OMB Circular A-133 Audit Refresher-Major Programs

    OMB Circular A-133 Audit Refresher-Major Programs 

    Various organizations that monitor the quality of single audits are identifying problems with the auditor's application of the risk-based approach to determining major programs as required under Office of Management and Budget (OMB) Circular A-133, Audits of States, Local Governments, and Non-Profit Organizations (Circular A-133). The risk-based approach is designed to focus the Circular A-133 audit on higher risk programs. To assist you in understanding the risk-based approach, we present this refresher on Circular A-133's requirements for major program selection. Auditors should also refer to the AICPA Audit Guide, Government Auditing Standards and Circular A-133 Audits, for the underlying requirements.  

    Determining major programs using the risk-based approach is a four-step process that involves the auditor:

    1.   Determining type A and type B programs

    2.   Identifying low-risk type A programs

    3.   Identifying high-risk type B programs

    4.   Selecting major programs

    Only in situations of a "first-year" audit can the auditor deviate from using the risk-based approach. Section 520(i) of Circular A-133 defines a first-year audit as the first year an entity is audited under Circular A-133 or as the first year of a change in auditors. That exception allows the auditor to elect to determine major programs as all type A programs plus any type B programs as are necessary to meet the percentage-of-coverage rule described in step 4. However, to ensure that a frequent change of auditors will not preclude the audit of high-risk type B programs, the election for first-year audits may not be used more than once every three years. 

    Step 1—Determining Type A and Type B Programs

    To select major programs, the auditor must first identify federal programs as being either type A or type B as defined in Circular A-133, section 520(b). In general, type A programs are larger federal programs, and type B programs are smaller federal programs. For purposes of determining major programs, a cluster of programs1 is considered one program. For example, if the auditee expends federal awards under more than one program in the child nutrition cluster (which is made up of the school breakfast program, the national school lunch program, the special milk program for children, and the summer food service program for children), those programs should be considered together as one program. Quality reviews have shown that some auditors have made errors in identifying programs as part of a program cluster. Auditors should carefully consider the guidance the Compliance Supplement to determine which programs are able to be clustered.  

    Type A programs depend on an auditee's total federal awards expended, as shown in the following table. Federal programs that do not meet the type A criteria are type B programs: 

    When Total Federal Cash and Noncash Awards Expended Are—

     

    Type A Programs Are Any Programs With Federal Awards Expended That Exceed the Larger of— 

    More than or equal to $300,0002 and less than or equal to $100 million 

     

    $300,000 or 3 percent (0.03) of federal
    awards expended 

    More than $100 million and less than or equal to $10 billion 

     

    $3 million or 0.3 percent (0.003) of federal
    awards expended 

    More than $10 billion

     

    $30 million or 0.15 percent (0.0015) of federal awards expended.

    If an auditee's federal awards expended include loans and loan guarantees,3 the auditor may need to adjust how to apply the preceding criteria. Circular A-133 states that, when identifying type A programs, the inclusion of large loans and loan guarantees should not result in the exclusion of other federal programs as type A programs. This requirement relates only to loans and loan guarantees and not to any other noncash awards. When, based on the auditor's professional judgment, federal programs providing loans or loan guarantees significantly affect the number or size of type A programs, the auditor should consider the loan or loan guarantee programs type A programs and exclude their value in determining other type A programs. An example of this concept is shown in Chapter 9 of the Guide.

    Federal awards expended for purposes of determining type A and type B programs is the amount of cash and noncash awards, after all audit adjustments are made, shown in the final current-year schedule of expenditures of federal awards, including the notes thereto, and in the data collection form. An auditor who uses the prior-year schedule or preliminary current-year estimates to plan the audit should recalculate the threshold for type A programs based on the final amounts to ensure that federal awards are properly classified as type A or B. Although the calculation of the threshold (and the percentage-of-coverage requirement discussed in step 4) seems straightforward, some auditors are not complying with the requirement. Rounding the calculation is not allowed; if the type A threshold calculates to $4,893,000, the auditor cannot round the number to $4.9 million.  

    Back to top

    Step 2—Identifying Low-Risk Type A Programs 
     

    After completing step 1, the auditor should perform a risk assessment of each type A program to identify those that are low risk as provided in section 520(c) of Circular A-133. For a type A program to be considered low risk, both of the following conditions must be met:

    1. The program has been audited as a major program in at least one of the two most recent audit periods (in the most recent audit period in the case of a biennial audit); and

    2. In the most recent audit period, the program had no audit findings that represent reportable conditions in the internal control over major programs or material noncompliance with the provisions of laws, regulations, contracts, or grant agreements that are related to a major program.

    There is no auditor judgment involved in meeting either of these criteria. The fact that a type A program was not type A in the previous two years is not relevant. If a type A program was not audited in the two most recent audit periods, without regard to whether it was type A or type B during those periods, it cannot be considered low risk and, therefore, must be audited in the current period. Similarly, if an auditee did not previously participate in a federal award program that is a type A program in the current year, that program was not audited in the two most recent audit periods and cannot be considered low risk. 

    Except in the situations discussed in the previous paragraph, Circular A-133 permits the auditor to conclude, based on professional judgment, that a type A program is low risk even though any of the following occur:

    1. In the prior audit period it may have had known or likely questioned costs greater than $10,000 for a type of compliance requirement.

    2. Known fraud has been identified.

    3. The summary schedule of prior audit findings materially misrepresents the status of a prior audit finding.

    The Guide gives the following example in which the auditor, based on professional judgment, could decide that the program is low risk in the current year: Funds expended under a federal program in the prior year totaled $10 million, there were known questioned costs of $11,000 that related to one isolated instance, and there were no additional likely questioned costs.

    In making the final determination of whether a type A program is low risk, the auditor also should consider the following risk criteria: 

    • The nature of oversight exercised by federal agencies and pass-through entities

    • The inherent risk of the program

    • The results of audit follow-up

    • Whether any changes in the personnel or systems affecting a type A program have significantly increased its risk

    • The identification by the federal agency, as provided by the OMB in the Supplement, that a program is higher risk

    Back to top

    Step 3—Identifying High-Risk Type B Programs
     
    After completing steps 1 and 2, the audit should identify type B programs that are high-risk. Step 3 is discussed in section 520(d) of Circular A-133. Before risk assessing type B programs, the audit should consider whether: 

    • There are low-risk type A programs. When there are no low-risk type A programs (either because there are no type A programs or because none of the type A programs are low risk), the auditor is not required to perform step 3. When there are no type A programs, the auditor would audit as major enough Type B programs to meet the percentage-of-coverage rule, as discussed below in step 4. When none of the type A programs are low risk, the auditor would audit as major all type A programs plus any additional type B programs needed to meet the percentage-of-coverage rule.

    • Option 1 or option 2 will be used in step 4 as discussed below. The auditor's decision of which option to choose will likely be based on audit efficiency and will affect how many type B programs are subject to risk assessment. Under option 1, the auditor is required to perform a risk assessment on all type B programs (except small type B programs as discussed below). In comparison with option 2, option 1 will likely require the auditor to perform more type B program risk assessments, but may also result in the auditor having to audit fewer major programs. Under option 2, the auditor is only required to identify high-risk type B programs up to the number of low-risk type A programs. In comparison with option 1, option 2 will likely require the auditor to perform fewer type B risk assessments, but may also result in the auditor having to audit more major programs. Chapter 9 of the Guide provides examples of these concepts. Under either option, any programs that a federal agency or pass-through entity requests be audited as discussed in step 4 below must be audited as a major program.

    An auditor is not expected to perform risk assessments on relatively small federal programs. Circular A-133 only requires the auditor to perform risk assessments on type B programs as shown in the following table.

    When Total Federal Cash and Noncash Awards Expended Are—  

     

    Perform Risk Assessment for Type B Programs That Exceed the Larger of—  

    More than or equal to $300,000 and less than or equal to $100 million 

     

    $100,000 or 0.3 percent (0.003) of federal
    awards expended 

    More than $100 million

     

    $300,000 or 0.03 percent (0.0003) of federal awards expended.

    The auditor should identify type B programs that are high-risk using professional judgment, the risk criteria bulleted above in step 2 for type A programs, and the following additional risk criteria for type B programs:

    • Weaknesses in the internal control over compliance for the program

    • Whether the program is administered under multiple internal control structures

    • A weak system for monitoring subrecipients when significant parts of the program are passed through to subrecipients

    • The extent to which computer processing is used

    • Prior audit findings that have a significant impact on a program or for which no corrective action has been implemented since the findings were identified

    • The program has not recently been audited as major

    Except for known reportable conditions in internal control or instances of noncompliance, a single risk criteria would, in general, seldom cause a type B program to be considered high risk.

    Back to top 

    Step 4—Selecting Major Programs

    After completing steps 1 through 3, the auditor identifies major programs. At a minimum, sections 215(c) and 520(e) of Circular A-133 require the auditor to audit all of the following as major programs: 

    • All type A programs, except those identified as low risk under step 2

    • High-risk type B programs, as identified under either of the two options described below

    • Programs to be audited as major based on a federal agency request, in lieu of the federal agency conducting or arranging for additional audits, as discussed below

    • Additional programs, if any, that are necessary to meet the percentage-of-coverage rule, as described below

    Section 520(e)(2) of Circular A-133 provides the following two options for identifying high-risk type B programs:

    1. Option 1— The auditor is expected to perform risk assessments of all type B programs that exceed the amount specified in the table shown in step 3, and to audit at least one-half of the high-risk type B programs as major, unless that number exceeds the number of low-risk type A programs identified in step 2 (that is, the cap). In this case, the auditor would be required to audit as major the same number of high-risk type B programs as the cap.

    2. Option 2 — The auditor is required to audit as major only one high-risk type B program for each type A program identified as low risk in step 2. Under this option, the auditor would not be required to perform risk assessments for any type B program when there are no low-risk type A programs (that is, the cap is zero).

    Chapter 9 of the Guide provides an example of the application of these options. The auditor may choose option 1 or option 2. There is no requirement to justify the reasons for selecting either option. The results under options 1 and 2 may vary significantly, depending on the number of low-risk type A programs and high-risk type B programs. Circular A-133 encourages the auditor to use an approach that provides an opportunity for different high-risk type B programs to be audited as major over a period of time.

    Section 215(c) of Circular A-133 provides for a federal agency to request an auditee to have a particular federal program audited as a major program in lieu of the federal agency conducting or arranging for additional audits. To allow for planning, such requests are required to be made at least 180 days before the end of the fiscal year to be audited. The auditee, after consultation with its auditor, should promptly respond to such a request by informing the federal agency whether the program would otherwise be audited as a major program using the risk-based approach and, if it would not, the estimated incremental cost to audit the program as a major program. The federal agency must then promptly confirm to the auditee whether it wants the program audited as a major program. If the program is to be audited as a major program based on the federal agency's request, and the federal agency has agreed to pay the full incremental costs, then the auditee must have the program audited as a major program. This approach also may be used by pass-through entities for a subrecipient.

    Circular A-133 requires the auditor to audit, as major programs, federal programs with federal awards expended that, in the aggregate, encompass at least 50 percent of the total federal awards expended unless the auditee meets the criteria for a low-risk auditee, as discussed below. If the auditee is a low-risk auditee, the auditor is only required to audit as major programs federal programs with federal awards expended that, in the aggregate, encompass at least 25 percent of the total federal awards expended. (Again, rounding the calculation is not allowed.) If the total major programs selected do not equal 50 percent (or 25 percent in the case of a low-risk auditee) of the total federal awards expended, the auditor should select additional programs (either type A or type B) to equal the applicable percentage and test them as major programs. The auditor may select additional programs to meet the percentage-of-coverage rule based on professional judgment and without regard to risk assessment. The auditor should apply the percentage-of-coverage rule after all other steps in the risk-based approach are completed. The auditor cannot just select programs making up 50 percent of federal awards expended without completing the other steps.

    Section 530 of Circular A-133 establishes certain conditions for determining whether an auditee is low risk. An auditee that meets all of the following conditions for each of the preceding two years (or in the case of biennial audits, the preceding two audit periods) qualifies as a low-risk auditee and is eligible for 25 percentage of coverage as discussed above:

    Single audits were performed on an annual basis in accordance with Circular A-133. An auditee that has biennial audits does not qualify as a low-risk auditee, unless agreed to in advance by the cognizant or oversight agency for audit.

    The auditor's opinions on the financial statements and the schedule of expenditures of federal awards were unqualified. However, the cognizant or oversight agency for audit may judge that an opinion qualification does not affect the management of federal awards and may provide a waiver.

    There were no deficiencies in internal control over financial reporting that were identified as material weaknesses under the requirements of Government Auditing Standards. However, the cognizant or oversight agency for audit may judge that any identified material weaknesses do not affect the management of federal awards and may provide a waiver.

    None of the federal programs classified as type A programs in either of the preceding two years (or in the case of biennial audits, the preceding two audit periods) had audit findings of any of the following: (1) material weaknesses in the internal control over compliance, (2) noncompliance with the provisions of laws, regulations, contracts, or grant agreements that have a material effect on the type A program, and (3) known or likely questioned costs that exceed 5 percent of the total federal awards expended for a type A program during the year.

    Section 520(g) of Circular A-133 requires that there be audit documentation of the risk assessment process used in determining major programs. It is therefore necessary for the auditor to document adequately, as required by generally accepted auditing standards (GAAS) and Government Auditing Standards, the determination of major programs.

    Schedule of Findings and Questioned Costs and Data Collection Form . Information needed to determine major programs is required to be reported on the schedule of findings and questioned costs and the data collection form. For example, the schedule and form require the auditor to report the dollar threshold to distinguish type A and type B programs and whether the auditee qualifies as low risk. The auditor should review the information on the schedule and form to ensure that it is consistent with the information developed during the audit and consistent between the schedule and the form.

    Section 215(c) of Circular A-133 provides for a federal agency to request an auditee to have a particular federal program audited as a major program in lieu of the federal agency conducting or arranging for additional audits. To allow for planning, such requests are required to be made at least 180 days before the end of the fiscal year to be audited. The auditee, after consultation with its auditor, should promptly respond to such a request by informing the federal agency whether the program would otherwise be audited as a major program using the risk-based approach and, if it would not, the estimated incremental cost to audit the program as a major program. The federal agency must then promptly confirm to the auditee whether it wants the program audited as a major program. If the program is to be audited as a major program based on the federal agency's request, and the federal agency has agreed to pay the full incremental costs, then the auditee must have the program audited as a major program. This approach also may be used by pass-through entities for a subrecipient.

    Circular A-133 requires the auditor to audit, as major programs, federal programs with federal awards expended that, in the aggregate, encompass at least 50 percent of the total federal awards expended unless the auditee meets the criteria for a low-risk auditee, as discussed below. If the auditee is a low-risk auditee, the auditor is only required to audit as major programs federal programs with federal awards expended that, in the aggregate, encompass at least 25 percent of the total federal awards expended. (Again, rounding the calculation is not allowed.) If the total major programs selected do not equal 50 percent (or 25 percent in the case of a low-risk auditee) of the total federal awards expended, the auditor should select additional programs (either type A or type B) to equal the applicable percentage and test them as major programs. The auditor may select additional programs to meet the percentage-of-coverage rule based on professional judgment and without regard to risk assessment. The auditor should apply the percentage-of-coverage rule after all other steps in the risk-based approach are completed. The auditor cannot just select programs making up 50 percent of federal awards expended without completing the other steps.

    Section 530 of Circular A-133 establishes certain conditions for determining whether an auditee is low risk. An auditee that meets all of the following conditions for each of the preceding two years (or in the case of biennial audits, the preceding two audit periods) qualifies as a low-risk auditee and is eligible for 25 percentage of coverage as discussed above:

    • Single audits were performed on an annual basis in accordance with Circular A-133. An auditee that has biennial audits does not qualify as a low-risk auditee, unless agreed to in advance by the cognizant or oversight agency for audit.

    • The auditor's opinions on the financial statements and the schedule of expenditures of federal awards were unqualified. However, the cognizant or oversight agency for audit may judge that an opinion qualification does not affect the management of federal awards and may provide a waiver.

    • There were no deficiencies in internal control over financial reporting that were identified as material weaknesses under the requirements of Government Auditing Standards. However, the cognizant or oversight agency for audit may judge that any identified material weaknesses do not affect the management of federal awards and may provide a waiver.

    • None of the federal programs classified as type A programs in either of the preceding two years (or in the case of biennial audits, the preceding two audit periods) had audit findings of any of the following: (1) material weaknesses in the internal control over compliance, (2) noncompliance with the provisions of laws, regulations, contracts, or grant agreements that have a material effect on the type A program, and (3) known or likely questioned costs that exceed 5 percent of the total federal awards expended for a type A program during the year.

    Section 520(g) of Circular A-133 requires that there be audit documentation of the risk assessment process used in determining major programs. It is therefore necessary for the auditor to document adequately, as required by generally accepted auditing standards (GAAS) and Government Auditing Standards, the determination of major programs.

    Schedule of Findings and Questioned Costs and Data Collection Form . Information needed to determine major programs is required to be reported on the schedule of findings and questioned costs and the data collection form. For example, the schedule and form require the auditor to report the dollar threshold to distinguish type A and type B programs and whether the auditee qualifies as low risk. The auditor should review the information on the schedule and form to ensure that it is consistent with the information developed during the audit and consistent between the schedule and the form.

    Back to top

     


    1. A cluster of programs is defined as a grouping of closely related programs that share common compliance requirements. The types of clusters of programs are research and development, student financial aid, and other clusters. "Other clusters" are defined in the Office of Management and Budget (OMB) Circular A-133 Compliance Supplement or are designated by a state for federal awards that the state provides to its subrecipients that meet the definition of a cluster of programs. 

     

    1. A is defined as a grouping of closely related programs that share common compliance requirements. The types of clusters of programs are research and development, student financial aid, and other clusters. "Other clusters" are defined in the Office of Management and Budget (OMB) Circular A-133 or are designated by a state for federal awards that the state provides to its subrecipients that meet the definition of a cluster of programs. 

    2. Although the June 27, 2003, revisions to Office of Management and Budget (OMB) Circular A-133, Audits of States, Local Governments, and Non-Profit Organizations (Circular A-133), raised the threshold for the applicability of the Single Audit Act Amendments of 1996 (the Single Audit Act) and Circular A-133 from $300,000 to $500,000 for audits of fiscal years ending after December 31, 2003, it did not change the $300,000 threshold for identifying Type A programs. 

    3. As provided in Circular A-133, sections 105 and 215(b) through (d), loans and loan guarantees represent federal awards.

    Copyright © 2008 by the American Institute of Certified Public Accountants, Inc., New York, New York.

    Open Hide documents in this section

    There are no articles available in this section
    Copyright © 2006-2014 American Institute of CPAs.