAS or laws and regulations, when such reporting is not included 
in the reporting package described in Sec. ______.320(c).
    (5) Advise the auditor and, where appropriate, the auditee of any 
deficiencies found in the audits when the deficiencies require 
corrective action by the auditor. When advised of deficiencies, the 
auditee shall work with the auditor to take corrective action. If 
corrective action is not taken, the cognizant agency for audit shall 
notify the auditor, the auditee, and applicable Federal awarding 
agencies and pass-through entities of the facts and make 
recommendations for follow-up action. Major inadequacies or repetitive 
substandard performance by auditors shall be referred to appropriate 
State licensing agencies and professional bodies for disciplinary 
action.
    (6) Coordinate, to the extent practical, audits or reviews made by 
or for Federal agencies that are in addition to the audits made 
pursuant to this part, so that the additional audits or reviews build 
upon audits performed in accordance with this part.
    (7) Coordinate a management decision for audit findings that affect 
the Federal programs of more than one agency.
    (8) Coordinate the audit work and reporting responsibilities among 
auditors to achieve the most costeffective audit.
    (b) Oversight agency for audit responsibilities. An auditee which 
does not have a designated cognizant agency for audit will be under the 
general oversight of the Federal agency determined in accordance with 
Sec. ______.105 (Oversight agency for audit). The oversight agency for 
audit:
    (1) Shall provide technical advice to auditees and auditors as 
requested.
    (2) May assume all or some of the responsibilities normally 
performed by a cognizant agency for audit.
    (c) Federal awarding agency responsibilities. The Federal awarding 
agency shall perform the following for the Federal awards it makes:
    (1) Identify Federal awards made by informing each recipient of the 
CFDA title and number, award name and number, award year, and if the 
award is for R&D. When some of this information is not available, the 
Federal agency shall provide information necessary to clearly describe 
the Federal award.
    (2) Ensure that audits are completed and reports are received in a 
timely manner and in accordance with the requirements of this part.
    (3) Provide technical advice and counsel to auditees and auditors 
as requested.
    (4) Issue a management decision on audit findings within six months 
after receipt of the audit report and ensure that the recipient takes 
appropriate and timely corrective action.
    (5) Assign a person responsible to inform OMB annually of any 
updates needed to the compliance supplements.
    (d) Pass-through entity responsibilities. A non-profit pass-through 
entity shall perform the following for the Federal awards it makes:
    (1) Identify Federal awards made by informing each subrecipient of 
CFDA title and number, award name and number, award year, if the award 
is R&D, and name of Federal agency. When some of this information is 
not available, the pass-through entity shall provide the best 
information available to describe the Federal award.
    (2) Advise subrecipients of requirements imposed on them by Federal 
laws, regulations, and the provisions of contracts or grant agreements 
as well as any supplemental requirements imposed by the pass-through 
entity.
    (3) Monitor the activities of subrecipients as necessary to ensure 
that Federal awards are used for authorized purposes in compliance with 
laws, regulations, and the provisions of contracts or grant agreements 
and that performance goals are achieved.
    (4) Ensure that non-profit subrecipients expending $300,000 or more 
in Federal awards during the subrecipient's fiscal year have met the 
audit requirements of this part for that fiscal year, and that 
subrecipients subject to Circular A-128 have met the requirements of 
Circular A-128.
    (5) Issue a management decision on audit findings within six months 
after receipt of the subrecipient's audit report and ensure that the 
subrecipient takes appropriate and timely corrective action.
    (6) Consider whether subrecipient audits necessitate adjustment of 
the pass-through entity's own records.
    (7) Require each subrecipient to permit the pass-through entity and 
auditors to have access to the records and financial statements as 
necessary for the pass-through entity to comply with this part.

[[Page 19147]]

Sec. ______.405  Management decision.

    (a) General. The management decision shall clearly state whether or 
not the audit finding is sustained, the reasons for the decision, and 
the expected auditee action to repay disallowed costs, make financial 
adjustments, or take other action. If the auditee has not completed 
corrective action, a timetable for follow-up should be given. Prior to 
issuing the management decision, the Federal agency or pass-through 
entity may request additional information or documentation from the 
auditee, including a request that the documentation be audited, as a 
way of mitigating disallowed costs. The management decision should 
describe any appeal process available to the auditee.
    (b) Federal agency. As provided in Sec. ______.400(a)(7), the 
cognizant agency for audit shall be responsible for coordinating a 
management decision for audit findings that affect the programs of more 
than one Federal agency. As provided in Sec. ______.400(c)(4), a 
Federal awarding agency is responsible for issuing a management 
decision for findings that relate to Federal awards it makes to 
recipients. Alternate arrangements may be made on a case-by-case basis 
by agreement among the Federal agencies concerned.
    (c) Pass-through entity. As provided in Sec. ______.400(d)(5), the 
pass-through entity shall be responsible for making the management 
decision for audit findings that relate to Federal awards it makes to 
subrecipients.
    (d) Time requirements. The entity responsible for making the 
management decision shall do so within six months of receipt of the 
audit report. Corrective action should be initiated within six months 
and proceed as rapidly as possible.
    (e) Reference numbers. Management decisions shall include the 
reference numbers the auditor assigned to each audit finding in 
accordance with Sec. ______.510(c).

Subpart E--Auditors


Sec. ______.500  Scope of audit.

    (a) General. The audit shall be conducted in accordance with GAGAS.
    (b) Financial statements. The auditor shall determine whether the 
financial statements of the auditee are presented fairly in all 
material respects in conformity with generally accepted accounting 
principles. The auditor shall also determine whether the schedule of 
expenditures of Federal awards is presented fairly in all material 
respects in relation to the auditee's financial statements taken as a 
whole.
    (c) Internal control. (1) In addition to the requirements of GAGAS, 
the auditor shall perform procedures to obtain an understanding of 
internal control over Federal programs sufficient to plan the audit to 
achieve a low assessed level of control risk for major programs.
    (2) Except as provided in paragraph (c)(3) of this section, the 
auditor shall:
    (i) Plan the testing of internal control over major programs to 
achieve a low assessed level of control risk for the assertions 
relevant to the compliance requirements for each major program; and
    (ii) Perform testing of internal control over major programs as 
planned in paragraph (c)(2)(i) of this section.
    (3) When internal control over some or all of the compliance 
requirements for a major program are likely to be ineffective in 
preventing or detecting noncompliance, the planning and performing of 
testing described in paragraph (c)(2) of this section are not required 
for those compliance requirements. However, the auditor shall report a 
reportable condition or a material weakness in accordance with 
Sec. ______.510, assess the related control risk at the maximum, and 
consider whether additional compliance tests are required because of 
ineffective internal control over the major program.
    (d) Compliance. (1) In addition to the requirements of GAGAS, the 
auditor shall determine whether the auditee has complied with laws, 
regulations, and the provisions of contracts or grant agreements that 
may have a direct and material effect on each of its major programs.
    (2) The compliance testing shall include tests of transactions and 
such other auditing procedures necessary to provide the auditor 
sufficient evidence to support an opinion on compliance for each major 
program.
    (3) The principal compliance requirements of the largest Federal 
programs are included in the compliance supplements.
    (4) For Federal programs contained in the compliance supplements, 
an audit of the compliance requirements contained in the compliance 
supplements will meet the requirements of this part. Where there have 
been changes to the compliance requirements and the changes are not 
reflected in the compliance supplements, the auditor shall determine 
the current compliance requirements and modify the audit procedures 
accordingly. For those Federal programs not covered in the compliance 
supplements, the auditor should use the types of compliance 
requirements (e.g., cash management, Federal financial reporting, 
allowable costs/cost principles, types of services allowed or 
unallowed, eligibility, and matching) contained in the compliance 
supplements as guidance for identifying the types of compliance 
requirements to test, and determine the requirements governing the 
Federal program by reviewing the provisions of contracts and grant 
agreements and the laws and regulations referred to in such contracts 
and grant agreements. The auditor should consult with the applicable 
Federal agency to determine the availability of agency-prepared 
supplements or audit guides.
    (e) Audit follow-up. The auditor shall follow-up on prior audit 
findings, perform procedures to assess the reasonableness of the 
summary schedule of prior audit findings prepared by the auditee in 
accordance with Sec. ______.315(b), and report, as a current year audit 
finding, when the auditor concludes that the summary schedule of prior 
audit findings materially misrepresents the status of any prior audit 
finding. The auditor shall perform audit follow-up procedures 
regardless of whether a prior audit finding relates to a major program 
in the current year.
    (f) Communication. The auditor shall communicate, preferably in 
writing, to the auditee which Federal awarding agencies and pass-
through entities are required to receive a copy of the reporting 
package pursuant to Sec. ______.320(d)(2) and Sec. ______.320(e)(2), 
respectively. The auditor shall retain a record of this communication 
in the auditor's working papers.


Sec. ______.505  Audit reporting.

    (a) Auditor's reports. The auditor's report(s) may be in the form 
of either combined or separate reports and may be organized differently 
from the manner presented in this section. The auditor's report(s) 
shall state that the audit was conducted in accordance with this part 
and include the following:
    (1) An opinion (or disclaimer of opinion) as to whether the 
financial statements are presented fairly in all material respects in 
conformity with generally accepted accounting principles and an opinion 
(or disclaimer of opinion) as to whether the schedule of expenditures 
of Federal awards is presented fairly in all material respects in 
relation to the financial statements taken as a whole.
    (2) A report on internal control related to the financial 
statements and major programs. This report shall describe the scope of 
testing of internal control and the results of the tests, and, where 
applicable, refer to the separate

[[Page 19148]]

schedule of findings and questioned costs described in paragraph (a)(4) 
of this section.
    (3) A report on compliance with laws, regulations, and the 
provisions of contracts or grant agreements, noncompliance with which 
could have a material effect on the financial statements. This report 
shall also include an opinion (or disclaimer of opinion) as to whether 
the auditee complied with laws, regulations, and the provisions of 
contracts or grant agreements which could have a direct and material 
effect on each major program, and, where applicable, refer to the 
separate schedule of findings and questioned costs described in 
paragraph (a)(4) of this section.
    (4) A schedule of findings and questioned costs which includes a 
summary of the auditor's results as described in paragraph (b) of this 
section and all audit findings as defined in Sec. ______.510(a). Any 
findings (e.g., internal control findings, compliance findings, 
questioned costs, or fraud) which relate to the same issue should be 
presented as a single finding. Where practical, audit findings should 
be organized by Federal agency or pass-through entity.
    (b) Summary of the auditor's results. The summary of the auditor's 
results shall include:
    (1) The type of report the auditor issued on the financial 
statements of the auditee (i.e., unqualified opinion, qualified 
opinion, adverse opinion, or disclaimer of opinion);
    (2) Where applicable, a statement that the auditor's report on the 
financial statements indicated that the auditor has substantial doubt 
about the auditee's ability to continue as a going concern;
    (3) The type of report the auditor issued on compliance for major 
programs (i.e., unqualified opinion, qualified opinion, adverse 
opinion, or disclaimer of opinion);
    (4) Where applicable, a statement that reportable conditions in 
internal control over major programs were disclosed by the audit and 
whether any such conditions were material weaknesses, as described in 
Sec. ______.510(a)(1);
    (5) A statement as to whether the audit disclosed any material 
noncompliance in major programs, as described in Sec. ______.510(a)(2);
    (6) A statement as to whether the audit disclosed any questioned 
costs, as described in Sec. ______.510(a)(3);
    (7) Where applicable, a statement that the schedule of findings and 
questioned costs contains instances of known fraud, as described in 
Sec. ______.510(a)(5); and
    (8) Where applicable, a statement that the audit follow-up 
procedures disclosed that the summary schedule of prior audit findings 
materially misrepresents the status of any prior audit finding, as 
described in Sec. ______.510(a)(6).


Sec. ______.510  Audit findings.

    (a) Audit findings reported. The auditor shall report the following 
as audit findings in a schedule of findings and questioned costs:
    (1) Reportable conditions in internal control over major programs. 
The auditor's determination of whether to report a deficiency in 
internal control as a reportable condition is in relation to a type of 
compliance requirement for a major program or an audit objective 
identified in the compliance supplements. The auditor shall identify 
reportable conditions which are individually or cumulatively material 
weaknesses.
    (2) Material noncompliance with the provisions of laws, 
regulations, contracts, or grant agreements which the auditor 
concludes, based on evidence obtained, has occurred or is likely to 
have occurred. The auditor's determination of whether a noncompliance 
with the provisions of laws, regulations, contracts, or grant 
agreements is material for the purpose of reporting an audit finding is 
in relation to a type of compliance requirement for a major program or 
an audit objective identified in the compliance supplements.
    (3) Known questioned costs which are greater than $10,000 for a 
type of compliance requirement for a major program. Known questioned 
costs are those specifically identified by the auditor. In evaluating 
the effect of questioned costs on the opinion on compliance for each 
major program, the auditor considers the best estimate of total costs 
questioned (likely questioned costs), not just the questioned costs 
specifically identified (known questioned costs). The auditor shall 
also report known questioned costs when likely questioned costs are 
greater than $10,000 for a type of compliance requirement for a major 
program. In reporting questioned costs, the auditor shall include 
information to provide proper perspective for judging the prevalence 
and consequences of the questioned costs.
    (4) The circumstances concerning why the auditor's report on 
compliance for major programs is other than an unqualified opinion, 
unless such circumstances are otherwise reported as audit findings in 
the schedule of findings and questioned costs.
    (5) Known fraud affecting a Federal award, unless such fraud is 
otherwise reported as an audit finding in the schedule of findings and 
questioned costs. Fraud is a type of illegal act involving the 
obtaining of something of value through willful misrepresentation. This 
paragraph does not require the auditor to make an additional reporting 
when the auditor confirms that the fraud was reported outside of the 
auditor's reports under the direct reporting requirements of GAGAS.
    (6) Instances where the results of audit follow-up procedures 
disclosed that the summary schedule of prior audit findings prepared by 
the auditee in accordance with Sec. ______.315(b) materially 
misrepresents the status of any prior audit finding.
    (b) Audit finding detail. Audit findings shall be presented in 
sufficient detail for the auditee to prepare a corrective action plan 
and take corrective action and for Federal agencies and pass-through 
entities to arrive at a management decision. The following specific 
information shall be included, as applicable, in audit findings:
    (1) Federal program and specific Federal award identification 
including the CFDA title and number, Federal award number and year, 
name of Federal agency, and name of the applicable pass-through entity. 
When information, such as the CFDA title and number or Federal award 
number, is not available, the auditor shall provide the best 
information available to describe the Federal award.
    (2) The criteria or specific requirement upon which the audit 
finding is based, including statutory, regulatory, or other citation.
    (3) The condition found, including facts that support the 
deficiency identified in the audit finding.
    (4) Identification of questioned costs and how they were computed.
    (5) Information to provide proper perspective for judging the 
prevalence and consequences of the audit findings, such as whether the 
audit findings represent an isolated instance or a systemic problem. 
Where appropriate, instances identified shall be related to the 
universe and the number of cases examined and be quantified in terms of 
dollar value.
    (6) The possible asserted effect to provide sufficient information 
to the auditee and Federal agency, or pass-through entity in the case 
of a subrecipient, to permit them to determine the cause and effect to 
facilitate prompt and proper corrective action.

[[Page 19149]]

    (7) Recommendations to prevent future occurrences of the deficiency 
identified in the audit finding.
    (8) Views of responsible officials of the auditee when there is 
disagreement with the audit findings, to the extent practical.
    (c) Reference numbers. Each audit finding in the schedule of 
findings and questioned costs shall include a reference number to allow 
for easy referencing of the audit findings during follow-up.


Sec. ______.515  Audit working papers.

    (a) Retention of working papers. The auditor shall retain working 
papers and reports for a minimum of three years after the date of 
issuance of the auditor's report(s) to the auditee, unless the auditor 
is notified in writing by the cognizant agency for audit, oversight 
agency for audit, or pass-through entity to extend the retention 
period. When the auditor is aware that the Federal awarding agency, 
pass-through entity, or auditee is contesting an audit finding, the 
auditor shall contact the parties contesting the audit finding for 
guidance prior to destruction of the working papers and reports.
    (b) Access to working papers. Audit working papers shall be made 
available upon request to the cognizant or oversight agency for audit 
or its designee, a Federal agency providing direct or indirect funding, 
or GAO at the completion of the audit. Access to working papers 
includes the right of Federal agencies to obtain copies of working 
papers, as is reasonable and necessary.


Sec. ______.520  Major program determination.

    (a) General. The auditor shall use a risk-based approach to 
determine which Federal programs are major programs. This risk-based 
approach shall include consideration of: Current and prior audit 
experience, oversight by Federal agencies and passthrough entities, and 
the inherent risk of the Federal program. The process in paragraphs (b) 
through (i) of this section shall be followed.
    (b) Step 1. (1) The auditor shall identify the larger Federal 
programs, which shall be labeled Type A programs. Type A programs are 
defined as Federal programs with Federal expenditures during the audit 
period exceeding the larger of:
    (i) $300,000 or three percent (.03) of total Federal expenditures 
in the case of an auditee for which total Federal expenditures equal or 
exceed $300,000 but are less than or equal to $100 million.
    (ii) $3 million or three-tenths of one percent (.003) of total 
Federal expenditures in the case of an auditee for which total Federal 
expenditures exceed $100 million but are less than or equal to $10 
billion.
    (iii) $30 million or 15 hundredths of one percent (.0015) of total 
Federal expenditures in the case of an auditee for which total Federal 
expenditures exceed $10 billion.
    (2) Federal programs not labeled Type A under paragraph (b)(1) of 
this section shall be labeled Type B programs.
    (3) The inclusion of large insurance programs or loan and loan 
guarantees (loans) should not result in the exclusion of other programs 
as Type A programs. When a Federal program providing insurance or loans 
significantly affects the number or size of Type A programs, the 
auditor shall consider this Federal program as a Type A program and 
exclude its values in determining other Type A programs.
    (c) Step 2. (1) The auditor shall identify Type A programs which 
are low-risk. For a Type A program to be considered low-risk, it shall 
have been audited as a major program in at least one of the two most 
recent audit periods, and, in the most recent audit period, it shall 
have had no audit findings under Sec. ______.510(a). However, the 
auditor may use judgment and consider that audit findings from 
questioned costs under Sec. ______.510(a)(3), fraud under 
Sec. ______.510(a)(5), and audit follow-up for the summary schedule of 
prior audit findings under Sec. ______.510(a)(6) do not preclude the 
Type A program from being lowrisk. The auditor shall consider: the 
criteria in Sec. ______.525(c), Sec. ______.525(d)(1), 
Sec. ______.525(d)(2), and Sec. ______.525(d)(3); the results of audit 
follow-up; whether any changes in personnel or systems affecting a Type 
A program have significantly increased risk; and apply professional 
judgment in determining whether a Type A program is low-risk.
    (2) Notwithstanding paragraph (c)(1) of this section, OMB may 
approve a Federal awarding agency's request that a Type A program at 
certain recipients may not be considered low-risk. For example, it may 
be necessary for a large Type A program to be audited as major each 
year at particular recipients to allow the Federal agency to comply 
with the Government Management Reform Act of 1994 (31 U.S.C. 3515). The 
Federal agency shall notify the recipient and, if known, the auditor at 
least 120 days prior to the end of the fiscal year to be audited of 
OMB's approval.
    (d) Step 3. (1) The auditor shall identify Type B programs which 
are high-risk using professional judgment and the criteria in 
Sec. ______.525. Except for known reportable conditions in internal 
control or compliance problems as discussed in Sec. ______.525(b)(1), 
Sec. ______.525(b)(2), and Sec. ______.525(c)(1), a single criteria in 
Sec. ______.525 would seldom cause a Type B program to be considered 
high-risk.
    (2) An audit under this part is not expected to test relatively 
small Federal programs. Therefore, except to meet the 50 percent rule 
discussed in paragraph (f) of this section, the auditor is only 
required to perform risk assessments on Type B programs that exceed the 
larger of:
    (i) $100,000 or three-tenths of one percent (.003) of total Federal 
expenditures when the auditee has less than or equal to $100 million in 
total Federal expenditures.
    (ii) $300,000 or three-hundredths of one percent (.0003) of total 
Federal expenditures when the auditee has more than $100 million in 
total Federal expenditures.
    (e) Step 4. At a minimum, the auditor shall audit all of the 
following as major programs:
    (1) All Type A programs, except the auditor may exclude any Type A 
programs identified as low-risk under Step 2 (paragraph (c)(1) of this 
section);
    (2) At least one half of the Type B programs identified as high-
risk under Step 3 (paragraph (d) of this section), except this 
paragraph (e)(2) does not require the auditor to audit more high-risk 
Type B programs than the number of low-risk Type A programs identified 
as low-risk under Step 2; and
    (3) Such additional programs as may be necessary to comply with the 
50 percent rule discussed in paragraph (f) of this section. This 
paragraph (e)(3) may require the auditor to audit more programs as 
major than the number of Type A programs.
    (f) 50 percent rule. The auditor shall audit as major programs 
Federal programs with expenditures that, in the aggregate, encompass at 
least 50 percent of total Federal expenditures. If the auditee meets 
the criteria in Sec. ______.530 for a low-risk auditee, the auditor 
need only audit as major programs Federal programs with expenditures 
that, in the aggregate, encompass at least 25 percent of total Federal 
expenditures.
    (g) Documentation of risk. The auditor shall document in the 
working papers the risk analysis process used in determining major 
programs.
    (h) Auditor's judgment. When the major program determination was 
performed and documented in accordance with this part, the auditor's

[[Page 19150]]

judgment in applying the risk-based approach to determine major 
programs shall be presumed correct. Challenges by Federal agencies and 
pass-through entities shall only be for clearly improper use of the 
guidance in this part. However, Federal agencies and pass-through 
entities may provide auditors guidance about the risk of a particular 
Federal program and the auditor shall consider this guidance in 
determining major programs in audits not yet completed.
    (i) Deviation from use of risk criteria. For first-year audits, the 
auditor may elect to determine major programs as all Type A programs 
plus any Type B programs as necessary to meet the 50 percent rule 
discussed in paragraph (f) of this section. Under this option, the 
auditor would not be required to perform the procedures discussed in 
paragraphs (c), (d), and (e) of this section.
    (1) A first-year audit is the first year the entity is audited 
under this part or the first year of a change of auditors.
    (2) To ensure that a frequent change of auditors would not preclude 
audit of high risk Type B programs, this election for first-year audits 
may not be used by an auditee more than once in every three years.


Sec. ______.525  Criteria for Federal program risk.

    (a) General. The auditor's determination should be based on an 
overall evaluation of the risk of noncompliance occurring which could 
be material to the Federal program. The auditor shall use auditor 
judgment and consider criteria, such as described in paragraphs (b), 
(c), and (d) of this section, to identify risk in Federal programs. 
Also, as part of the risk analysis, the auditor may wish to discuss a 
particular Federal program with auditee management and the Federal 
agency or passthrough entity.
    (b) Current and prior audit experience. (1) Weaknesses in internal 
control over Federal programs would indicate higher risk. Consideration 
should be given to the control environment over Federal programs and 
such factors as the expectation of management's adherence to applicable 
laws and regulations and the provisions of contracts and grant 
agreements and the competence and experience of personnel who 
administer the Federal programs.
    (i) A Federal program administered under multiple internal control 
structures may have higher risk. When assessing risk in a large single 
audit, the auditor shall consider whether weaknesses are isolated in a 
single operating unit (e.g., one college campus) or pervasive 
throughout the entity.
    (ii) When significant parts of a Federal program are passed through 
to subrecipients, a weak system for monitoring subrecipients would 
indicate higher risk.
    (iii) The extent to which computer processing is used to administer 
Federal programs, as well as the complexity of that processing, should 
be considered by the auditor in assessing risk. New and recently 
modified computer systems may also indicate risk.
    (2) Prior audit findings would indicate higher risk, particularly 
when the situations identified in the audit findings could have a 
significant impact on a Federal program or have not been corrected.
    (3) Federal programs not recently audited as major programs may be 
of higher risk than Federal programs recently audited as major programs 
without audit findings.
    (c) Oversight exercised by Federal agencies and pass-through 
entities. (1) Oversight exercised by Federal agencies or pass-through 
entities could indicate risk. For example, recent monitoring or other 
reviews performed by an oversight entity which disclosed no significant 
problems would indicate lower risk. However, monitoring which disclosed 
significant problems would indicate higher risk.
    (2) Federal agencies, with the concurrence of OMB, may identify 
Federal programs which are higher risk. OMB plans to provide this 
identification in the compliance supplements.
    (d) Inherent risk of the Federal program. (1) The nature of a 
Federal program may indicate risk. Consideration should be given to the 
complexity of the program and the extent to which the Federal program 
contracts for goods and services. For example, Federal programs that 
disburse funds through third party contracts or have eligibility 
criteria may be of higher risk. Federal programs primarily involving 
staff payroll costs may have a high-risk for time and effort reporting, 
but otherwise be at low-risk.
    (2) The phase of a Federal program in its life cycle at the Federal 
agency may indicate risk. For example, a new Federal program with new 
or interim regulations may have higher risk than an established program 
with time-tested regulations. Also, significant changes in Federal 
programs, laws, regulations, or the provisions of contracts or grant 
agreements may increase risk.
    (3) The phase of a Federal program in its life cycle at the auditee 
may indicate risk. For example, during the first and last years that an 
auditee participates in a Federal program, the risk may be higher due 
to start-up or closeout of program activities and staff.
    (4) Type B programs with larger expenditures would be of higher 
risk than programs with substantially smaller expenditures.


Sec. ______.530  Criteria for a low-risk auditee.

    An auditee which meets all of the following conditions for each of 
the preceding two years shall qualify as a low-risk auditee and be 
eligible for reduced audit coverage in accordance with 
Sec. ______.520(f):
    (a) The audits were performed in accordance with the provisions of 
this part.
    (b) The auditor's opinions on the financial statements and the 
schedule of expenditures of Federal awards were unqualified. However, 
the cognizant or oversight agency for audit may judge that an opinion 
qualification does not affect the management of Federal awards and 
provide a waiver.
    (c) There were no deficiencies in internal control which were 
identified as material weaknesses under the requirements of GAGAS. 
However, the cognizant or oversight agency for audit may judge that the 
material weaknesses do not affect the management of Federal awards and 
provide a waiver.
    (d) None of the Type A programs, as defined in Sec. ______.520(b), 
had audit findings from any of the following:
    (1) Internal control deficiencies which were identified as material 
weaknesses;
    (2) Noncompliance with the provisions of laws, regulations, 
contracts, or grant agreements which have a material effect on the Type 
A program; or
    (3) Known or likely questioned costs that exceed five percent of 
the total expenditures for a Type A program during the year.

[FR Doc. 96-10330 Filed 4-29-96; 8:45 am]
BILLING CODE 3110-01-P