Single Audits and Peer Reviews An Update on Recent Changes

Transcription

1 Single Audits and Peer Reviews An Update on Recent Changes John Fisher, CPA Nancy Miller, CPA John Fisher, CPA John Fisher is the Technical Manager for Office and Management and Budget Circular A133 for the United States Department of Health and Human Services, Office of Inspector General, Office of Audit Services. He is a graduate of the University of Kansas and a member of the American Institute of Certified Public Accountants, Kansas Society of Certified Public Accountants, Missouri Society of Certified Public Accountants, Association of Government Accountants, Association of Certified Fraud Examiners and the American Accounting Association. John has been involved with the single audit for over 25 years and was one of the project management staff for the recent Single Audit Quality project. 2 1

2 Nancy Miller, CPA Nancy is the managing partner of the Miller Foley Group in Fredericksburg, Virginia. Ms. Miller has been practicing in public accounting for more than 25 years and has been a peer reviewer for other CPA firms quality control systems for more than fifteen years. She currently serves on the ethics technical standards subcommittee of the America Institute of Certified Public Accountants Professional Ethics Executive Committee, chairing the governmental group and investigating complaints of GAAP and GAAS violations. She currently serves on the Mary Washington Hospital Foundation Board and is Treasurer for the Fredericksburg Regional Chamber of Commerce. She is a former board member of the Salvation Army Advisory Board, the Virginia Society of CPA s ethics committee (chair), Rappahannock United Way, the Fredericksburg SPCA, Healthy Families Rappahannock Area and the George Mason University Accounting Advisory Council (chair). 3 Today's topics Federal Update John Fisher 2010 Compliance Supplement Update Update on ARRA Update on IG Task Forces formed in response to PCIE Report 4 2

3 Today s Topics Peer Review Update Nancy Miller Single Audit Quality Concerns PCIE Report Must Select change - effective 9/1/09 Revised Single Audit Checklist Part A & B effective 11/1/09 Enhanced Report Acceptance effective 6/1/10 GAO Update Peer Reviewer Resources 5 Today s Topics Cases John Fisher and Nancy Miller Non compliance with Government Auditing Standards CPE or Peer Review Missed Major Program Failed to audit program in a cluster % of Coverage Failure Failed to audit portion of major program Incorrect Low Risk Auditee Determination 6 3

4 2010 Compliance Supplement Appendix VII Other OMB Circular A-133 Advisories Identification of ARRA expenditures ARRA Major Program Determination Separate ARRA presentation Responsibilities for Informing Subrecipients Granting of Extensions Eliminated Clarification of Low-Risk Auditee Criteria Safe Harbor for Treatment of Large Loan and Loan Guarantee Programs in Type A Program Determination Compliance Supplement Appendix VII Other OMB Circular A-133 Advisories Report on the National Single Audit Sampling Project Common Deficiencies Identified in the PCIE Report 8 4

5 American Recovery and Reinvestment Act of 2009 History to Date: Recovery Act passed Feb. 2009; significant impact expected for 2010 and 2011 year-end audits Accountability and Transparency are key features of the law QCRs built into the OMB guidance results to be placed on Recovery.gov (unclear how this will be done) Auditees significantly affected by Section 1512 reporting New body, Recovery Act Transparency Board (RATB), monitoring activity and looking for fraud, waste, and abuse Much more interest in single audits by federal agencies and Congress 9 ARRA and CFDA Numbers Federal agencies are required to specifically identify ARRA awards, regardless of whether the funding is provided under a new or existing CFDA number. The CFDA number should be included in the grant award documents. 10 5

6 CFDA Numbers Federal agencies will use new CFDA numbers for new ARRA programs or for existing programs for which the ARRA provides for compliance 11 CFDA Numbers Federal agencies may or may not use a new CFDA number for ARRA awards to existing Federal programs. 12 6

7 ARRA Programs not subject to A-133 Build America Bonds Subsidy payment should not be included on the Schedule of Expenditures of Federal Awards (SEFA) therefore not included in the scope of the single audit COBRA Tax credits to employers should not be presented by auditees on the SEFA, and they should not be included in the scope of the single audit 13 Effect of ARRA Awards on Major Program Determination - Clusters Clusters of programs specifically listed in the Supplement with a new ARRA CFDA number added during the current year that also has current year expenditures, should be considered a new program and would not qualify as a low-risk Type A program Cluster will not meet the requirement of having been audited as a major program in at least one of the two most recent audit periods as the Federal program funded under the ARRA did not previously exist The Research and Development cluster (R&D) is not subject to this guidance due to its nature (e.g. CFDA numbers are not listed in Supplement for R&D and in some cases R&D is not assigned a CFDA number.) The Student Financial Aid (SFA) Cluster is also not subject to this guidance. 14 7

8 Effect of Expenditures of ARRA Awards on Major Program Determination Even though a Type A program otherwise meets the criteria as low-risk under Section 520(c) of OMB A- 133, due to the inherent risk associated with the transparency and accountability requirements governing expenditures of ARRA awards, any program or cluster with expenditures of ARRA awards would not qualify as a low-risk Type A Even a de minimus amount of ARRA expenditures would not support identifying the program as low risk. See next slide for exception However SFA excluded from this guidance 15 Effect of ARRA Awards on Major Program Determination Type A Programs (Continued) However, the auditor may consider a Type A program or cluster to low-risk if all of the following conditions are met: (1) Program or cluster had ARRA expenditures in the prior audit period. (2) Program or cluster was audited as a major program in the prior audit period. (3) ARRA expenditures in the current audit period are less than 20% of the local program or cluster expenditures, and (4) Auditor has followed Section 520(c) of OMB A-133 and determines that the program or cluster is otherwise low-risk. 16 8

9 Effect of ARRA Awards on Major Program Determination Type A Example 2009 State Fiscal Stabilization 2010 State Fiscal Stabilization Fund (SFSF) Fund (SFSF) Audited as a Major Program Can this be assessed as a low No Control Deficiencies risk Type A in 2010? No Noncompliance CFDA Program Name ARRA- Education Stabilization Expenditures $1,000,000 CFDA Program Name ARRA- Education Stabilization Expenditures $2,000,000 NO - Did not meet 1 of the 4 criteria to be assessed as low risk: Criteria #3 from previous slide was not meet because the current year ARRA expenditures are more than 20% of program 17 Effect of ARRA Awards on Major Program Determination Type B Programs The auditor should consider all Type B programs and clusters with expenditures of ARRA awards to be programs of higher risk in accordance with Section 525(d) of OMB Circular A-133 The presumption is that Type B programs or clusters with ARRA expenditures would be audited as major when applying the provisions of Section 520(e)(2) However, the auditor is not precluded from selecting an especially risky Type B program that does not contain ARRA expenditures to audit as major program in lieu of a Type B program or cluster with ARRA expenditures 18 9

10 Schedule of Expenditures of Federal Awards (SEFA) Recipients agree to maintain records that identify adequately the source and application of ARRA funds Separately identify ARRA funds on the SEFA and Data Collection Form (SF-SAC) Separate rows on SF-SAC and inclusion of the prefix ARRA- SEFA must show ARRA funds separately 19 Responsibilities for Informing Subrecipients Subawards identify at time of subaward and disbursement of funds Federal award number; CFDA number and amount of ARRA funds If awarding with an existing program must distinguish incremental ARRA funds from regular subawards Require subrecpients to include info above on SEFA Requirements apply to 1 st tier subrecipients 20 10

11 Granting of Extensions Eliminated OMB has advised all Federal agencies in Updated Guidance on the American Recovery and Reinvestment Act, dated March 22, 2010 (M-10-14), that they should not grant any extension requests to grantees for fiscal years 2009 thru Federal agencies have either already adopted or are in the process of adopting this policy. 21 Clarification of Low-Risk Auditee Criteria Effective for audits covered under this CS In order to meet the criteria for a low-risk auditee (OMB Circular A-133 _.530) in the current year, the prior two years audits must have met the requirements of OMB Circular A-133, including report submission to the FAC by the due date (OMB Circular A-133 _.320). For example, an auditee would not meet the criteria for a low-risk auditee for the fiscal year ended June 30, 2010,if the audits for either of the prior two years (2009 or 2008) were not filed with the FAC by the due date (March 31, 2009 and 2010, respectively, assuming no approved extensions

12 Clarification of Low-Risk Auditee Criteria (continued) Suggested Steps to identify FAC submissions that do not meet the due date are included in Appendix VII 23 Safe Harbor for Treatment of Large Loan and Loan Guarantee Programs in Type A Program Determination The inclusion of large loan and loan guarantees (loans) should not result in the exclusion of other programs as Type A programs When a Federal program providing loans significantly affects the number or size of Type A programs, the auditor shall consider this Federal program as a Type A program and exclude its values in determining other Type A programs 24 12

13 Safe Harbor - Impact of Loan Programs 1)Each individual program that includes loans that does not exceed four times the largest non-loan program is not considered to be large. A cluster of programs is treated as one program. 25 Safe Harbor - Impact of Loan Programs 2) Recalculation of the Type A threshold is only required to be performed when the expenditures for a loan or loan guarantee program is more than four times that of the largest non-loan program 26 13

14 Safe Harbor - Impact of Loan Programs 3) Recalculation is performed after removing the total of all large loan and loan guarantee programs 27 Impact of Loan Programs Example #1 - University Step 1 Identify the largest non-loan program Program Name Expenditures Federal Family Education Loans 299,000,000 Non-Loan Programs R&D Cluster 20,000, , ,000 Non-Loan Total 20,850,000 Total Federal Expenditures 319,850,000 Type A Threshold Calculated including loans Largest non-loan program $3,000,000 (larger of.3% or $3 million) 28 14

15 Impact of Loan Programs Example #1 (Continued) Step 2 Calculate if loan program is greater than 4X largest non-loan program: R&D - 20,000,000 X 4= 80,000,000 SFA $299,000 Do not include Recalculate threshold without SFA in Type A Calculation 29 Impact Loan Programs Example #1 (continued) Step 3 Calculate Type A Threshold R&D Cluster 20,000, , ,000 Sum of programs used to calculate Type A Re - Calculated Type A Threshold 20,850, ,500 (3% of 20,850,000) 30 15

16 Impact of Loan Programs Example #1 (continued) Type A Programs for 20XX Expenditures SFA Cluster 299,000,000 R&D Cluster 20,000, Compliance Supplement Part 3 Changes Reporting Testing 1512 reports Subrecipient monitoring Verification of subrecepients filing their A-133 s with Clearinghouse Strong push on identifying pass-through entity information on SEFA and amounts passed-through in SEFA footnotes 32 16

17 2010 Compliance Supplement Parts 4 and 5 Changes Part 4 Incorporated information from 2009 Addendum #1 Part 5 Many new clusters and additions to existing clusters Compliance Supplement R&D Changes Remember R&D definition in Section.105 Very broad 34 17

18 Update on IG Task Forces Revisions to A-133 and AICPA Guidelines to report audit findings Revisions to A-133, AICPA Audit Guide and Compliance Supplement to document required audit testing Revisions to A-133 and AICPA for audit testing and sampling Revisions to require SA training 35 Update on IG Task Forces Review of suspension and debarment process Coordination with other SA constituencies for sanctions and punitive actions for substandard audits. Uniform standards for QCRs New and Improved Single Audit 36 18

19 Impetus for Change PCIE Report IG QCR/desk review Peer review report inconsistencies Quality concerns 37 Practice Monitoring Task Force (PMTF) Areas of Focus: Establish consistent measures of A-133 deficiencies Develop guidance and training materials for peer reviewers Task Force Activities: Meeting with OIGs to discuss Peer Review process and comparing to QCR process Brainstorming session to consider comments and recommendations received from IGs 38 19

20 PMTF Actions Taken Interpretation 63-1a revised to require selection of an A-133 engagement Revision to Interpretation 63-1a (June 2009 Peer Review Alert) Effective for peer reviews commencing on or after September 1, 2009 Must-selects must include A-133 engagements No further modification to System Report must-select paragraph 39 Revised Interpretation 63-1a Peer Review Standards Interpretation 63-1a has been updated. The Peer Review Board (PRB) has revised this interpretation to require that additionally, if the engagement selected is of an entity subject to GAS but not subject to the Single Audit Act/OMB Circular A-133 and the firm performs engagements of entities subject to OMB Circular A- 133, at least one such engagement should also be selected for review

21 Revised Governmental and Not-For-Profit Audit Engagement Checklist (and Engagement Profiles) PRP Manual Section 20, 500 and 20,600 Enhanced key A-133 Single Audit Data Single Audit Major Program Determination worksheet or include current and two prior years SEFAs and Summary of Auditor s Results (from Schedule of Findings and Questioned Costs) 41 Part A & B Single Audit/A-133 Supplemental Checklists (Mandatory use effective for peer reviews commencing November 1, 2009 and after) Part A Supplemental Checklist for Review of Single Audit Act/A-133 Engagements PRP Manual Section 22100A Begin with Part A Checklist - Addresses most problematic concerns - Determination of major programs - Audit of major programs - Audit findings - Schedule of Expenditures of Federal Awards 42 21

22 Part A & B Single Audit/A-133 Supplemental Checklists Reviewer should complete Part A If there are any no answers in Part A, the reviewer is not required to complete Part B but needs to consider expanding scope as necessary per the standards If there are no no answers in Part A, the reviewer should complete Part B. Part A and Part B conclusion section at the end of Part A checklist 43 Part A No Answers Generally result in an engagement not performed in accordance with standards. Focus on areas which have been common deficiencies noted in the PCIE sampling project, Peer Review and Ethics 44 22

23 Part A Deficiencies Major Program Determination 2 year look back rule % of coverage Low risk determination Threshold calculation for major programs

24 Engagement Profile Completed by Firm Single Audit Data (from final audited financials): Total amount of federal assistance expended * $ Threshold for Type A programs $ (Were any large loan or loan guarantees excluded in determining Type A programs? Yes No) % of total federal assistance expended that was tested as major programs % Was auditee considered high risk? or low risk? 47 Engagement Profile Completed by Firm 48 24

25 Engagement Profile Completed by Firm 49 Part A Deficiencies Applicable, direct and material compliance requirements Internal control Understanding Testing - Low level of control risk Compliance testing RMNC determination 50 25

26 As a Reminder: Sample Sizes Compliance Testing for each Direct and Material Compliance Requirement Other evidence obtained - Risk assessment procedures - Important item testing Determine the risk of material noncompliance - Inherent risk assessment - Controls testing results control risk assessment 51 As a Reminder: Sample Sizes Minimum samples for populations >250 COMPLIANCE Desired Level of Assurance (Remaining Risk of Material Noncompliance) Minimum Sample Size High 60 Moderate 40 Low 25 26

27 As a Reminder: Sample Sizes Small Populations Frequency & Population Size Sample Size Quarterly (4) 2 Monthly (12) 2-4 Semimonthly (24) 3-8 Weekly (52) 5-9 Part A Deficiencies Findings and questioned costs Appropriation evaluation Presentation - Criteria, condition, cause, effect, recommendations, views of responsible officials - Questioned costs 27

28 Enhanced Report Acceptance Process Enhanced report acceptance process approved by the PRB at its Jan 2010 meeting Revisions were made to the RAB Handbook, the administrative checklist, the technical reviewer s checklist and the instructions and conclusions sections of Part A of the Single Audit Checklist For Reviews commencing on or after June 1, 2010, peer reviewer must submit the Part A Checklist and Engagement Profile Part A and engagement profile submitted to RAB; RAB can delegate the technical review of these to a technical reviewer who has 8 hours of A-133 CPE every 2 years (current technical reviewers have until 12/31/2010 to complete the 8 hours) 55 Part A Deficiencies SEFA presentation CFDA numbers ARRA presentation Pass-through information Notes re significant accounting policies Non cash assistance Reconciliation to financial statements 56 28

29 Revisions to RAB Handbook Changed Chapter 2 to require that when the RAB has delegated the review of an A-133 engagement(s) to a technical reviewer(s), he or she must complete 8 hours of CPE related to OMB Circular A-133 (Single Audits) every two years. We will be issuing guidance on documenting the RAB s decision to delegate the reviews it is suggested that the Peer Review Committee include this decision in their minutes and consider documenting it in their oversight policy submitted as part of their Plan of Administration 57 Revisions to RAB Handbook Chapter 2 to require that the engagement profile and PRP 22100, Part A, Supplemental Checklist for Single Audit Act/A-133 Engagements be submitted to the Administering Entity as part of the report acceptance process

30 Revisions to RAB Handbook Changed Exhibit 2-2, System Review, Technical Reviewer s Checklist, to include questions regarding A-133 engagement(s) and added Attachment 3 for the Review of Single Audit Act/A-133 Engagements. Changed Chapter 3 to conform to report acceptance process changes in Chapters 1 and Revisions to Administrative Checklist Updated Technical Reviewer s and Administrative Checklists have been posted to SharePoint Updated RAB Handbook and Part A, Single Audit Checklist have been posted to AICPA.org peer review site 60 30

31 Questions? Does the reviewer need to complete the entire Part A? Yes, At the Jan 2010 PRB meeting, the Board revised the Part A checklist instructions to indicate that the reviewer should complete the entire Part A. There is no longer any reference in the instructions to stopping once a no answer is reached. 61 Questions about Enhanced RAB process If the firm has both A133 and YB engagements and the reviewer did not review an A133 engagement, what should the Technical Reviewer do? If the review commenced on or after Sept. 1, 2009, the review must be rejected and the reviewer must review an A133 engagement

32 Questions? If the reviewer does not use the updated engagement profile and the updated Single Audit checklist (Part A & B), will the AE accept the outdated checklist? If the review commenced on or after Nov. 1, 2009, the reviewer must use the two part Single Audit checklist and have the firm complete the updated engagement profile. 63 Technical Update Single Audit Quality Internal Control Over Compliance Made revisions to the 2008 GAS/A133 Guide; Practice Aids illustrating related auditor documentation to be released Spring For members only on the GAQC Web site - For non-members will be available for purchase The GAQC held a member event that has been archived on the GAQC Web site (under the Resources tab) to further help you understand internal control over compliance and compliance and includes drafts of the Practice Aids 64 32

33 Technical Update Single Audit Quality SAS 74 Revisions SAS 117 Compliance Auditing Background - GAQC/ASB TF charged with reviewing SAS No. 74 and making appropriate changes/enhancements needed in response to federal study on single audit quality - New SAS issued in December in new clarity format - Clarifies auditor s responsibilities in a compliance audit performed under GAAS - States that all other auditing standards apply to compliance audits unless otherwise noted in the revised SAS - Effective date June 30, 2010, year-ends - Related GAS/A133 Guide revisions currently in process 65 Technical Update Single Audit Quality SAS 74 Revisions SAS 117 Supersedes SAS 74 to provide additional auditing guidance when an audit of compliance is performed in connection with a GAAS and GAGAS audit of financial statements (e.g., OMB Circular A-133 audit). A compliance examination performed when an audit is not required, would continue to be performed under AT

34 Technical Update Single Audit Quality SAS 74 Revisions SAS 117 revises AU sec. 801 by: clarifying its applicability. updating it for changes in the compliance audit environment. establishing a requirement for the auditor to adapt and apply GAAS, including the risk assessment and fraud standards (all of which primarily address audits of financial statements), to a compliance audit and providing guidance on how to do so. identifying the AU sections that are applicable to a compliance audit and those that are not applicable. 67 Technical Update Single Audit Quality SAS 74 Revisions SAS 117 revises AU sec. 801 by: defining terms related to a compliance audit. identifying auditor requirements that are unique to a compliance audit. providing guidance on the factors an auditor may consider in evaluating whether an entity has materially complied with the applicable compliance requirements. identifying the elements to be included in an auditor s report on compliance

35 Technical Update Single Audit Quality Other GAQC TF Activities Findings Work has been on hold Will issue comprehensive illustrative findings template Training No new activity although the notion of required training for A-133 auditors is not off of the table OMB working with federal task force to develop a potential required training curriculum GAQC will be providing feedback and input if a proposed revision to Circular A-133 is developed 69 Impact of Recovery Act In February 2009, the American Recovery and Reinvestment Act of 2009 (ARRA) was passed Approximately $300 billion additional federal funds being passed down; much of which subject to single audits Federal agencies looking at single audits as an important accountability mechanism to help them ascertain that ARRA funds spent appropriately Congress is following this very closely as well; many hearings have focused on tracking ARRA funds and single audits discussed as one accountability mechanism High quality of the audits is of utmost importance 70 35

36 Technical Update - GAO Recovery Act Activities GAO staff actively involved in monitoring at 16 states Reporting back to Congress periodically on what they are finding Their work could result in changes to single audits going forward Upcoming Yellow Book revision Streamline with what other standard-setters have done Address issues that GAO has observed Independence Standards and Corresponding Q&A Guidance Expected Timeframe June 2010 exposure draft with 90 day comment period Final 2011 Yellow Book in June Resources for Peer Reviewers and Technical Reviewers PCIE Report - AL2.pdf AICPA Audit Guide Government Auditing Standards and Circular A-133 Audits Government Audit Quality Center AICPA (firm membership required but some documents are available to the public

37 Single Audit Quality Concerns (PCIE Report) Common Deficiencies Identified Material Reporting Errors Apparent Audit Findings Not Reported Compliance- Not documenting compliance testing of at least some compliance requirements Internal Control not documenting understanding Problems with risk assessment of federal programs Missing Audit Finding Elements SEFA Problems Materiality at individual major program level Sampling 73 Single Audit Quality Concerns (PCIE Report) Other Common Deficiencies Identified Low-risk auditee determination not documented or incorrect Minimum percentage of coverage requirement not meet Audit programs missing or inadequate for part of the single audit Part of a major program or a major program cluster not tested Missing or erroneous information in the Summary of Auditor s Results Error in threshold for distinguishing Type A and Type B programs Indications that current compliance requirements not considered 74 37

38 Technical Update Single Audit Quality SEFA Clarifying guidance added to 2008 GAS/A133 Guide SEFA Practice Aids issued and available on the GAQC Web site, under the Resources tab (under Research Tools and Aids ); auditor tools also incorporated in the 2009 GAS/A133 Guide Audit Program and Disclosure Checklist for Auditors Document for auditees to accumulate important information on federal awards and a Disclosure Checklist for Auditees The GAQC has provided a member event that has been archived on the GAQC Web site (under the Resources tab) to further help you understand SEFA responsibilities and the Practice Aids 75 Case Study 1 Not in Compliance with YB CPE requirements If a firm conducts a governmental audit when the required personnel are not in compliance with the CPE requirements set forth in those standards, 1. consideration should be given to reporting the failure on an FFC form even if there are no other problems with the engagement. 2. consideration should be given to issuing a report with a rating of pass with deficiency related to personnel management if deficiencies are noted on the engagement or the noncompliance with CPE requirements rises to the level of a deficiency. 3. firms should be advised to obtain the required CPE before performing another government engagement

39 Case Study 1 Not in Compliance with YB CPE requirements (cont.) Keep in mind, if a firm is performing governmental engagements and the firm does not have a quality or peer review done on the firm every three years, or the required personnel did not complete the CPE required by GAS, the engagements should be classified as not conforming with professional standards for purposes of the AICPA Peer Review Program. - From PRP Section 3100, Supplemental Guidance; page Case Study 2 Missed Major Program See Handout for Case Info Auditor missed the major program because they misinterpreted the audit threshold requirement of $500,000 to also apply to major program determination The threshold for having a Single Audit changed from $300,000 to $500,00 in 2004 with no change to the threshold for type A computation A review of 2008 submissions to the Clearinghouse disclosed 858 audits submitted with a threshold of $500,

40 Case Study 3 Missed Major Program See Handout for Case Info 79 Case Study 4 - % of Coverage Failure See Handout for Case Info Circular A-133 states that the auditor should audit, as major programs, federal programs with federal awards expended that, in the aggregate, encompass at least 50 percent of the total federal awards expended. If the auditee meets the criteria for a low-risk auditee, the auditor most audit at least 25 percent of the total federal awards expended

41 CASE Study 5- Part of a Major Program Not Audited Per the definition in OMB Circular A-133,.105, where a CFDA number is assigned for an award, Federal Program is defined as all Federal awards to a non-federal entity assigned a single number in the CFDA. Therefore, all awards with the same CFDA number should be added together to comprise the Federal program, for single audit purposes. There are some Federal programs that are treated as a cluster of programs. These are research and development programs (R&D), student financial aid (SFA) programs; and other clusters as designated or per the definition of a cluster of programs in OMB Circular A-133,.105. Per that definition, OMB Circular A-133 provides that a cluster of programs shall be treated as one program for determining major programs. Handout with Case Study Info 81 Case Study 6 Incorrect Low- Risk Auditee Determination See Handout for Case Info Applying criteria set forth in OMB Circular A , an auditee may be deemed a low-risk auditee. Ordinarily, under the percentage of coverage rule set forth in OMB Circular A (f), at least 50% of Federal awards expended must be covered as major programs in a single audit. However, for lowrisk auditees, a minimum percentage of coverage of 25% is applicable. Consequently, the determination of an auditee as a low risk auditee is a significant auditor judgment