Preparing for a Single Audit: Understanding Major Program Determination

In the previous Nonprofit article, we emphasized the importance of the Schedule of Expenditures of Federal Awards (SEFA) to organizational leadership and outlined the steps to compile the necessary information. It was also noted that the SEFA serves as the foundation for determining which federal programs will be subject to compliance testing in accordance with the Uniform Guidance. While this determination is ultimately the responsibility of the auditor, it is also prudent for nonprofit organizations to understand the process. By estimating which programs may be selected for testing, organizations can better prepare by organizing documentation and ensuring appropriate personnel are available during the audit.

With that in mind, the major program determination process is broken into five steps:

1. Low-Risk Auditee Determination

One of the first steps in this process is to determine whether an organization qualifies as a “low-risk auditee.” To qualify, an organization must meet specific criteria for each of the preceding two audit periods. Specifically, Single Audits must have been performed, including submitting the Data Collection Form and reporting package to the Federal Audit Clearinghouse by the due date. The auditor’s opinions on whether the financial statements were prepared in accordance with GAAP, or a basis of accounting required by state law, and on compliance for major federal programs were unmodified and did not include an ongoing concern. In addition, no deficiencies in internal control over financial reporting or compliance can be identified as material weaknesses, and known or likely questioned costs did not exceed 5% of the total federal awards expended for a Type A program during the audit period.

If any of these criteria are not met, the organization would not qualify as a low-risk auditee. The implications of this designation are discussed below.

2. Identify the Type A Threshold

The next step in the process is to identify the Type A threshold which is based on the total amount of federal awards expended. For organizations that expend between $1,000,000 and $34,000,000 of federal awards, the Type A threshold is $1,000,000. This threshold increases as federal awards expended exceed $34,000,000. In this situation, organizations can refer to the Uniform Guidance (2 CFR Part 200) for the applicable threshold.

Any federal program exceeding this threshold is identified as a Type A program, and any federal program below this threshold is identified as a Type B program.

3. Type A Risk Assessment

Now that Type A programs have been identified, a risk assessment must be performed. Similar to the determination of low-risk auditee status, this risk assessment includes specific criteria used to evaluate whether a program is considered low-risk. If any of the criteria are not met, the Type A program cannot be classified as low-risk and is subject to compliance testing as a major program.

To be classified as low-risk, the Type A program must have been audited as a major program in one of the last two preceding years with no deficiencies in internal control over compliance identified as material weaknesses and an unmodified opinion on compliance. In addition, known or likely questioned costs must not have exceeded 5% of the total federal awards expended for the program. Even if these criteria are met, there are additional characteristics for further consideration that might indicate higher risk; such factors include the results of audit follow-up or any changes in personnel or systems affecting the program. Furthermore, a federal agency may identify federal programs that are higher risk. For 2025, these federal programs can be found in Appendix IV of the Compliance Supplement.

4. Type B Risk Assessment

This process is only required if any Type A programs were classified as low-risk.

If so, the organization must perform a risk assessment of its Type B programs until the number of high-risk Type B programs identified equals at least 25% of the number of low-risk Type A programs (rounded up). For example, if one Type A program qualifies as low-risk, the risk assessment of Type B programs must continue until at least one Type B program has been classified as high-risk (1 low-risk Type A program x 25% = .25, rounded up to 1). However, it is possible to assess all Type B programs and still identify fewer high-risk Type B programs than is required or none at all.

The risk assessment of Type B programs also includes specific criteria. Unlike the process in Steps 1 and 3, a “no” response to any one single criterion would rarely cause a Type B program to be considered high-risk unless known material weaknesses in internal over compliance or prior compliance issues have been identified. For a complete list of criteria, refer to 2 CFR Part 200.519.

Additionally, “relatively small federal programs” are not expected to be assessed. These programs are defined as a Type B program with expenditures not exceeding 25% of the Type A threshold. In most cases, that threshold would amount to $250,000 (25% x $1,000,000 Type A threshold).

5. Evaluate for Proper Coverage

Once all assessments have been completed, the organization compiles all Type A programs that were not identified as low-risk and all Type B programs identified as high-risk. These programs represent the major programs that will be subject to testing.

The organization must then evaluate whether the major programs subject to testing encompasses a specified percentage of total federal awards expended. If the organization qualifies as a low-risk auditee, this percentage is 20%; if not, the percentage is 40%. If sufficient coverage is not achieved, additional programs are selected as major programs until the required percentage of federal awards expended is met.

In summary, while the determination of major programs is an auditor responsibility, understanding the process allows organizations to better prepare for a Single Audit. Familiarity with the process allows organizations to be proactive with the audit process by anticipating areas of audit focus and provides the opportunity to compile organization documentation, allocate resources effectively, and address potential compliance issues in advance.

If you have questions about the information outlined above, please contact us; our seasoned and experienced nonprofit professionals are here to help. You can also learn more about our nonprofit services by visiting our Nonprofit industry page.

About the Author

Related Services

Related Industries