Grantee Audit Requirements

Division of Criminal Justice Audit Compliance Monitor (ACM)

Jane Pemberton

dcj_audits@state.co.us

FAQ

Audit FAQ (printable)

What is an Audit?

Also referred to as the Audited Financial Statements, or the Comprehensive Audited Financial Report (CAFR), an audit provides the highest level of assurance. A CPA, independent of the agency, is required to have extensive knowledge of the economy, the relevant industry, and the organization’s business, in order to perform the audit. He/she will conduct verification and substantiation procedures to include third-party verification of cash, investment, and debt balances; direct correspondence with creditors, physical inspection of assets, sample testing of transactions, review of board and committee minutes, contracts, etc. While the auditor does not express an opinion on internal controls, he may identify material weaknesses and significant deficiencies in internal controls. (See Management and Governance Letters.)

What is a Review? 

A review is less in scope than an audit. It provides limited assurance that the financial statements do not have known errors or departures from generally accepted accounting principles. An independent CPA must perform inquiry and analytical procedures. DCJ accepts a simple financial review, if the agency’s annual revenues are less than $300,000.

What is a Single Audit?

A Single Audit, required of agencies who expend $750,000 or more of federal funds from all sources during the agency’s fiscal year, provides the auditor’s opinion on the agency’s financial statements for federal awards; internal controls over federal programs; compliance with laws, regulations and provisions of contracts or grant agreements that could have an effect on major programs; and includes a schedule of findings and questioned costs (if any), corrective actions, and follow up on any prior audit findings. The Single Audit must be filed electronically, by the independent CPA, with the Federal Audit Clearinghouse (FAC) annually, within nine months after the end of the audit period.

What is the Governance Letter? 

This letter (SAS 114) is the auditor’s communication, external from the audit, with those charged with governance and is required by the American Institute of CPAs (AICPA). The purpose of the letter is to communicate to those charged with governance, such as the Board of Directors, Audit Committee, President, or Management, the scope of audit procedures performed, significant findings, and other information, such as disagreements with management, audit adjustments and significant estimates, that aren’t communicated in the audited financial statements. Another important portion of the letter is the presentation of any passed journal entries. These are entries that were not posted to the audited financials, because, in total, they have no material effect on the financial statements, but are presented to the agency in this letter in order to draw governance’s attention to other known errors that were found during the audit.

What is the Management Letter? 

This letter (SAS 115) from the auditor, external from the audit, communicates internal control related matters identified during the audit. Internal controls have to do with operations, reporting, and compliance. The AICPA requires the issuance of a management letter, to those charged with governance, in the event material weaknesses or significant deficiencies are identified. Weaknesses and deficiencies may include such issues as lack of segregation of duties, inadequately trained accounting personnel, restated prior period financial statements, and material audit adjustments. The auditor may also offer recommendations for ways to improve these controls that will help to mitigate risk and strengthen the agency’s accounting processes.

What do you mean by Corrective Actions? 

This is the agency’s response to the Management Letter. What actions have the Board and Management taken, in response to the auditor’s recommendations, to correct the findings or deficiencies identified during the audit? Example: The agency hired another accountant, or developed a new procedure to provide clearer segregation of duties.

Why do you need to see all these reports and letters?

DCJ is ultimately responsible for the grantee’s performance and compliance with the federal and state regulations and requirements. Therefore, DCJ must monitor the activities of the grantee.  DCJ is required to determine financial risk for each award at the onset of the award to determine if it is necessary to impose additional special conditions on the award. The agency information submitted allows DCJ to assess agency risk and financial capability to manage funds. Following the award, DCJ collects the information to ensure that there were no findings related to the issuance of the DCJ grant award, which might impact future funding and/or create unallowable costs.

Sample Audit Documents
Please see the following examples.
 
Note: these examples are provided for the sole benefit of assisting agencies to identify what a particular document may look like when it is requested by DCJ.
 
Management Letter 1 (significant deficiencies)
Management Letter 2 (recommendations to strengthen)
Due Dates (When do I submit my Audit or Financial Review to DCJ?)
When and to whom should my agency submit its audit/review to DCJ?

Ideally, it should be submitted to the DCJ Audit Compliance Monitor, as soon as it is completed each year, even if the agency received funding for only part of that year. The DCJ Grant Instructions state the agency must submit its audit no later than nine months after the completion of its fiscal year or within 30 days of completion of the audit, whichever is earlier.

Grantee must provide audit documents upon request which includes but is not limited to:

Project Start: The Grantee must submit the most recent audit or financial review, including the corresponding management letter, to DCJ within thirty (30) days of request, and, if the most recent audit/financial review has not already been submitted to DCJ, it must be submitted within thirty (30) days of the start of each grant award.
 
AND
 
Project End: The Grantee assures that it will procure an audit or financial review, incorporating each grant award, by an independent Certified Public Accountant (CPA), licensed to practice in Colorado. The audit or financial review incorporating each grant award must be completed and received by DCJ within nine (9) months of the end of the fiscal years that includes the end date of the grant, or within thirty (30) days of the completion of such audit or review, whichever is earlier.
Audit Requirements - Grantees that expend $750,000 or more of federal funds

Grantees that expend $750,000 or more of federal funds from all sources during the entity's fiscal year must have a single or program-specific audit conducted for that year in accordance with the provisions of 200.501.

Single audit. A Single Audit provides the auditor's opinion on the grantee's financial statements for federal awards, internal controls over federal programs, compliance with laws, regulations and provisions of contracts or grant agreements that could have an effect on major programs, and includes a schedule of findings and questioned costs (if any), corrective actions, and follow up on any prior audit findings.

Audit Costs: Grantees required to conduct an audit in accordance with the provisions of 200.501 may reasonably request a proportionate share of the costs of audits in the grantee’s federal grant award.

Audit Frequency. Except for the provisions for biennial audits provided for in 200.501, audits must be performed annually.

Exemptions: DCJ may not authorize exemptions from this requirement.

Audit Requirements - Grantees that expend less than $750,000 of federal funds

Grantees that expend less than $750,000 of federal funds from all sources during the entity's fiscal year are not subject to the provisions of 200.501. However, it is the policy of DCJ that all grantees of federal and/or state government funds shall obtain a financial audit or financial review, and provide a copy to DCJ as part of an application for funds, contracting process, or upon request.

All grantees that have revenue greater than $300,000 from all sources during the entity's fiscal year are required by DCJ to obtain a financial audit. (Grant agreements issued prior to 7/1/16 are bound to a lower threshold of $200,000.) All grantees that have revenue less than $300,000 from all sources during the entity's fiscal year are required by DCJ to obtain a financial audit or financial review. A compilation is not sufficient to satisfy this requirement. (Grant agreements issued prior to 7/1/16 are bound to a lower threshold of $200,000.)

Audit/Financial Review Costs: Grantees not required to conduct an audit in accordance with the provisions of 200.501, may not charge audit or financial review costs to the federal grant award. State grant fund recipients may reasonably request a proportionate share of the costs of audits/reviews in the grantee's state grant award.

Exemptions: DCJ reserves the right to delay or temporarily exempt an agency from this policy, in the case of start-up, size of agency, hardship, or other unforeseen reason if it is in the best interest of DCJ, the agency, and/or the agency's clients or purpose to do so. The agency shall request such delay or temporary exemption in writing, and the DCJ Audit Compliance Monitor shall concur in the decision making. (This delay or temporary exemption shall not extend to agencies required to obtain Single Audits.)

Failure to Comply with Audit or Financial Review Requirements

The grantee understands and agrees that DCJ or the federal awarding office (DOJ) may withhold award funds, or may impose other related requirements, if the grantee does not satisfactorily and promptly address outstanding issues from audits required by Part 200 Uniform Requirements, by the terms of the Grant Agreement, by the current edition of the DOJ Grants Financial Guide, or other outstanding issues that arise in connection with audits, investigations, or reviews of DOJ awards.