Understanding the Single Audit, Common Pitfalls,
and How to Avoid Them
By Claire Hilleary, Director, Not-for-Profit Practice and
Ariel Lybarger, Senior Manager, Not-for-Profit Practice, Moss Adams

In September 2023, Claire Hilleary and Ariel Lybarger of Moss Adams led a webinar presentation on common Singl Audit pitfalls and how to avoid them. Below are key takeaways covered in their presentation.   

Missed the webinar? View the recording HERE. (Member login required)

What Is a Single Audit?

A Single Audit, also known as a Uniform Guidance audit, is a comprehensive examination of an organization's financial statements and compliance with federal award requirements. Single Audits are conducted to ensure organizations expending federal awards meet the necessary regulations and are accountable for the funds they receive.

A Single Audit includes an audit of both your organization’s financial statements and compliance with federal award requirements for those programs identified as major programs—based on application of the risk-based approach and criteria outlined in Title 2 Code of Federal Regulations (CFR) Section 200.518 and .519—for the audit.

Through the audit process, the auditors determine whether your organization’s financial statements fairly present the financial position of the organization and whether they’re presented in accordance with Generally Accepted Accounting Principles (GAAP) or another comprehensive basis of accounting.
Both the financial statement audit and the compliance audit provide information on the internal controls design appropriateness and operating effectiveness, which enables management to identify systematic weaknesses in a timely manner.

What Governs How It’s Completed?

The standard-setting body that governs Single Audits in the United States is the Office of Management and Budget (OMB). The OMB issues the Compliance Supplement that auditors use to conduct Single Audits. Single Audits are required for non-federal entities (NFEs) that expend more than $750,000 of federal dollars within their fiscal year. An NFE means a state, local government, Indian Tribe, Institution of Higher Education (IHE), or not-for-profit organization that carries out a federal award as a recipient or subrecipient. Recently, OMB proposed revisions to the Uniform Guidance, most notably to raise the Single Audit threshold from $750,000 in federal awards expended within a fiscal year to $1 million, the first increase in the Single Audit threshold since 2013.

Types of Findings

Audit findings can be categorized as a Financial Statement finding or a Compliance finding:

Financial Statement
A financial statement finding relates to accounting controls or the accounting assumptions used to prepare the accounting records. These findings represent departures from GAAP or deficiencies in the internal controls designed to ensure the financial statements fairly present your organization’s financial condition.

A compliance finding is related to noncompliance with federal laws, statutes, regulations, and program terms and conditions, or deficiencies in the internal control over compliance designed to ensure the organization complies with such provisions. This type of finding is specific to an individual compliance issue for a major program.

Financial statement and compliance concerns must be evaluated and categorized into one of three categories: a control deficiency, significant deficiency, or material weakness.

Control Deficiency
The design or operation of a control over financial reporting or compliance doesn’t allow management or employees to prevent, or detect and correct, misstatements or noncompliance on a timely basis. A control deficiency is less severe than a significant deficiency.

  • Design deficiency. A control necessary to meet the control objective is missing, or an existing control isn’t properly designed so that, even if the control operates as designed, the control objective wouldn’t be met.

  • Operation deficiency. A properly designed control doesn’t operate as designed or the person performing the control doesn’t possess the necessary authority or competence to perform the control effectively.

Significant Deficiency
A deficiency, or combination of deficiencies, that is less severe than a material weakness, yet important enough to merit attention by management.

Material Weakness
A deficiency, or a combination of deficiencies, exists in internal control for either financial reporting or compliance, such that there’s a reasonable possibility that a material misstatement of the entity’s financial statements or material noncompliance won’t be prevented, or detected and corrected, on a timely basis.

Material weaknesses and significant deficiencies in internal control over financial reporting or over compliance must be reported as part of the financial statements or Single Audit report. Internal control or noncompliance concerns not categorized as a material weakness or significant deficiency can be communicated in a separate management letter to the auditee.

Next Steps Checklist

What Will Your Single Audit Look Like?

Each Single Audit is different, so it’s important to discuss with the auditor what to expect, what should occur, your responsibilities, and the specific duties of the auditor. Cover this in your engagement letter.
Factors that influence what occurs during the audit include the complexity of your organization and the availability and completeness of the documentation supporting the internal control system, financial statements, and program activities and expenditures.

Generally, auditors will perform audit steps to:

  • Determine if your organization’s financial statements are fairly presented

  • Determine if the Schedule of Expenditure of Federal Awards (SEFA) is complete, accurate, and fairly presented in relation to your financial statements

  • Gain an understanding of and potentially test key internal controls

  • Determine if your organization complied with select federal statutes, regulations, and terms and conditions of your federal awards

  • Follow up on prior audit findings

  • Obtain evidence to form and support their opinions on the financial statements and program compliance

  • Develop and report internal control and compliance findings for the current year in the Single Audit report

Auditors won’t provide any opinion on your internal controls. If they identify something they see as an issue, they’ll report it as a finding, but won’t offer opinions as they would on the material accuracy of your financial statements or compliance.

If a finding related to internal controls is identified, and corrective actions are taken, an internal audit specific to those controls and processes may be an effective way to prevent the finding in subsequent years.

Common Pitfalls in Grant Compliance

The most common pitfalls in grant compliance are found in the following areas:

  • Reporting

  • Matching, level of effort, and earmarking

  • Sub-recipient monitoring

  • Eligibility

  • Allowable costs

  • Indirect costs

  • Procurement


  • Inaccurate reports. Time and effort reporting, including inconsistent application of requirements across all funding sources, and time charged across all sources exceeds 100%.

  • Unsupported report data. Point-in-time system reports not retained.

  • Late reports. Delinquent report submissions or unsubmitted project close-out reports.

Matching, Level of Effort, and Earmarking

  • Inaccurate records. In-kind volunteer hours not reviewed.

  • Inaccurate calculations. Currency conversion or insufficient match funds due to Excel formula error or conversion not performed.

  • Supplement, not supplant. Funding is meant to augment, not replace.

Sub-Recipient Monitoring

  • Assistance Listing Number (ALN), formerly the Catalog of Federal Domestic Assistance (CFDA), not communicated to sub-recipients

  • Unique Entity ID (UEI), formerly the Data Universal Number System (DUNS) number, verification not completed

  • Risk assessments not completed regularly

  • Monitoring not completed, or not completed adequately or in a timely manner


  • Inaccurate determination. Program participants didn’t meet the maximum age, income, or geographic thresholds; no process in place for eligibility determination, such as age, income, background checks, and citizenship

  • Record retention. Process doesn’t ensure consistent retention of documentation

Allowable Costs

  • Payroll allocations are based on an estimate rather than actual

  • Time related to program payroll isn’t contemporaneously documented

  • Time related to program payroll isn’t reviewed and properly approved

  • Program expenses aren’t reviewed and approved by grant manager

  • Costs not allowable

  • Costs not properly supported

Indirect Costs

  • Indirect costs include unallowable costs

  • Indirect rate is misapplied

  • Indirect methodology not documented or not applied consistently across programs


  • A procurement policy exists, but the organization doesn’t enforce it

  • The organization has appropriate procedures but didn’t update its policy

  • The organization cannot prove that a vendor was checked for suspension and debarment

  • Sole source justification wasn’t properly completed

  • Supporting documentation is not retained to support due diligence performed

How to Prepare for a Single Audit
Prior to the audit, there are actions your organization needs to take. Below are some steps auditees can take to help your Single Audit go smoothly.

  • Gather and summarize all federal grant information

  • Prepare financial statements and notes

  • Prepare a detailed draft of the SEFA

  • Ensure policies are developed and up to date, in place, and comply with the federal awards

  • Provide the auditor with access to information

  • Review prior Single Audit findings

  • Prepare the Schedule of Prior Audit Findings

  • Review and update internal controls

  • Seek help, when or if needed – asking questions early and often may prevent audit findings in the future