Single Audit Requirements and the Consequences of Noncompliance
Understanding What Federal Auditors Examine, How Findings Escalate, and What Your Organization Can Do About It
The Single Audit is the mechanism through which the federal government verifies that non-federal entities are managing federal award funds in compliance with applicable requirements. Most organizations that receive federal grants think about audits reactively, as something that happens to them. Organizations with clean audit records think about audits proactively, as a management discipline.
This section of the 2 CFR Part 200 compliance guide covers the Single Audit threshold, what the audit covers, how auditors select programs for testing, what findings mean, and the full range of consequences that follow from noncompliance. It applies to all four audience segments covered in this guide: K-12 schools, institutions of higher education, municipal governments, and nonprofits.
The $1 Million Threshold Determines Whether a Single Audit Is Required
Section 200.501 establishes the trigger for Single Audit requirements. Any non-federal entity that expends $1 million or more in federal awards during its fiscal year must have a Single Audit conducted for that year. This threshold applies to the total of all federal awards expended across all sources, not to any single award individually.
For an organization managing multiple federal grants simultaneously, the expenditures from all of those awards aggregate toward the threshold. A nonprofit receiving a $400,000 direct federal award, a $350,000 subaward from a state-administered program, and a $300,000 subaward from a larger nonprofit pass-through entity has expended $1,050,000 in federal awards and is subject to the Single Audit requirement.
Organizations that expend less than $1 million in federal awards in a fiscal year are exempt from the formal Single Audit requirement for that year. Exemption from the audit requirement does not mean records are unavailable for review. Federal agencies, pass-through entities, and the Government Accountability Office retain the right to review records regardless of audit threshold status.
Annual audits are the standard. Biennial audits, covering both fiscal years in a two-year period, are permitted only for state and local governments required by statute to undergo less frequent audits, and for nonprofit organizations that were on biennial audit cycles between 1992 and 1995.
The Single Audit Is Not an Ordinary Financial Statement Audit
A Single Audit includes a financial statement audit conducted under Government Auditing Standards but extends substantially beyond financial statement assurance. The auditor must also perform a compliance audit of the organization's major federal programs.
The compliance portion of the Single Audit evaluates whether the organization complied with the requirements applicable to each major program. Those requirements include financial reporting, allowable costs and activities, cash management, eligibility determinations, equipment and real property management, matching and level of effort requirements, period of performance, procurement standards, program income, reporting, subrecipient monitoring, and special tests and provisions specific to each program. The applicable requirements for each program are defined in the OMB Compliance Supplement, which is updated periodically and provides auditors with program-specific guidance.
The auditor must also evaluate internal controls over compliance with major program requirements and form a conclusion about whether those controls provide reasonable assurance that the organization is complying with applicable requirements.
Major Programs Are Selected Through a Risk-Based Process
The auditor does not test every federal program. Programs are selected for major program testing through a risk-based approach defined in Section 200.518.
The process begins with a threshold calculation. In most cases, the auditor must test enough programs to cover at least 40 percent of total federal expenditures. For organizations that qualify as low-risk auditees under Section 200.520, the coverage threshold drops to 20 percent.
A low-risk auditee is an organization that has had Single Audits for each of the preceding two audit periods, submitted those audits on time, had no material weaknesses in internal control over major programs in either period, and had no modified opinions on major programs or known or likely questioned costs exceeding five percent of total federal award expenditures for any major program.
Within the 40 or 20 percent coverage requirement, the auditor must audit all programs classified as Type A programs based on expenditure size thresholds, except those assessed as low-risk. Type A programs are the larger programs by dollar value. Type B programs are the smaller ones, and only a sample are tested. Programs with certain risk indicators, including new awards, complex compliance requirements, prior findings, and significant changes in personnel or systems, receive elevated attention.
Federal agencies may also request that a program be audited as a major program even if it would not otherwise qualify under the risk-based approach. Such requests are supposed to be made at least 180 days before the end of the fiscal year to be audited.
Audit Findings Are Formal Determinations with Specific Required Content
Section 200.516 defines what an audit finding is and what it must include. A finding requires a condition, criteria, cause, and effect. The condition is what the auditor found. The criteria is the requirement that was not met. The cause is why the deficiency occurred. The effect is the impact of the deficiency, which may include actual or potential questioned costs.
Questioned costs are expenditures that the auditor believes may be unallowable but has not finally determined to be unallowable. A questioned cost becomes a disallowed cost only after the federal agency or pass-through entity issues a management decision determining that the cost was improper and must be returned.
Section 200.516 also distinguishes between material weaknesses and significant deficiencies in internal controls. A material weakness is a deficiency in internal controls such that there is a reasonable possibility that a material misstatement of the financial statements or a material noncompliance with a major program requirement would not be prevented or detected and corrected on a timely basis. A significant deficiency is less severe but still merits the attention of those charged with governance.
Repeated findings, meaning the same finding appears across two or more audit cycles, are a significant risk escalator. A first-time finding generally results in a corrective action plan and continued monitoring. A repeated finding signals to federal agencies and pass-through entities that the organization's corrective action was inadequate, and it increases the likelihood of more severe remedies.
The Corrective Action Plan Is the Organization's Response to Findings
Section 200.511 requires organizations with audit findings to submit a corrective action plan as part of the audit reporting package. The corrective action plan must address each finding individually and must identify the responsible official by name and title, the corrective action taken or planned, and the anticipated completion date.
The corrective action plan is a public document. It is submitted to the Federal Audit Clearinghouse and is accessible to any federal agency, pass-through entity, or member of the public. The quality and credibility of a corrective action plan matter. A plan that describes meaningful systemic changes demonstrates that the organization understands the root cause of the finding. A plan that promises additional staff training without addressing the underlying process weakness suggests the organization does not fully understand what went wrong.
The organization must also summarize the status of prior-year audit findings in the current-year audit package. If a prior finding has not been fully resolved, the summary must explain why and what the current status is. If the auditor determines that the summary misrepresents the status of a prior finding, the auditor must report that misrepresentation as a current-year finding.
The Federal Agency or Pass-Through Entity Must Issue a Management Decision Within Six Months
Section 200.521 requires the federal agency or pass-through entity to issue a management decision on each audit finding no later than six months after the date the Single Audit reporting package is accepted by the Federal Audit Clearinghouse. The management decision must state whether the agency agrees or disagrees with the finding, identify any required corrective actions, and establish a completion date for resolution.
For subrecipients, the pass-through entity issues the management decision rather than the federal agency. Pass-through entities that fail to issue timely management decisions are themselves in violation of Part 200, which is a risk that organizations managing subrecipient relationships need to monitor.
Management decisions on findings involving questioned costs will specify whether the costs are allowed, allowed with required corrective action, or disallowed. Disallowed costs must be returned to the federal government with interest calculated under applicable federal regulations.
The Remedies for Noncompliance Escalate in Severity
Section 200.339 establishes the full range of remedies available when a recipient or subrecipient fails to comply with the terms and conditions of a federal award. The remedies escalate from least severe to most severe and are not limited to audit findings. Any instance of noncompliance, whether identified through an audit, a monitoring visit, a performance report review, or a complaint, can trigger these remedies.
Specific conditions are the least severe remedy. A federal agency or pass-through entity may impose additional requirements on the recipient, such as requiring prior approval for certain expenditures, increasing reporting frequency, requiring additional technical assistance, or mandating an agreed-upon procedures engagement. Specific conditions are designed to correct deficiencies while allowing the award to continue.
Payment withholding is the next level. A federal agency or pass-through entity may temporarily withhold payments until the recipient takes corrective action. Payments withheld for noncompliance must be released upon subsequent compliance. When an award is suspended, payment adjustments must be made consistent with Section 200.343.
Cost disallowance is a determination that specific expenditures are unallowable. Disallowed costs must be returned to the federal government. The disallowance may cover expenditures already made and potentially cover future expenditures in the same cost category if the underlying problem is systemic.
Partial or full award termination under Section 200.340 is available when noncompliance cannot be remedied by less severe measures. The federal agency may terminate for cause when the recipient fails to comply with award terms. The federal agency may also terminate for discretionary reasons, meaning a determination that the award no longer serves federal interests, which is a remedy not limited to noncompliance findings.
Recipients have the right to object to terminations, request hearings, and appeal decisions under Section 200.342. Those procedural rights are meaningful, but an agency that follows its procedures in terminating an award for documented noncompliance will prevail in most appeals.
Suspension or debarment under 2 CFR Part 180 is the most severe remedy. A suspended or debarred organization cannot receive federal awards or subawards from any federal agency. For organizations whose operations depend on federal funding, this is an existential consequence. Suspension and debarment are generally reserved for fraud, willful mismanagement, criminal conduct, or a documented pattern of serious noncompliance after lesser remedies have failed. A single audit finding, even a significant one, does not typically result in suspension or debarment absent aggravating factors.
Audit Report Submission Has a Defined Timeline and Goes to a Public Clearinghouse
Section 200.512 requires the audit reporting package to be submitted to the Federal Audit Clearinghouse within 30 calendar days after the auditor issues its report, or within nine months after the end of the audit period, whichever comes first. The FAC is accessible to the public at fac.gov, which means your organization's audit findings, corrective action plans, and management letters are publicly available to any federal agency, pass-through entity, potential funder, or interested party.
The reporting package includes the financial statements and related auditor's report, the schedule of expenditures of federal awards, the summary of auditor's results, the schedule of findings and questioned costs, the corrective action plan, and the summary schedule of prior audit findings.
Organizations that submit late have a finding for audit noncompliance. Organizations with a pattern of late submissions are flagged as higher risk in the cognizant agency's monitoring, which affects major program selection in subsequent audits.
Preparing for a Clean Audit Is an Administrative Practice, Not an Event
Organizations that consistently maintain clean Single Audits do not accomplish that by working harder during audit season. They accomplish it by maintaining the documentation, procedures, and controls required under Part 200 throughout the year, so that when the auditor arrives, the evidence of compliance already exists.
The practical checklist for audit readiness includes: written financial management procedures that are current and reflect actual practice, a complete property inventory reconciled within the past two years, procurement files documenting the competitive process and selection rationale for every purchase above the micro-purchase threshold, subaward files documenting SAM.gov verification and subrecipient monitoring activities, effort reporting documentation for personnel charged to federal awards, indirect cost rate documentation or election of the de minimis rate, and a record retention schedule that meets the three-year minimum from final report submission.
Work With The Rural Impact Group
The Rural Impact Group provides pre-audit compliance reviews, external compliance officer services, corrective action plan development, and ongoing advisory support for organizations managing federal awards across K-12 education, higher education, municipal government, and nonprofit sectors. If your organization has had findings in a prior audit cycle or is approaching the Single Audit threshold for the first time, a Rural Capacity Diagnostic is the right place to start.
If your organization needs to establish or maintain a SAM.gov registration, we provide free support for that process.
This guide reflects the current text of 2 CFR Part 200 as of May 29, 2026. It is informational in nature and does not constitute legal advice. Organizations should consult qualified compliance professionals when making compliance determinations for specific awards.