In October 2024, the OMB raised the single audit threshold to $1 million in federal expenditures. This seemingly small administrative change had massive implications: thousands of nonprofits, universities, and government agencies suddenly crossed the threshold and became subject to single audit requirements for the first time.
If you're one of them—or if you've been under the microscope for years—this guide walks you through everything: what a single audit actually examines, how to prepare your organization, what the auditors will scrutinize, and how to handle findings when they occur. By the end, you'll understand the audit cycle well enough to build a year-round compliance system that keeps you audit-ready.
Key Stat
With the new $1M threshold, approximately 500+ organizations became newly subject to single audits in 2025. The median audit cost ranges from $5K to $50K+ depending on organizational complexity and grant portfolio.
Is Your Organization Subject to Single Audit? The New $1M Threshold Explained
The first question: does your nonprofit actually need a single audit? The rule is straightforward but has important nuances.
The Threshold Test
Your organization is required to have a single audit if it expended $1 million or more in federal awards during a fiscal year. "Federal awards" includes federal grants, loans, loan guarantees, and cooperative agreements.
But here's the catch: the threshold applies to total federal expenditures across all funding sources. This means if you receive a $600K HUD grant, a $300K education grant, and a $150K HHS grant in the same fiscal year, you've crossed the $1M line and need an audit—even if no single grant was that large.
What Counts (and What Doesn't)
- Counts: Federal grants, federal portion of matching funds, federal loans and loan guarantees, indirect costs from federal awards
- Doesn't count: State funds, local funds, private donations, program revenues from non-federal sources, Medicaid (except certain circumstances)
Special Circumstances
Some organizations spend federal money but may qualify for exemptions or alternatives:
- Tribal governments: Must have single audit if $500K+ in federal awards
- Non-federal entities spending under $1M: Must still track federal spending in case they cross the threshold mid-year
- Pass-through entities: If you're a state that distributes federal funds to subrecipients, you're responsible for overseeing their audits, not conducting a single audit yourself
⚠️ Important Timing
The audit requirement is based on your fiscal year, not calendar year. A nonprofit with a July-June fiscal year that expends $1.1M by June 30, 2026 must have a single audit performed by March 31, 2027. Plan accordingly.
If you're uncertain whether you meet the threshold, calculate your total federal expenditures for your most recent fiscal year. Still unsure? Your auditor can help you make that determination.
What Does the Single Audit Actually Examine?
A single audit is more comprehensive than a typical financial statement audit. It's designed to ensure federal funds were spent legally, effectively, and in accordance with grant terms.
The Three Core Components
1. Schedule of Expenditures of Federal Awards (SEFA)
The SEFA is your roadmap. It lists every federal award your organization received, the amount, and how much was actually spent. Auditors verify that the SEFA is accurate and complete.
What gets audited:
- Are all federal awards listed?
- Do the amounts match grant agreements and federal tracking documents?
- Are expenses properly classified by program?
- Are indirect costs calculated correctly?
2. Compliance Audit (Major Programs)
The auditor identifies your "major programs"—typically the largest federal awards—and performs deep-dive compliance testing. They're looking for violations of federal regulations, grant terms, and OMB requirements.
Major programs usually include:
- Any single program representing 10%+ of total federal expenditures
- Any single program exceeding $3M
- At least 20% of total federal expenditures across all programs
3. Internal Control Assessment
The auditor evaluates your organization's control systems: do you have adequate processes to prevent and detect fraud, waste, and abuse? This includes financial controls, grant administration procedures, and documentation systems.
Common Audit Procedures
During fieldwork, auditors will:
- Test sample transactions for compliance with federal requirements
- Verify time and effort records support salary expenses
- Review procurement practices against federal rules
- Examine subrecipient monitoring files
- Verify indirect cost allocation methodologies
- Test match/cost-share contributions
Pro Tip: The "Risk Assessment"
Auditors assess your organization for fraud risk before starting fieldwork. Being transparent, showing strong controls, and having organized documentation all lower your perceived risk—which means less intensive (and less costly) testing.
The Most Common Audit Findings and How to Avoid Them
After reviewing hundreds of single audit reports, patterns emerge. These five findings appear consistently across nonprofits of all sizes:
1. Time & Effort Reporting Deficiencies
What auditors look for: Employee time allocations to federal programs must be supported by contemporaneous records (timesheets, activity logs, etc.), not retroactive estimates.
How to avoid it:
- Implement a time tracking system where employees log hours to grants monthly or quarterly
- For salaried employees, document allocation percentages at hire or assignment
- Review and approve time reports monthly, not quarterly or annually
- Keep timesheets for at least 7 years (federal requirement)
2. Procurement Violations
What auditors look for: Did you follow competitive bidding rules, procurement documentation, and vendor selection procedures?
How to avoid it:
- Create a procurement policy with clear thresholds for competitive bidding
- Document solicitation and selection process for all significant purchases
- Maintain records showing why the selected vendor was chosen
- Train staff on procurement rules—especially leadership
3. Inadequate Subrecipient Monitoring
What auditors look for: If you pass federal money to other organizations, did you monitor their compliance? This is YOUR responsibility regardless of what the subrecipient does.
How to avoid it:
- Create a subrecipient monitoring plan that includes desk reviews and site visits
- Require subrecipients to provide time records, procurement documentation, and compliance certifications
- Conduct site visits at least annually for high-risk subrecipients
- Document all monitoring activities and findings
4. Missing or Inadequate Documentation
What auditors look for: For every expense charged to a federal grant, can you produce supporting documentation?
How to avoid it:
- Create a grants accounting manual with documentation requirements for each expense category
- For personnel: timesheets, salary records, and position descriptions
- For equipment: invoices, capitalization records, and depreciation schedules
- For services: contracts, statements of work, and evidence of delivery
5. Indirect Cost Issues
What auditors look for: Is your indirect cost rate calculated correctly? Are indirect costs allocated fairly and documented properly?
How to avoid it:
- Review and recalculate your indirect cost rate annually
- Maintain detailed allocation documentation showing how indirect costs are distributed
- If your rate changes materially, notify federal agencies and negotiate an updated rate
- Keep auditors informed if you use multiple rates for different funding sources
Building Your Audit-Ready Documentation System Year-Round
You can't build an audit-ready organization overnight. It requires systematic, year-round effort. Here's the infrastructure to put in place:
The Three-Layer Documentation System
Layer 1: Transaction Level
Every federal expense must be supported by documentation that shows what was purchased, from whom, how much it cost, and why it's allowable.
- Personnel: Timesheets (monthly), payroll records, position descriptions
- Supplies/Equipment: Purchase orders, invoices, receiving reports, allocation records
- Services: Contracts, statements of work, evidence of delivery, invoices
- Travel: Advance authorizations, receipts, trip reports showing business purpose
Layer 2: Program Level
At the program level, you need documentation that ties back to the grant terms and performance expectations.
- Grant agreement and any amendments
- Budget vs. actual spending reports (monthly)
- Program performance metrics and progress reports
- List of employees and contractors working on the grant
- Indirect cost allocation worksheet
- Subrecipient monitoring documentation (if applicable)
Layer 3: Organization Level
These are your compliance policies and procedures:
- Procurement policy
- Grants accounting manual
- Time and effort policy
- Conflict of interest policy
- Whistleblower and fraud reporting policy
- Travel and expense reimbursement policy
- Indirect cost allocation methodology
The Audit File: What to Prepare
Six months before your audit, begin organizing a central "audit file" that contains:
| Document Type | What to Include | Storage Format |
|---|---|---|
| Schedule of Expenditures (SEFA) | All federal awards with amounts, grant numbers, fiscal year | Excel spreadsheet with supporting grant agreements |
| General Ledger | Chart of accounts coded by grant and expense category | Exported from accounting system |
| Bank Reconciliations | Monthly reconciliations for all accounts | PDF or scanned documents |
| Policy Documentation | Procurement, accounting, travel, time reporting policies | Digital copies with approval dates |
| Indirect Cost Allocation | Rate calculation, allocation methodology, documentation | Spreadsheet with supporting schedules |
| Subrecipient Files | Agreements, monitoring reports, audit reports, findings | Organized by subrecipient in a shared drive or folder |
Software Recommendations
Consider using grants management software (like grants.club) to automatically track spending, flag compliance issues, and generate audit-ready reports. For smaller nonprofits, even a well-organized shared drive with clear file naming conventions works.
Choosing Your Auditor: What to Look For and What to Pay
Not all auditors are created equal. Some specialize in nonprofit single audits; others treat them as a commodity service. Your choice of auditor significantly impacts your audit experience and cost.
Red Flags in Auditor Selection
- Auditor has never conducted a single audit (or very few)
- Quotes seem unrealistically low (under $3K for a complex organization)
- They can't reference recent nonprofit clients
- They don't ask detailed questions about your operations, grants, and controls
- No mention of understanding federal compliance requirements (OMB Uniform Guidance, etc.)
Green Flags in Auditor Selection
- CPA firm with specific nonprofit/government audit practice
- References from similar organizations (size, mission type, complexity)
- Detailed engagement letter explaining scope, timing, and deliverables
- Clear understanding of your specific funding sources and compliance requirements
- Willingness to communicate with grant managers and finance staff separately
- Experience with your funding sources (HUD, NSF, DOJ, etc.)
Understanding Audit Costs
Questions to Ask Your Auditor
- How many single audits have you performed in the past 3 years?
- Have you audited organizations with my funding mix (specific agencies)?
- What findings have you identified most frequently in similar organizations?
- What documentation issues do you most commonly encounter?
- How do you communicate findings during the audit (exit meetings, progress calls)?
- What support do you provide for developing corrective action plans?
- Are there specific areas of concern with our organization based on the engagement letter?
The auditor isn't just a checkbox—they should be a partner in strengthening your compliance systems. A good auditor will offer practical recommendations beyond finding issues.
The Audit Process Step-by-Step: From Fieldwork to Management Letter
Understanding the timeline helps you prepare properly. A typical single audit spans 4–6 months from fieldwork start to final report.
Phase 1: Planning (Month 1)
What happens: The auditor reviews your organization, grants, and prior audit history. They assess risk and plan which areas to test.
Your role: Provide access to grants files, accounting records, policies, and key staff. Be transparent about any known compliance issues or concerns.
Phase 2: Fieldwork (Months 2–3)
What happens: Auditors visit your office, examine records, interview staff, and perform testing. They'll:
- Test sample transactions for compliance
- Review time and effort records
- Examine procurement files
- Test internal controls
- Verify subrecipient monitoring
Your role: Have organized files ready, make staff available for interviews, provide explanations for any unusual items they question.
Phase 3: Exit Meeting (Month 3)
What happens: The auditor presents preliminary findings and discusses any potential compliance issues. This is NOT the final report—just the discussion.
Your role: Listen, ask questions, clarify facts. Don't get defensive—this is a discussion, not a judgment.
Phase 4: Remediation & Responses (Months 3–4)
What happens: You provide responses to any findings. You can dispute findings, provide additional information, or commit to corrective actions.
Your role: Develop thoughtful, realistic responses. If there's a finding, explain what happened and what you'll do to prevent it. Coordinate with your auditor if needed.
Phase 5: Final Report (Month 4–5)
What happens: The auditor issues the final audit report, which includes:
- Financial statements and schedules
- Management letter (control recommendations)
- Compliance findings (if any) with your responses
- Summary of audit results
Phase 6: Filing & Follow-up (Month 5–6)
What happens: The audit is filed with the Federal Audit Clearinghouse and made publicly available. Your grants officers and the public can access it.
Your role: Begin implementing corrective actions immediately. Track progress and report to auditors as needed.
⚠️ The Nine-Month Submission Deadline
Single audits must be filed with the Federal Audit Clearinghouse within 9 months of your fiscal year-end. If your fiscal year ends June 30, 2026, your audit must be filed by March 31, 2027. Missing this deadline triggers federal notification and potential grant penalties.
What Happens When Findings Are Identified: Types and Severity
A finding doesn't necessarily mean you did something wrong. It means the auditor documented something that didn't align with federal requirements or your policies. Here's how to interpret findings and respond appropriately.
Types of Findings
Material Weakness
What it is: A significant deficiency in internal controls that could result in a material misstatement of financial statements or federal compliance.
Example: Your accounting system has no segregation of duties—one person enters, approves, and reconciles all transactions. This creates high fraud risk.
Impact: Federal agencies take these seriously. You may face increased monitoring or loss of federal funding eligibility until corrected.
Significant Deficiency
What it is: A deficiency in internal controls that is less severe than a material weakness but still important to fix.
Example: Your organization lacks a formal procurement policy, leading to inconsistent vendor selection practices.
Impact: Moderate concern. You're expected to develop a corrective action plan and implement it within a reasonable timeframe.
Compliance Finding (Non-Compliance with Federal Requirement)
What it is: You didn't follow a federal rule or grant term requirement.
Example: You charged employee time to a federal grant without contemporaneous timesheets to support the allocation.
Impact: The finding documents the violation and your corrective action plan. Depending on severity and amount of money involved, the federal agency may ask for repayment.
Questioned Cost
What it is: An expense that the auditor questions whether it's allowable under federal rules. It's "questioned" pending agency determination, not definitively disallowed.
Example: You charged $10,000 in meals to a federal grant without documentation showing it was a legitimate program expense rather than staff entertainment.
Impact: You're asked to provide documentation or explanation. If the agency agrees it's not allowable, you may owe repayment.
Single Audit vs. Post-Closeout Audits
Important: The single audit happens once per year, but federal agencies can conduct post-closeout audits up to 7 years after a grant ends. The clock doesn't stop after your single audit is filed.
This means an expense questioned in a 2018 grant can still be examined in 2025 if federal agencies initiate a post-closeout audit. Always maintain grant files for at least 7 years.
Finding vs. Non-Finding
If the auditor identifies a compliance issue, they document it as a finding. If auditors test a sample and find everything compliant, nothing is reported—that's not a "non-finding," it's simply no finding. A clean audit report means no findings.
Corrective Action Plans That Actually Work
A corrective action plan (CAP) is your written response to audit findings. A weak CAP gets challenged by auditors and agencies. A strong CAP demonstrates you understand the problem and have a realistic solution.
Elements of a Strong CAP
-
Acknowledgment of the issue: Show you understand what the problem was and why it matters.
"We acknowledge that employee time charged to the federal grant was not supported by contemporaneous timesheets. Three employees charged time without documented allocation records, resulting in $15,000 of questioned costs."
-
Root cause analysis: Explain what caused the problem. Don't blame individuals; identify systemic issues.
"Root cause: The organization had no formalized time tracking system. Employees estimated hours at period-end rather than logging time contemporaneously. Grant managers were not trained on OMB time and effort documentation requirements."
-
Corrective action: Describe the specific steps you'll take to prevent recurrence. Be concrete and measurable.
"By [specific date], we will implement a monthly time tracking system where all employees allocate hours to grants and cost centers. Time entries will be reviewed and approved by department managers within 5 days of month-end. Our Grants Manager will conduct training in [month] for all staff on time documentation requirements."
-
Implementation timeline: Give realistic dates. Don't promise fixes in 30 days if you need 90.
"June 2026: Select and implement time tracking software. July 2026: Train all staff. August 2026: Run parallel system (new system + old method) to verify accuracy. September 2026: Full implementation and monitoring."
-
Responsible party: Name the person overseeing the corrective action. This creates accountability.
"Responsible party: Director of Finance & Compliance, with oversight from Executive Director and Board Audit Committee."
-
Monitoring/Follow-up: Describe how you'll verify the corrective action is working and sustained.
"Beginning in October 2026, the Grants Manager will conduct monthly reviews of time sheets for a sample of 25% of grants to verify compliance. Quarterly reports will be provided to the Board Audit Committee."
Repayment of Questioned Costs
If your organization must repay questioned costs, here are your options:
- Pay immediately: Write a check to the federal program and provide documentation to the auditor/agency
- Negotiate a repayment plan: If the amount is significant, contact the grant officer and negotiate a repayment schedule
- Dispute the finding: If you disagree with the auditor, you can formally dispute it in writing. The agency makes the final determination
Don't ignore questioned costs hoping they'll go away. Federal agencies track audit findings and questioned costs across years. Addressing them promptly protects your organization's reputation and funding eligibility.
Timeline: Your 9-Month Pre-Audit Preparation Calendar
Don't wait until March (when your audit might be starting) to prepare. Use this month-by-month timeline to build audit readiness throughout the year.
Audit Planning & Auditor Selection
Issue RFPs or reach out to 2–3 audit firms. Request proposals based on your organization size and federal spending. Make auditor selection by this point so planning can begin.
Policy & Documentation Review
Review and update all grant-related policies: procurement, time reporting, travel, indirect costs. Ensure policies are documented and reflect actual practices. If practices differ from policy, update the policy.
Accounting System Audit
Have your finance team review the chart of accounts and grant coding. Verify that all grants are coded consistently and separable in the accounting system. Fix any coding issues before fiscal year-end.
File Preparation Begins
Start organizing the audit file: SEFA (Schedule of Expenditures), bank reconciliations, prior audit reports, and grant agreements. Create a shared folder structure that mirrors the audit file organization.
Indirect Cost & SEFA Review
Recalculate your indirect cost rate if you haven't in 12 months. Prepare a draft SEFA with all federal awards and estimated expenditures. Verify grant amounts and restrictions.
Compliance Testing
Conduct an internal compliance walkthrough. Select a few transactions from each grant and verify they have supporting documentation. Flag any gaps before the auditor discovers them.
Subrecipient Monitoring Documentation
If you have subrecipients, gather all monitoring files: site visit reports, desk reviews, audit compliance certifications. Ensure all subrecipient single audits (if required) are on file.
Grant File Completion
Complete fiscal year closeout for all grants: final expenditure reconciliation, final reports to funders, any post-closeout documentation. Update SEFA with final numbers.
Pre-Audit Meeting with Auditor
Meet with your auditor to review scope, staffing availability, access to systems, and any known issues. Provide the updated SEFA and preliminary financial statements. Answer the auditor's planning questions.
Fieldwork Begins
Make staff available, provide requested documents promptly, and maintain clear communication with the audit team. Stay organized and responsive—it reduces audit time and cost.
Frequently Asked Questions About Single Audits
Yes, if you're below the $1M threshold, you don't need a single audit. However, individual grant agencies can still require audits as a condition of funding, so check your grant terms. Additionally, if you're close to the threshold, be prepared—crossing it mid-year triggers an audit requirement for that fiscal year.
Single audit reports are filed with the Federal Audit Clearinghouse and become public record. They're searchable and accessible to grant officers, vendors, and the public indefinitely. However, once you issue a corrective action plan and implement it successfully, the finding is resolved. New auditors and grant officers look at whether findings were corrected, not just whether they existed.
A financial statement audit ensures your financial statements are accurate. A single audit includes financial statement audit PLUS federal compliance testing. It's more comprehensive and more expensive because it's designed specifically for organizations receiving federal funding.
Not always. Questioned costs are subject to agency determination. You have the right to respond and provide additional documentation. If you believe the cost is allowable, document your position. If the agency ultimately disallows it, repayment is typically required, though you can negotiate timing with large amounts.
Yes. In fact, continuity is valuable—auditors familiar with your organization's systems can work more efficiently. However, federal rules require auditor rotation every 5 years for certain organization types. Consult your auditor about rotation requirements.
Ready to Build Audit Readiness Into Your Organization?
Single audits don't have to be stressful. With documented processes, organized files, and proactive preparation, you'll move through the audit smoothly and confidently protect your federal funding.
Start with the 9-month timeline above and build a compliance culture that makes audits routine, not crisis management.
Explore Grants Management ToolsFinal Thoughts: The Path to Audit Confidence
Single audits are a reality for nonprofit grant managers, but they don't have to be a nightmare. The organizations that navigate them most successfully share common traits:
- They treat compliance as ongoing: Not an annual event, but a year-round practice
- They invest in systems: Whether software or spreadsheets, organized documentation saves money and stress
- They choose auditors wisely: Finding an auditor who understands your funding sources and mission is worth the effort
- They see audits as learning opportunities: Findings aren't punishments; they're signals for improvement
- They respond professionally to findings: Swift, thoughtful corrective action plans demonstrate your organization's commitment to stewardship
If you've recently crossed the $1M threshold or are facing your first single audit, take a breath. Follow the preparation timeline, build your compliance infrastructure, and trust that clear records and organized processes will carry you through. Your federal funders want you to succeed—they're providing funds to support your mission, not to catch you in compliance violations. Show up prepared, and you'll prove yourself a responsible steward of federal resources.
Your single audit doesn't define your organization's quality or integrity. Your response to it does.