As a provider of healthcare services and support operating during COVID-19, you may have received funding from the U.S. Department of Health and Human Services (HHS) as part of the Coronavirus Aid, Relief, and Economic Security (CARES) Act. If the funds are used appropriately, they do not need to be repaid, but they do come with unique compliance, reporting and audit requirements that recipients must adhere to.
Your facility’s provider relief funds (PRF) are subject to a Single Audit if allowable expenditures or lost revenue amount to $750,000 or more during periods outlined in the HHS chart below. If this is the first time your organization is subject to the Single Audit, you are not alone. Over the next two years, many entities that have received federal funds, and have incurred expenditures or lost revenue exceeding the $750,000 threshold may require a Single Audit for the first time.
According to the Office of Management and Budget (OMB), a Single Audit covers the entity’s entire operations. It is intended to assure the federal government that a nonfederal entity is following the requirements of federal statutes, regulations and terms and conditions of awards for its major federal programs, and it must be conducted by an independent auditor.
Though the Single Audit deadline is ordinarily 9 months from the recipient’s year end, OMB has made a 6-month extension available to entities up to and including June 30, 2021 year-ends, for entities that have not yet filed their Single Audit as of March 19, 2021. The expenditures and lost revenue reported in the Single Audit should mirror the submission into the HHS reporting portal. Although the portal reporting for Period 1 ended on September 30, the HHS has extended a grace period lasting from October 1 through November 30 to complete portal submission. January 1-March 31 is the filing timeline for entities who received funding in Period 2. Start preparing well ahead of your deadline. Now is the time to build your understanding of Single Audit requirements and prepare to file. For complete details on due dates, visit BDO’s Single Audit hub page.
Tips for filing a Single Audit
There’s a first time for everything, but in the case of meeting Single Audit filing requirements, you’ll only have one chance to get it right. The path to accurate reporting is paved with the following best practices:
Mind your due dates
Shifting filing dates resulted in some confusion regarding deadlines, but this was not the OMB’s intention. Deadlines were pushed back to give organizations time to deal with the ongoing pandemic, get records in order and hire a qualified auditor. However, some entities feel they may need additional time. The OMB 6-month extension, as mentioned above, is available to all entities who have not yet filed their Single Audit as of March 19, 2021. Though organizations are not required to apply for this extension, recipients should maintain documentation of the reason for delayed filing.
First, assess internal controls
Filings must abide by the Schedule of Expenditures of Federal Awards (SEFA), which lists expenditures of all federal awards and should align with accounting and other records. The auditor uses the SEFA to assess risk, identify major programs to be audited and determine whether the SEFA has been fairly stated in relation to the holistic financial statement. Prior to the Single Audit, it is helpful to conduct a gap assessment that compares the design and execution of internal controls to the requirements dictated by each major grant or funding source. Performing a gap assessment in advance of the auditor’s review helps you identify problems — companies frequently find that although their internal design complies with SEFA, their execution does not — and prepare an explanation for why you may fall short of the requirements.
Hire an experienced independent auditor
Your Single Audit must be prepared by someone outside of your organization, but the unique nature of the Single Audit means you shouldn’t trust just any outside party. The ideal independent auditor is typically a CPA who specializes in Single Audits and is up to date on continuing education courses required by Government Audit Standards (GAS). Act quickly to secure the help of a specialist, as they’ll likely be in high demand as filing deadlines creep closer.
Organize federal grant information and other financial records
The Single Audit encompasses expenses or lost revenue incurred in periods both before and after the award existed and spanning more than one fiscal year. An auditor can only assess what you provide, so it’s important that you are transparent and methodical when presenting them with information. Organize all federal grant information, including grant award documentation and each award’s Assistance Listing (AL) number, so that the auditor can easily summarize it for filing. Supply the auditor with documents pertaining to expenditure justification as well as recent financial and performance reports.
Practice good data governance
Record organization comes easier to companies that prioritize data governance. Having processes and standards in place to manage and safeguard data can save you time, money and the potential reputational damage that could result from a breach. Healthcare data, such as patient medical records and payment information, is a prime target for a cyberattack. To protect patient data, more states are enacting and enforcing data privacy laws that come with hefty fines for non-compliance.
What should I do next?
Perhaps more than any other industry, healthcare has undergone major changes caused by COVID-19, but not all changes have to be overwhelming. Take it from a firm with experience: Meeting the Single Audit filing requirements can be achieved with proper preparation and professional guidance. Think you’re ready to kick off the Single Audit process? Check out BDO’s Readiness Report Card to make sure.
For more insights on how to prepare to file a Single Audit, check out BDO’s FAQ.
*****
Written by Steven Shill. Copyright © 2021 BDO USA, LLP. All rights reserved. www.bdo.com
Questions on what to do next in the Single Audit process? Contact REDW Principal Chris Tyhurst, CPA, or Senior Manager Claire Hilleary, CPA.
