Skip to content

Provider Relief Funds Received Under the CARES Act Impose Audit Requirements

September 22, 2020

In response to the global pandemic caused by COVID-19, Congress passed the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), which provided increased funding for existing programs and funded at least 20 new federal programs to help stimulate the economy.

Many hospitals, clinics, and medical providers received CARES Act funding from the Department of Health and Human Services (HHS) through the Provider Relief Fund (PRF). Recently, HHS has stated expenditures of PRF funds would be included in the calculation of federal expenditures in determining if an entity is required to have a single audit or a program-specific audit completed under Generally Accepted Government Auditing Standards (GAGAS), including for-profit entities. Entities with total federal expenditures greater than $750,000 will be required to have a single audit or a program-specific audit. For not-for-profit organizations, single audits may be familiar, given that they are often triggered from federal grants. However, for for-profit companies, the PRF funds could trigger the need for a single audit or program-specific audit for the first time.

What Is a Single Audit or Program-Specific Audit?

Normally, when a non-federal government or nonprofit organization expends total federal funds of $750,000 or more during its fiscal year, the non-federal entity is required to have an audit under Subpart F of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), known as a single audit.

In determining whether an entity has met the $750,000 threshold, generally all expenditures under federal award programs must be considered, including any that first pass through other entities. There are certain exceptions, such as patient claims under Medicaid and Medicare, which are not considered in evaluating whether an entity reaches the threshold.

A single audit is performed by a qualified independent accountant and consists of two main parts:

  • An audit of the financial statements in accordance with GAGAS issued by the Comptroller General of the United States, known as Yellow Book
  • A compliance audit of the entity’s major federal programs in accordance with the Uniform Guidance, which includes testing of the entity’s internal controls over compliance

In addition to establishing audit requirements, the Uniform Guidance provides a framework for grant management, which should be contemplated to ensure compliance with federal award requirements.

Each year, the U.S. Office of Management and Budget (OMB) also releases the OMB Compliance Supplement, which must be used to guide audit procedures related to federal awards. The OMB Compliance Supplement is also a useful tool for recipients of federal awards, especially for entities subject to a single audit for the first time. The 2020 OMB Compliance Supplement was recently released. However, the OMB has indicated that an addendum will be issued subsequently, later in 2020, to address new programs established under the CARES Act.

HHS codifies the Uniform Guidance and applies special provisions to its awards under Title 45 U.S. Code of Federal Regulations Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards. Section 75.216 establishes audit requirements for for-profit entities receiving awards from HHS. Since the establishment of PRF, HHS continued to deliberate whether PRF awards were subject to a single audit, as well as the requirements for for-profit entities included in section 75.216. HHS has recently confirmed that PRF awards are included in the basis for determining whether an audit requirement was triggered, including for-profit entities.

Though HHS extends the single audit requirement to include for-profit entities that receive federal awards, it also provides an option to obtain a financial-related audit of a particular award (or awards, if awards are received under multiple HHS programs) in accordance with Yellow Book. Details on this program-specific audit are still forthcoming.

What Should I Do Now?

While the initial thought of having a single audit for the first time might feel daunting, there are several steps that can be taken now to help smooth this process:

  1. If it is possible that your entity will meet the $750,000 threshold during this or a subsequent reporting period, reach out to your KSM advisor now to start discussions on what would be required.
  1. In a multi-level entity structure, consider under which entity the funds should be audited, as the guidance provides flexibility. The audit must cover the entire operations of the auditee, or, at the option of the auditee, such audit must include a series of audits that cover an auditee’s departments, agencies, and other organizational units that expended or otherwise administered federal awards during the audit period. If the federal funds are included in the single audit of a subsidiary, for example, they would not also need to be subjected to compliance auditing in the single audit of the parent, even if the parent also had a single audit including the remaining federal awards.
  1. Familiarize yourself with the Uniform Guidance, the terms and conditions of your awards, and other information available on the HHS website. Also, familiarize yourself with the OMB Compliance Supplement. Consider whether any changes to current processes are necessary to help ensure compliance with the requirements.
  1. Begin to draft your schedule of expenditures of federal awards (SEFA), which is a supplementary schedule including information on all federal awards of the entity. The SEFA is the basis for determining whether the single audit is required, and it is used by the auditors to determine which programs will be subjected to the compliance portion of the single audit. Your KSM advisor will be able to provide a template for the SEFA.
  1. Document, document, document! A big driver of success in a single audit is having the policies and procedures documented and establishing a clear audit trail that can be tested by auditors. Make sure your policies and procedures, including adequate internal controls over financial reporting and compliance, are designed appropriately and documented. In order to be able to verify these internal controls are in place and operating effectively, each key step in a process also needs documented contemporaneously as it occurs.
  1. Begin the process now. As with any audit, you’ll want to avoid surprises. So, begin preparing for your audit now.

We’re Here to Help

Additional clarification and guidance is expected from HHS on this evolving issue, and we will provide updates as more information becomes available. If you need help navigating these compliance requirements or strategizing how you can best position your organization, our team stands ready to help. Please reach out to your KSM advisor or complete this form.

Visit the KSM COVID-19 Resource Center

We're Looking for
Remarkable People

At KSM, you’ll be encouraged to find your purpose, exercise your creativity, and drive innovation forward.

Explore a Career Full of Possibilities