§ 600.405 - Internal control and compliance reviews.  

The Single Audit Act requires that the independent auditor determine and report on whether the organization has internal control systems to provide reasonable assurance that it is managing Federal assistance programs in compliance with applicable laws and regulations.

(a) Internal control review. In order to provide this assurance the auditor must make a study and evaluation of internal control systems used in administering Federal assistance programs. The study and evaluation must be made whether or not the auditor intends to place reliance on such systems. As part of this review, the auditor shall:

(1) Test whether these internal control systems are functioning in accordance with prescribed procedures.

(2) Examine the recipient's system for monitoring subrecipients and obtaining and acting on subrecipient audit reports.

(b) Compliance review. The law also requires the auditor to determine whether the organization has complied with laws and regulations that may have a material effect on each major Federal assistance program.

(1) In order to determine which major programs are to be tested for compliance, State and local governments shall identify in their accounts all Federal funds received and expended and the programs under which they were received. This shall include funds received directly from Federal agencies and through other State and local governments.

(2) The review must include the selection and testing of a representative number of charges from each major Federal assistance program. The selection and testing of transactions shall be based on the auditor's professional judgment considering such factors as the amount of expenditures for the program and the individual awards; the newness of the program or changes in its conditions; prior experience with the program, particularly as revealed in audits and other evaluations (e.g., inspections, program reviews); the extent to which the program is carried out through subrecipients; the extent to which the program contracts for goods or services; the level to which the program is already subject to program reviews or other forms of independent oversight; the adequacy of the controls for ensuring compliance; the expectation of adherence or lack of adherence to the applicable laws and regulations; and the potential impact of adverse findings.

(i) In making the test of transactions, the auditor shall determine whether:

(A) The amounts reported as expenditures were for allowable services, and

(B) The records show that those who received services or benefits were eligible to receive them.

(ii) In addition to transaction testing, the auditor shall determine whether:

(A) Matching requirements, levels of effort and earmarking limitations were met,

(B) Federal financial reports and claims for advances and reimbursements contain information that is supported by the books and records from which the basic financial statements have been prepared, and

(C) Amounts claimed or used for matching were determined in accordance with OMB Circular A-87, “Cost principles for State and local governments, and § 600.224 of subpart C, as implemented by this part.

(iii) The principal compliance requirements of the largest Federal aid programs may be ascertained by referring to the Compliance Supplement for Single Audits of State and Local Governments, issued by OMB and available from the Government Printing Office. For those programs not covered in the Compliance Supplement, the auditor may ascertain compliance requirements by researching the statutes, regulations, and agreements governing individual programs.

(3) Transactions related to other Federal assistance programs that are selected in connection with examinations of financial statements and evaluations of internal controls shall be tested for compliance with Federal laws and regulations that apply to such transactions.