What Is a Single Audit?
A single audit is a rigorous, organization-wide audit of an entity that expends $750,000 or more in federal awards during its fiscal year. Established under 2 CFR Part 200, Subpart F (formerly governed by OMB Circular A-133), the single audit consolidates the audit of federal expenditures into one comprehensive engagement rather than requiring separate audits for each federal program. The result is a single set of financial statements, a single report on internal controls, and a single schedule of findings — hence the name.
The single audit requirement applies to all non-federal entities that receive and expend federal funds: states, local governments, tribal governments, nonprofit organizations, and institutions of higher education. For healthcare organizations like HRSA Section 330 grantees, community action agencies receiving CSBG funds, and tribal health organizations managing ISDEAA contracts, the single audit is typically an annual obligation — and one of the most consequential compliance events on the calendar.
The $750,000 Expenditure Threshold
The threshold that triggers a single audit is $750,000 in federal awards expended during the entity's fiscal year. This was raised from $500,000 when the Uniform Guidance (2 CFR 200) took effect in December 2014. Several key points about the threshold are frequently misunderstood:
- Expenditures, not awards. The threshold is based on the amount of federal funds your organization actually spends during the fiscal year, not the total amount awarded. An organization with a $2 million award that only draws down $600,000 in a given year does not trigger the requirement for that year.
- All federal sources combined. The $750,000 threshold aggregates expenditures across all federal programs. An organization spending $400,000 in HRSA funds and $400,000 in SAMHSA funds has $800,000 in federal expenditures and must complete a single audit.
- Pass-through funds count. Federal funds received as a sub-recipient (passed through a state agency or intermediary) count toward the threshold just as direct federal awards do. If your organization receives $300,000 directly from a federal agency and $500,000 through a state pass-through of federal funds, you have $800,000 in federal expenditures.
- COVID-era supplemental funding. Many organizations that historically fell below the threshold crossed it during 2020–2023 due to CARES Act, ARPA, and other supplemental federal funding. Some of these organizations had never undergone a single audit before and were unprepared for the compliance requirements.
Organizations below the threshold are exempt from the single audit requirement but are not exempt from maintaining adequate financial records. Federal awarding agencies and pass-through entities retain the right to arrange for audits of any entity that receives federal funds, regardless of the expenditure level. Many organizations just below the threshold voluntarily undergo program-specific audits or agreed-upon procedures engagements to demonstrate stewardship.
Single Audit vs. Financial Statement Audit
Grants managers and board members sometimes confuse the single audit with a standard financial statement audit. While the single audit includes a financial statement audit component, it goes significantly further. Understanding the distinction is essential for budgeting, timeline planning, and scope discussions with your audit firm.
| Element | Financial Statement Audit | Single Audit |
|---|---|---|
| Scope | Financial statements as a whole | Financial statements + federal award compliance |
| Standards | GAAS (Generally Accepted Auditing Standards) | GAAS + GAGAS (Government Auditing Standards) + 2 CFR 200 Subpart F |
| Internal controls | Report on controls over financial reporting | Report on controls over financial reporting + controls over compliance for each major program |
| Federal award testing | None | Detailed testing of compliance requirements for major programs |
| SEFA required | No | Yes — Schedule of Expenditures of Federal Awards |
| Filing requirement | Provide to board, funders as required | Submit to Federal Audit Clearinghouse (FAC) within the earlier of 30 days after receipt or 9 months after fiscal year end |
| Typical cost | $15,000–$50,000 | $30,000–$100,000+ (varies by size, number of major programs) |
The additional cost of a single audit over a financial statement audit is driven by the compliance testing component. Your auditor must test each major federal program against up to 12 compliance requirements defined in the OMB Compliance Supplement. This testing requires significant sample selection, document requests, and substantive procedures that simply do not exist in a standard financial statement audit.
Who Performs the Single Audit?
The single audit must be performed by an independent certified public accountant (CPA) or a licensed public accounting firm. Under 2 CFR 200.509, the auditor must meet the independence standards of the Government Accountability Office (GAO) as codified in Government Auditing Standards (commonly known as the “Yellow Book”). This is a higher independence standard than what applies to commercial audits and imposes restrictions on the non-audit services an audit firm can provide to the auditee.
Critically, the auditor must also have undergone a peer review under the AICPA's Peer Review Standards within the most recent three-year cycle. The peer review must include a government audit engagement. When selecting an audit firm, you should request a copy of the most recent peer review report and verify that the firm received a pass rating. Firms that receive a rating of pass with deficiency(ies) or fail on their peer review may lack the competency to properly execute a single audit.
Experience matters. A firm that routinely audits nonprofits receiving HRSA, ACF, or SAMHSA funding will understand the nuances of health center compliance, CSBG program requirements, and behavioral health grant conditions in ways that a general-practice firm will not. Ask prospective auditors how many single audits they perform annually, which federal programs they most commonly audit, and whether they have experience with the specific Assistance Listing Numbers (ALNs) that apply to your grants. For detailed guidance on auditor selection, see our preparation guide.
How a Single Audit Works: The Major Steps
The single audit follows a structured process defined by 2 CFR 200, Subpart F and the AICPA's audit guide. While every engagement is different, the major steps are consistent:
- 1. Financial statement audit. The auditor performs a full audit of your organization's financial statements under Generally Accepted Auditing Standards (GAAS) and Government Auditing Standards (GAGAS). This produces an opinion on the financial statements and a report on internal controls over financial reporting.
- 2. SEFA preparation and audit. Your organization prepares the Schedule of Expenditures of Federal Awards (SEFA), listing every federal program from which you expended funds during the fiscal year. The auditor verifies that the SEFA is materially complete and accurate, and issues an opinion on it as supplementary information.
- 3. Major program determination. The auditor identifies which federal programs qualify as “major programs” using a risk-based approach. Programs are classified as Type A (larger programs based on dollar thresholds) or Type B (smaller programs), and the auditor applies risk criteria to determine which Type A programs are tested and whether any Type B programs are elevated to major program status.
- 4. Compliance testing. For each major program, the auditor tests compliance against the requirements identified in the OMB Compliance Supplement. There are 12 possible compliance requirement categories, though not all apply to every program. The auditor also evaluates internal controls over compliance for each major program.
- 5. Reporting. The auditor issues a suite of reports: the opinion on financial statements, the report on internal controls and compliance (under GAGAS), the opinion on the SEFA, the report on compliance for each major program, and the schedule of findings and questioned costs. These reports are packaged together as the single audit reporting package.
- 6. FAC submission. The completed reporting package — including the SF-SAC (Data Collection Form) — must be submitted to the Federal Audit Clearinghouse (FAC) within the earlier of 30 calendar days after receipt of the auditor's reports or 9 months after the end of the audit period. The FAC is now managed by the U.S. General Services Administration (GSA) and is accessible at fac.gov.
The Federal Audit Clearinghouse (FAC)
The Federal Audit Clearinghouse is the central repository for all single audit reporting packages. Managed by GSA (the FAC transitioned from the Census Bureau to GSA in 2023), the FAC serves as the public-facing database that federal agencies, pass-through entities, and the public use to review audit results for any entity receiving federal funds.
The submission process involves completing the SF-SAC (Data Collection Form for Reporting on Audits of States, Local Governments, and Non-Profit Organizations) and uploading the full audit reporting package as a single PDF. The SF-SAC captures structured data about your organization, the federal programs audited, the audit findings, and the auditor's conclusions. Both the auditee and the auditor must certify the submission — this is a joint responsibility.
Late or missing FAC submissions are themselves a compliance violation. Federal awarding agencies monitor FAC submission timeliness, and a pattern of late filings can trigger additional monitoring or conditions on future awards. Pass-through entities are also required to monitor sub-recipient audit compliance and may withhold funding if audit reports are not filed on time. For organizations that serve as intermediaries managing sub-awards, tracking sub-recipient audit filings is a critical compliance function.
The 12 Compliance Requirements
The OMB Compliance Supplement — published annually and available on the White House Office of Management and Budget website — defines 12 categories of compliance requirements that auditors must consider when testing major programs. Not all 12 apply to every program; the Supplement identifies which requirements are relevant for each Assistance Listing Number. The 12 categories are:
| Letter | Compliance Requirement | What Auditors Test |
|---|---|---|
| A | Activities Allowed or Unallowed | Whether costs charged to the program are allowable |
| B | Allowable Costs/Cost Principles | Whether costs meet the cost principles in 2 CFR 200 Subpart E |
| C | Cash Management | Whether drawdowns match expenditure timing and minimize federal cash on hand |
| E | Eligibility | Whether only eligible individuals or organizations receive benefits |
| F | Equipment and Real Property Management | Whether equipment purchased with federal funds is properly managed and tracked |
| G | Matching, Level of Effort, Earmarking | Whether match requirements and spending minimums/maximums are met |
| H | Period of Performance | Whether costs are charged within the authorized budget/project period |
| I | Procurement and Suspension and Debarment | Whether procurement follows 2 CFR 200 standards and vendors are not debarred |
| J | Program Income | Whether program income is properly accounted for and used per award terms |
| L | Reporting | Whether required reports (SF-425, progress, etc.) are accurate and timely |
| M | Subrecipient Monitoring | Whether pass-through entities properly monitor sub-recipients |
| N | Special Tests and Provisions | Program-specific requirements unique to the Assistance Listing |
For most healthcare organizations, the compliance requirements that generate the most findings are Activities Allowed/Unallowed (A), Allowable Costs (B), Reporting (L), and — for organizations that pass federal funds through to sub-recipients — Subrecipient Monitoring (M). Understanding which requirements apply to your specific programs is essential for audit preparation. The full regulatory framework is covered in our 2 CFR 200 guide.
Consequences of a Clean Audit vs. Audit Findings
A “clean” single audit — one with unmodified opinions on both financial statements and major program compliance, no material weaknesses, and no findings — is the goal. A clean audit demonstrates to federal agencies that your organization is managing federal funds responsibly and operating effective internal controls. It can reduce future monitoring requirements and position your organization favorably for competitive grant applications.
When findings do appear, they are categorized by severity and type. Material weaknesses in internal controls, material instances of noncompliance, and questioned costs above the $25,000 threshold require the auditee to prepare a corrective action plan and the cognizant or oversight agency to follow up on resolution. Findings reported in the single audit become part of your organization's public record on the FAC — visible to every federal agency, pass-through entity, and peer organization that looks up your audit history.
Repeat findings — the same issue appearing in consecutive audits — are particularly problematic. They signal systemic weaknesses that your organization has failed to address and can trigger escalated federal monitoring, special conditions on awards, withholding of funds, or in extreme cases, suspension or termination of federal funding. The impact on future funding competitiveness can persist for years. For healthcare organizations, where federal funding underpins core service delivery, a pattern of audit findings represents an existential organizational risk.
SAM.gov and the Single Audit
Your organization's SAM.gov registration is connected to the single audit in several ways. The Unique Entity Identifier (UEI) used in SAM.gov is the same identifier used in the SF-SAC filing. Your organization's SAM.gov registration must be current and accurate at the time of FAC submission. Discrepancies between the legal name, address, or EIN in SAM.gov and the audit reporting package will cause FAC rejections. Additionally, federal agencies may review your FAC filing history as part of pre-award risk assessments during the grant application process.
How This Guide Is Organized
This guide is structured to help grants managers and CFOs navigate the single audit from start to finish. The hub overview (this page) covers what a single audit is, who it applies to, and how it differs from a financial statement audit. The child pages dive deep into the two phases that organizations find most challenging: preparing for the audit and responding to findings after it concludes.