Several Single Audit related activities have occurred over the past few months including, release of the Office of Management and Budget (OMB) draft 2025 Compliance Supplement, a revised AICPA guide to Government Auditing Standard (GAS) and Single Audits, and new requirements dictated by Executive Orders that seem to disregard the Single Audit entirely.
Significant updates to the draft 2025 Compliance Supplement were presented during COGR’s October 2025 membership meeting and the PowerPoint slides are available here. Presenters primarily noted changes reflecting Uniform Guidance (UG/2 CFR 200) revisions that went into effect October 1, 2024. As auditees will likely have expenditures from awards subject to the previous version of the UG and awards subject to the current version during fiscal year 2024-2025, and for the next few years, Single Audit testing will be more complex.
A download of the draft supplement is available on the AICPA’s website, with a free account, as is a two-hour presentation highlighting all of the changes. Members should note that AICPA presenters state that the draft Compliance Supplement is for audit planning purposes and, therefore, Single Audit reports for years subject to the 2025 supplement will not be signed and issued prior to release of the final supplement. A subsequent AICPA Governmental Audit Quality Center (GAQC) Alert included a statement that the AICPA, is "exploring alternative approaches to support members should the release be further postponed.” The official version of the supplement will be available when finalized at the Federal Audit Clearinghouse.
The AICPA GAQC also has made available its 2025 GAS – Single Audit Guide (Guide) and a series of videos describing significant changes. The first video, (GAQC) AICPA GAS-Single Audit Guide: An Overview of Big Changes Coming, is a 2 hour overview and is available with a free account. Of particular significance is the fact that the 2025 Guide’s Appendix B will become the 2026 Guide’s Part II, which provides guidance on the auditor’s responsibilities when conducting single audits. In addition to substantive changes addressed below, organizational changes were made to align the Guide with the flow of the audit process, and auditee responsibilities were removed.
Significant changes, primarily contained in chapters 11-15, include 2024 Uniform Guidance (2 CFR 200) revisions, Yellow book changes, expanded evaluation of IT applications, revised methodology for identification and assessment of Risks of Material Noncompliance (RMNC), and clarification related to testing compliance and evaluation and reporting of findings. For example, the Guide provides additional tools for auditors to assist with identification of direct and material compliance requirements, including mapping cost categories to monetary compliance categories in determining which compliance requirements are direct and material. It also guides auditors to identify the risk of material noncompliance at the audit objective level, rather than at the compliance requirement level. These and other changes and clarification will likely result in different audit procedures than in the past, which may impact audit cost, administrative burden, and audit findings.
The AICPA GAQC effort is a continuous process to improve upon the effectiveness of the Single Audit and keep guidance in line with changes in requirements. While the current system of risk management, internal controls, and audits is predominantly effective for ensuring appropriate stewardship of federal funds, it is too often disregarded. In the less frequent cases, where it isn’t effective, it should be corrected rather than eclipsed by less efficient requirements, such as Defend the Spend.
Congress, at times, recognizes the value of the Single Audit, amending the Single Audit Act as needed to update and strengthen it. For example, through the Financial Management and Risk Reduction Act, Congress strengthened the Single Audit Act by adding a requirement for OMB to designate a federal agency to conduct periodic quality analyses of single audits and to provide a summary of the result to Congress and the public and for the General Services Administration to develop tools to identify cross-governmental federal award risks.
An audit is not typically a welcome event for an institution, but inefficient, administratively burdensome alternatives are worse. Rather than requiring the Single Audit but then ignoring its results, as well as the UG requirements related to Risk Assessment (§ 200.206) and Internal Controls (§ 200.303), in determining additional financial reporting requirements, both the executive and legislative branches of the federal government should embrace the Single Audit as a model for increasing efficiency while providing appropriate oversight. The Administration should use the Financial Management and Risk Reduction Act to identify any areas for improvement in the Single Audit process and any opportunities to reduce risk. Existing additional requirements, such as Defend the Spend, should be removed and future requirements avoided unless and until the assessment required by the Financial Management and Risk Reduction Act identifies significant deficiencies.
Cindy Hope
Cindy Hope is the Director for Costing & Financial Compliance (CFC) and leads COGR’s efforts to address federal p
