Preparing for Your First Single Audit: What New Federal Grantees Need to Know

The Single Audit Is Not Optional

If your organization expends $1 million or more in federal awards during a fiscal year, you are required to undergo a single audit. This is not a suggestion, not a best practice, and not something you can defer until next year. It is a legal requirement under the Single Audit Act, codified in Subpart F of the Uniform Guidance (2 CFR 200.501), and failure to complete it can result in suspended funding, disallowed costs, and designation as a high-risk grantee — a label that follows your organization into every future federal application.

The $1 million threshold took effect for fiscal years beginning on or after October 1, 2024, replacing the previous $750,000 threshold that had been unchanged since 1997. If your fiscal year ends June 30, 2025 or later, you fall under the new rules. This 33% increase was part of the most substantial revision to the Uniform Guidance in a decade, and while it exempted some smaller organizations from the requirement, the compliance expectations for those who do trigger it have only intensified.

This guide walks through the full arc of single audit preparation: what the audit actually examines, how to build the internal infrastructure to pass it, how to prepare your Schedule of Expenditures of Federal Awards (SEFA), what auditors look for, and how to navigate the Federal Audit Clearinghouse submission. The orientation here is practical — written for the CFO or finance director who just received their first large federal award and needs to understand exactly what is coming.

Understanding What the Auditor Is Actually Examining

A single audit is not simply a financial statement audit with a federal flavor. It is two distinct audits conducted together: a financial statement audit performed under Generally Accepted Auditing Standards (GAAS) and Government Auditing Standards (Yellow Book/GAGAS), and a compliance audit of your major federal programs performed under the requirements of 2 CFR 200, Subpart F.

The financial statement audit examines whether your organization's financial statements are materially correct and whether your internal controls over financial reporting are adequate. This is broadly similar to any financial statement audit, but the Yellow Book layer adds requirements around internal controls and compliance with laws and regulations.

The compliance audit is where the single audit diverges sharply from standard audits. The auditor selects your major programs — determined by a risk-based methodology we will cover below — and tests your compliance across up to twelve compliance requirement categories defined in the OMB Compliance Supplement. These include activities allowed or unallowed, allowable costs and cost principles, cash management, eligibility, matching and level of effort, period of performance, procurement, program income, reporting, subrecipient monitoring, and special tests specific to certain programs.

For each major program, the auditor issues an opinion on whether you complied with the requirements that could have a direct and material effect on that program. A qualified or adverse opinion on a major program is a serious outcome. It triggers reporting to the Federal Audit Clearinghouse, potential referral to federal awarding agencies, and heightened scrutiny on future awards.

How Major Programs Are Selected

The auditor determines which of your federal programs qualify as "major" using the Type A/Type B classification in 2 CFR 200.518. Under the revised guidance, Type A programs are those where federal awards expended exceed the larger of $1 million or 3% of total federal expenditures (with a ceiling of $75 million). All other programs are Type B.

The auditor then applies risk criteria. Low-risk Type A programs may be excluded from testing. High-risk Type B programs may be elevated. The end result is a set of major programs that must cover at least 20% of total federal expenditures (40% for low-risk auditees). You do not get to choose which programs are tested, but understanding the selection methodology helps you anticipate where the auditor will focus.

Building Internal Controls Before the Audit

The single most consequential thing you can do to prepare for your first single audit is to build robust internal controls before you start spending federal money — not six months before the audit, and certainly not after you receive the auditor's engagement letter.

The Uniform Guidance at 2 CFR 200.303 requires recipients to "establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award." The guidance references two frameworks for what "effective" means: the GAO's Standards for Internal Control in the Federal Government (the Green Book) and the COSO Internal Control Framework.

In practice, this translates to a set of documented policies and procedures covering every major compliance area. You need written, enforced protocols for the following.

Financial management and accounting. A fund accounting system that tracks expenditures by individual federal award, with chart-of-account structures that segregate federal spending from other revenue sources. Monthly reconciliation of general ledger balances to award budgets. Documented procedures for approving and recording journal entries.

Allowable costs. A written cost principles policy that implements the standards in 2 CFR 200.403 through 200.405. Staff who authorize expenditures must understand the basic test: is the cost necessary and reasonable, allocable to the specific award, consistent with institutional policies applied uniformly to both federal and non-federal activities, and not specifically prohibited by the Uniform Guidance or the award terms?

Procurement. This is the single most common area of single audit findings, accounting for roughly 26% of all findings nationally. Your procurement policy must address all federal requirements: micro-purchases (up to $10,000 under the revised guidance), small purchases ($10,000 to $250,000), and formal competitive procedures above $250,000. Document the history of every procurement — who you solicited, what bids you received, the basis for selection, and price analysis. Having a policy is insufficient; auditors test whether you actually followed it.

Time and effort documentation. If personnel costs are charged to federal awards, you need a system that documents the actual time employees spend on each program. The revised Uniform Guidance at 2 CFR 200.430 no longer prescribes a specific methodology (the old semi-annual certifications are gone), but it does require that charges be based on records that reasonably reflect the total activity for which the employee is compensated. After-the-fact activity reports, contemporaneous timesheets, or other methods are acceptable — but they must exist and be consistently applied.

Cash management. If you receive federal funds on a reimbursement basis, this is straightforward. If you receive advances, you must minimize the time between receipt of funds and disbursement, consistent with 2 CFR 200.305. Excess cash balances invite findings.

Subrecipient monitoring. If you pass federal funds through to subrecipients, you are responsible for monitoring their use of those funds. This means issuing subaward agreements that include all required elements (2 CFR 200.332), evaluating subrecipient risk, monitoring activities during the subaward period, verifying that subrecipients who expend $750,000 or more ($1 million under the new threshold for their own fiscal years) complete their own single audits, and following up on any findings.

Separation of duties. No single person should control an entire financial transaction from initiation to recording to reconciliation. The auditor will map your transaction flows and identify where controls break down due to concentration of authority. In smaller organizations where true separation is difficult, implement compensating controls: supervisory review of transactions, independent reconciliation, and board-level financial oversight.

The Internal Control Documentation Checklist

For each control area, document the following:

• The specific risk the control addresses
• The control activity (who does what, when, and how)
• The frequency of the control
• Evidence that the control operated (signatures, timestamps, system logs)
• The person responsible for monitoring the control
• How exceptions are identified and resolved

Auditors do not just verify that controls exist in writing. They test whether controls operated effectively during the audit period by selecting samples of transactions and tracing them through your control framework.

Preparing the Schedule of Expenditures of Federal Awards

The SEFA is the central document of your single audit. It lists every federal program under which you expended funds during the fiscal year, and it is the basis for determining which programs are subject to audit testing. Errors in the SEFA cascade into every other aspect of the audit: incorrect major program determination, missed compliance testing, and ultimately, audit findings.

What Goes on the SEFA

For each federal program, the SEFA must disclose:

• The name of the federal awarding agency
• The name of the pass-through entity (if the award was received indirectly)
• The Assistance Listing number (formerly CFDA number)
• The federal award identification number
• The total amount of federal awards expended during the fiscal year
• Whether the award was passed through to subrecipients, and the amount
• The total amount provided to subrecipients
• Whether the program is part of a cluster of programs
• Loan or loan guarantee outstanding balances (if applicable)
• Notes describing the basis of accounting, whether the auditee elected the 10% de minimis indirect cost rate, and any other information required by the award terms

Common SEFA Errors and How to Prevent Them

Missing programs. The most frequent SEFA error is omitting federal awards entirely. This happens most often with pass-through awards, where a state agency distributes federal funds and the subrecipient does not realize the money originates from a federal source. Review every funding agreement you hold. If the agreement references an Assistance Listing number or a federal awarding agency, the expenditures belong on your SEFA. Non-cash assistance — commodities, vaccines, food from USDA programs — must also be included.

Incorrect Assistance Listing numbers. Every federal program has a unique Assistance Listing number (the two-digit prefix identifies the federal agency). Using the wrong number can misstate your expenditures under a program, affecting major program determination. Verify each number against the official Assistance Listings at sam.gov, not against the number your pass-through entity provided (which may be outdated or incorrect).

Accrual versus expenditure basis confusion. The SEFA reports federal awards expended, not received or budgeted. If you received a draw-down of $500,000 but only expended $350,000 by fiscal year-end, the SEFA reflects $350,000. Conversely, if you incurred $400,000 in allowable costs but have not yet drawn the funds, you still report $400,000. The SEFA must reconcile to your general ledger.

Failure to cluster programs. Certain federal programs are grouped into clusters — for example, the Student Financial Assistance cluster or the Research and Development cluster. All programs within a cluster are treated as a single program for major program determination. If you do not properly cluster, you may understate your expenditures and escape testing that should have occurred — a problem that will surface in peer review or federal oversight.

Monthly SEFA Reconciliation Process

Do not wait until year-end to build the SEFA. Maintain a working SEFA throughout the year, updated monthly:

1. Pull expenditure reports from your general ledger for each federal award
2. Reconcile expenditure totals to drawdown records and financial reports submitted to federal agencies
3. Verify that new awards received during the month are captured
4. Confirm Assistance Listing numbers and pass-through entity details for any new awards
5. Update subrecipient pass-through amounts
6. Flag any programs approaching the Type A threshold

This monthly discipline transforms the year-end SEFA from a frantic construction project into a routine reconciliation exercise.

Selecting a Qualified Auditor

Not every CPA firm is qualified to perform a single audit. The auditor must meet specific professional requirements, and choosing the wrong firm can result in substandard work, rejected audit submissions, and federal scrutiny.

Mandatory Qualifications

Yellow Book (GAGAS) compliance. The auditor must conduct the engagement in accordance with Government Auditing Standards issued by the U.S. Government Accountability Office. This means the individual auditors assigned to your engagement must meet Yellow Book continuing professional education (CPE) requirements: a minimum of 80 hours of CPE every two years, with at least 24 hours directly related to government auditing, the government environment, or the specific environment in which your organization operates.

Peer review. The audit firm must have undergone an external quality control review (peer review) that included a review of a single audit engagement. Request a copy of the firm's most recent peer review report and verify that the review is current and the firm received a pass rating.

Experience with your program type. A firm that audits municipalities may have limited experience with nonprofit compliance requirements, and vice versa. Ask for references from organizations of similar size and program complexity. Inquire about the specific federal programs the firm has audited — experience with your agency's Compliance Supplement section is directly relevant.

Evaluating Proposals

When soliciting audit proposals, provide each firm with your prior year financial statements, your SEFA (or preliminary SEFA), the number and dollar amount of federal awards, your organizational chart for the finance department, and a list of any known compliance issues. A well-informed proposal will be more accurate and more useful than one based on guesswork.

Evaluate proposals on qualifications, experience, and audit approach — not solely on price. The lowest-cost proposal often comes from a firm that underestimates the scope, leading to either an inadequate audit or significant fee overruns. Federal procurement standards in 2 CFR 200.320 actually require that the audit be procured using competitive procedures, and the revised Uniform Guidance explicitly states that price must be considered but need not be the primary factor.

Engagement Timeline

Engage your auditor early. Ideally, you should have an engagement letter signed four to six months before your fiscal year-end. This gives the auditor time to conduct interim fieldwork — testing internal controls and performing walk-throughs — before the year-end close, which reduces the pressure on year-end fieldwork and accelerates the overall timeline.

The Single Audit Timeline

The Uniform Guidance at 2 CFR 200.512 requires that the audit be completed and the data collection form submitted to the Federal Audit Clearinghouse within the earlier of 30 calendar days after receipt of the auditor's report or nine months after the end of the audit period. For an organization with a June 30 fiscal year-end, the deadline is March 31 of the following year. For a December 31 year-end, the deadline is September 30.

Here is a realistic timeline for an organization with a June 30 fiscal year-end:

January-March (6-4 months before year-end). Engage auditor, sign engagement letter. Begin interim fieldwork: walk-throughs of internal control processes, testing of controls on procurement, payroll, and cash management. Identify and resolve any control weaknesses before year-end.

April-June (3-1 months before year-end). Finalize monthly SEFA reconciliations. Ensure all subrecipient monitoring documentation is current. Prepare listing of prepared-by-client (PBC) items the auditor will need. Close out any open procurement files.

July (fiscal year-end). Close the books. Prepare draft financial statements and SEFA. Assemble the audit binder: trial balance, bank reconciliations, grant award documents, drawdown records, financial reports submitted to agencies, procurement files, time and effort documentation, subrecipient monitoring files.

August-October (1-4 months after year-end). Year-end fieldwork. Auditor tests compliance for major programs, completes financial statement audit procedures, and tests internal controls. Respond to auditor inquiries promptly — delayed responses are the single most common cause of missed deadlines.

November-December (5-6 months after year-end). Receive draft findings (if any). Prepare corrective action plans for any findings. Review and approve the draft audit report.

January-March (7-9 months after year-end). Auditor issues final reports. Prepare and submit the SF-SAC data collection form and reporting package to the Federal Audit Clearinghouse. Deadline: March 31.

Organizations that miss the nine-month deadline are reported as delinquent on the Federal Audit Clearinghouse, which federal awarding agencies review when making funding decisions.

Submitting to the Federal Audit Clearinghouse

The Federal Audit Clearinghouse (FAC), now hosted at fac.gov, is the central repository for all single audit submissions. Every person who edits or certifies a submission must have a Login.gov account, so set these up well before the submission deadline.

The submission package has two components:

The SF-SAC data collection form. This is submitted as a series of webforms and XLSX workbooks through the FAC portal. The workbooks include sections for federal awards, notes to the SEFA, findings, findings text, and corrective action plans. The data in the SF-SAC must agree exactly with the information in your audit report — discrepancies will trigger rejection.

The audit reporting package. This is uploaded as a single PDF and must include the financial statements and SEFA, the auditor's reports (financial statement opinion, Yellow Book report on internal controls and compliance, and the single audit report on compliance and internal controls over major programs), the schedule of findings and questioned costs, a summary schedule of prior audit findings, and a corrective action plan for any current findings.

Both the auditee (your organization) and the auditor must certify the submission. Coordinate the timing so both parties are available to complete certification before the deadline.

Common Findings and How to Prevent Them

Understanding the most frequent single audit findings helps you allocate your preparation efforts where they matter most.

Procurement (26% of all findings). The auditor pulls a sample of purchases made with federal funds and verifies that you followed your procurement policy and federal requirements. Missing competitive bidding documentation, sole-source justifications without adequate support, and failure to perform cost or price analysis are the most common triggers. Prevention: maintain a complete procurement file for every purchase, including the solicitation, all bids received, the evaluation criteria, the basis for selection, and price reasonableness documentation.

Allowable costs. Charges that lack adequate documentation, costs that are not allocable to the specific federal program, or expenses that are specifically unallowable under 2 CFR 200 Subpart E (entertainment, alcoholic beverages, lobbying, fundraising). Prevention: implement a pre-approval process for unusual expenditures, train staff on the allowable cost principles, and review charges to federal awards monthly.

Reporting. Late or inaccurate financial and performance reports submitted to the federal awarding agency. Prevention: maintain a master reporting calendar with all deadlines, assign responsibility for each report, and build in review time before submission.

Cash management. Excess federal cash on hand, particularly for organizations that receive advance payments. Prevention: draw funds only as needed for immediate expenditures, and if you must maintain a balance, document that the drawdown schedule minimizes time elapsed between receipt and disbursement.

Subrecipient monitoring. Failure to evaluate subrecipient risk at the time of the subaward, inadequate monitoring during the subaward period, or failure to verify subrecipient audit completion. Prevention: build a subrecipient monitoring checklist tied to the requirements in 2 CFR 200.332, and execute it for every subaward.

SEFA presentation. Missing programs, incorrect Assistance Listing numbers, unreported subrecipient pass-through amounts, and failure to reconcile to the general ledger. Prevention: follow the monthly reconciliation process described above.

When You Receive a Finding

If the auditor identifies a finding, you must prepare a corrective action plan. The plan should identify the responsible official, describe the specific corrective action, and provide a timeline for implementation. Vague promises ("we will improve our controls") are insufficient. Describe exactly what will change: new approval workflows, additional staff, revised policies, system implementations, and specific dates.

Findings are categorized as material weaknesses, significant deficiencies, or instances of noncompliance. Material weaknesses are the most severe and must be reported on the summary schedule of findings and questioned costs. They remain on your record at the Federal Audit Clearinghouse indefinitely and must appear on the summary schedule of prior audit findings until resolved.

Frequently Asked Questions

Does the $1 million threshold apply to awards received or awards expended?

The threshold is based on federal awards expended, not received or obligated. If you received a $1.5 million award but only expended $800,000 during your fiscal year, you do not trigger the single audit for that year (assuming no other federal expenditures). The measurement period is your fiscal year, and the amount is the total across all federal programs — not per-award.

What happens if we miss the nine-month filing deadline?

Your organization is reported as delinquent on the Federal Audit Clearinghouse. Federal awarding agencies monitor delinquency status and may impose special conditions on existing awards, withhold future funding, or designate you as a high-risk grantee. Some agencies treat delinquent audits as a disqualifying factor in competitive applications. If a delay is unavoidable, contact your cognizant or oversight agency to request an extension before the deadline passes.

Can we use the same auditor who does our regular financial statement audit?

Yes, and in most cases this is preferable. The single audit builds on the financial statement audit, so using the same firm avoids duplicative work and reduces overall cost. However, confirm that the firm and the individual engagement team meet Yellow Book CPE requirements and have single audit experience. A firm that excels at commercial audits but has never navigated the Compliance Supplement will not serve you well.

What is the difference between a single audit and a program-specific audit?

A program-specific audit (2 CFR 200.507) is an option when your organization expends federal awards under only one federal program and the federal agency has issued a program-specific audit guide. It is narrower in scope than a full single audit. However, most organizations with multiple federal awards default to the single audit, which satisfies all requirements regardless of how many programs you operate.

How much does a single audit cost?

Fees vary significantly based on the number and complexity of federal programs, the quality of your internal documentation, and the geographic market for audit services. For a first-time single audit with one or two major programs and well-organized records, expect fees in the range of $20,000 to $50,000 above the cost of your standard financial statement audit. Organizations with multiple major programs, complex compliance requirements, or poor documentation will pay considerably more. The investment in year-round preparation directly reduces audit costs by minimizing the auditor's time on corrective work and information requests.

Granted helps organizations identify federal funding opportunities that match their capabilities — positioning you to win awards and manage them with the compliance infrastructure a single audit demands.