It’s official: Single Audits of the Schedule of Expenditures of Federal Awards (SEFA), including Provider Relief Funds (PRF), can proceed. On August 12, 2021, the Office of Management and Budget (OMB) released the 2021 Compliance Supplement effective for audits of fiscal years beginning after June 30, 2020. It supersedes the 2020 Compliance Supplement and its Addendum. Additional addenda are expected later this year to provide guidance for new programs and subprograms established by the American Rescue Plan (ARP), as well as to revise existing program sections for ramifications from the plan. Here are some takeaways and key changes from the supplement.
Matrix of Compliance Requirements (Part 2)
Changes in the compliance requirements subject to audit are highlighted within the matrix for each specific program or assistance listing number. It is important to review this matrix, as changes may have occurred from the 2020 Compliance Supplement.
Compliance Requirements (Part 3)
Old and new compliance requirements subject to audit must be in accordance with the internal policies of the recipient. Any revisions to internal control policies must coincide with the effective date of the award received. For awards issued after the Uniform Guidance revisions effective November 12, 2020, all internal control policies must be revised so they are in accordance with the new compliance requirements. The OMB has not stated if new policy revisions can be applied to awards received before the effective date of the Part 3 revisions. Additionally, for awards issued after this date, procurement thresholds may vary due to adoption issues with the revisions. As such, the OMB has allowed increased purchase thresholds for certain agencies that issued awards after the effective date. Lastly, the Federal Funding and Accountability and Transparency Act (FFATA) reporting requirements have been carried forward from the 2020 Addendum to the 2021 Compliance Supplement. These reporting requirements extend to various COVID-19 programs, but do not apply to the Coronavirus Relief Fund (CRF).
Agency Program Requirement Changes (Part 4)
Several programs were identified as higher risk, including the Education Stabilization Fund (ESF), CRF, and PRF. Most of the ESF programs have not been updated for ARP implications. Additionally, the CRF deadline for expending funds was extended until December 31, 2021. Updates are expected for these programs in the 2021 Addenda.
As illustrated in the compliance requirement matrix, four compliance requirements are subject to the audit: Activities Allowed or Unallowed, Allowable Costs/Cost Principles, Reporting, and Special Tests and Provisions.
- Activities allowed can be in the form of actual expenses to prevent, prepare for, or respond to coronavirus or lost revenues attributable to coronavirus. Skilled Nursing Facility Infection Control expenses will be tested in addition to these allowed activities. Auditors are not expected to test lost revenues to determine if expended only for allowable activities. The definition of calculating lost revenue remains the same as set forth by the Department of Health and Human Services (HHS) Reporting Portal User Guide for auditing purposes.
- Allowable costs must agree with the award conditions, and PRF charges must be consistent and reasonable in treatment.
- While financial and performance reporting requirements are not applicable, special reporting requirements apply to this program. As outlined in another PYA insight, PRF amounts reported on a recipient’s SEFA must align with the PRF report. As such, the special reporting compliance requirement is to be tested for fiscal years ending on or after June 30, 2021, and the OMB suggests waiting to begin the compliance audit for the PRF until after the PRF report has been submitted. The OMB acknowledges that the PRF reporting entity may not coincide with the reporting entity for financial reporting purposes; therefore, the Single Audit compliance requirements must cover the entire operations and allowable activities of the entity audited. As an alternative to one audit covering the entire entity, the auditee may choose to have a series of audits conducted covering departments, agencies, and other organizational units within the entity that expended or otherwise administered federal awards. Each department, agency, and other governmental unit would need a standalone audit encompassing its financial statements and SEFA. Items defined as allowable activities above will be audited in accordance with this reporting requirement.
- Lastly, the special tests and provisions requirement will necessitate compliance testing for out-of-network patients with presumptive or actual cases of COVID-19 from January 31, 2020, to the present. Auditors are required to determine if providers billed these patients for out-of-pocket expenses in an amount greater than the in-network requirement. Auditors are required to obtain and review the recipient’s billing and collection policies over this requirement.
Appendix IV within the 2021 Compliance Supplement explains the meaning of the higher risk designation associated with many of the programs stemming from the Coronavirus Response and Relief Supplemental Appropriations Act (CRRSAA) and Coronavirus Aid, Relief, and Economic Security Act (CARES). For the “higher risk” designation to change to “low risk,” the ARP Type A program(s) must have been audited as a major program in at least one of the two most recent audit periods. As ARP was passed in March 2021, it’s safe to assume most Type A programs must be audited as major programs. A non-ARP Type A program can qualify as “low risk” if certain criteria are met in Section 200.518 of the Uniform Guidance, and the percentage of COVID-19 funding in the program or cluster during the year is not material to the program or cluster as a whole. There are no changes to the risk assessment process or prioritization for higher risk Type B programs. These factors must be considered in Section 200.519 of the Uniform Guidance.
How PYA can HELP
To learn how PYA can assist your organization with PRF compliance and Single Audit reporting, contact a PYA executive below at (800) 270-9629.