This is the accessible text file for GAO report number GAO-08-318R 
entitled 'Responses to Posthearing Questions Related to Improving 
Single Audit Quality' which was released on December 10, 2007. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

December 7, 2007: 

The Honorable Tom Carper:
Subcommittee on Federal Financial Management, Government Information, 
Federal Services, and International Security: Committee on Homeland 
Security and Governmental Affairs: United States Senate: 

Subject: Responses to Posthearing Questions Related to Improving Single 
Audit Quality: 

Dear Mr. Chairman: 

On October 25, 2007, GAO testified[Footnote 1] before your subcommittee 
at a hearing entitled, "Single Audits: Are They Helping to Safeguard 
Federal Funds?" At the hearing, we provided (1) GAO's perspective on 
the history and importance of the Single Audit Act, as amended (Single 
Audit Act), and the principles behind the act, (2) our preliminary 
analysis of the recommendations made by the President's Council on 
Integrity and Efficiency (PCIE) for improving audit quality, and (3) 
additional factors to consider for improving the quality of single 

This letter responds to your November 5, 2007, request for responses to 
follow-up questions for the record related to our October 25, 2007, 
testimony. Your questions, along with our responses, follow. 

Question 1. Ms. Franzel mentioned in her statement that a separate 
effort considering the overall framework for single audits is 
warranted, including analyzing whether the current federal oversight 
structure for single audits is adequate. Please elaborate on the type 
of analysis suggested to be done. 

Given the increase in federal grant awards in recent years and the many 
different federal entities involved in overseeing the single audit 
process, two aspects of the single audit framework warrant further 
analysis to determine whether changes are needed to improve single 
audit quality and overall accountability for the use of federal grant 
funds: (1) the roles and responsibilities of the various parties in the 
federal oversight structure for single audits, and (2) the current risk-
based approach to conducting single audits. 

Roles and Responsibilities within the Federal Oversight Structure: 

Federal oversight responsibility for implementation of the Single Audit 
Act is currently shared among various entities--the Office of 
Management and Budget (OMB), federal agencies, and their respective 
Offices of Inspector General (OIG). The Single Audit Act assigned to 
OMB the responsibility of prescribing guidance to implement the uniform 
audit requirements and required each federal agency to amend its 
regulations to conform to the requirements of the act and OMB's 
guidance. OMB issued Circular No. A-133, Audits of States, Local 
Governments, and Non-Profit Organizations, which sets implementing 
guidelines for the audit requirements and defines roles and 
responsibilities related to the implementation of the Single Audit Act. 
The federal agency that awards a grant to a recipient is responsible 
for ensuring recipient compliance with federal laws, regulations, and 
the provisions of the grant agreements. The awarding agency is also 
responsible for overseeing whether the single audits are completed in a 
timely manner in accordance with OMB Circular No. A-133 and for 
providing annual updates of the Compliance Supplement[Footnote 2] to 
OMB. Some federal agencies rely on the OIG to perform quality control 
reviews (QCR) to assess whether single audit work performed complies 
with OMB Circular No. A-133 and auditing standards. 

Many grantees receive federal funding from several federal agencies and 
programs. Therefore, a specific federal agency is generally given 
oversight responsibilities for a particular grantee, either as a 
cognizant or oversight agency for audit. Recipients expending more than 
$50 million in federal funding are required to have a cognizant agency 
for audit. Recipients that do not have a cognizant agency are assigned 
a specific oversight agency to provide technical audit advice. If 
necessary, this agency may perform the full duties of a cognizant 

An analysis of the roles and responsibilities within the federal 
oversight structure for single audits to identify possible improvements 
should consider the following questions: 

Is single audit oversight consistent and effective across federal 
agencies (Are there any particularly effective models that are 
currently employed by specific agencies)? 

What alternative federal oversight structures could improve overall 
accountability and oversight of the single audit process? 

Are sufficient federal resources being dedicated to oversight of single 
audits, in relation to the current dollar amounts of grants and the 
nature of current grant programs? 

Should the oversight role of the cognizant agency for audit of larger 
grantees--those expending $50 million or more in federal awards--be 

Is the current overall federal oversight structure adequate to achieve 
useful and effective accountability over federal grant funds? If not, 
where are improvements needed? 

Current Risk-Based Approach to Single Audits: 

The current risk-based approach to conducting single audits considers 
both dollar amounts and other aspects of risk to identify which "major" 
programs to include in the scope of compliance testing in a single 
audit. The Single Audit Act of 1984 focused attention on dollar 
coverage of federal financial assistance to achieve approximately 95 
percent audit coverage. The 1996 amendments to the act expanded the 
criteria to include risk-based criteria for the compliance testing 
component of the audit in addition to dollar amounts. This gave 
auditors greater freedom in targeting risky programs by, for example, 
allowing them to eliminate low-risk large dollar programs from testing 
and include high-risk small dollar programs in their place. OMB 
Circular No. A-133's current methodology for selecting major programs 
for compliance testing is based on a combination of dollar amounts, 
past audit findings, length of time since the program was last audited, 
and total coverage of federal dollars. This methodology, however, 
continues to rely heavily on the relative size of the grant 
expenditures for programs within a grantee to determine which programs 
are audited for compliance. 

An analysis of the current risk-based approach to conducting single 
audit compliance testing could be focused on determining whether there 
are other risk-based factors that may be cost-beneficial to consider in 
approaching single audits in today's environment. This analysis could 
also determine whether the current single audit approach adequately 
targets areas of risk and contributes to improvements where needed. 
Other types of risk-based factors that could be considered include 
organizational governance, internal control environment, risks 
associated with internal controls and financial systems, and risk of 
improper payments and noncompliance with federal programs. The single 
audit scope and specific audit procedures could then be adjusted by 
incorporating these types of factors. 

Question 2. OMB pointed out in its statement and during the hearing 
that it plans to consider how to leverage single audits to improve 
improper payment estimates. Is GAO concerned that the audit quality 
problems cited in the PCIE study might be either masking or leading to 
improper payments in some of these programs? Does GAO believe that 
OMB's plan has merit? 

The current design of the single audit is not intended to provide 
sufficient information for assessing and reporting on improper 
payments. There is currently no direct link between the assessment of 
susceptibility to improper payments and the level and scope of work 
performed in a single audit. For instance, the current risk-based 
approach for determining major programs to audit for compliance under 
the single audit focuses heavily on programs with the largest dollar 
amounts in a grantee's portfolio. Thus, programs identified as 
susceptible to improper payments at the federal level may not be 
audited for compliance under a single audit, depending on the portfolio 
of a grantee's federal grants. Consequently, the current design of the 
single audit process and the related results are generally insufficient 
to identify improper payments and systematically estimate the extent of 
improper payments for susceptible programs. 

Many grant programs could be susceptible to improper payments by their 
very nature. Improper payments are payments that should not have been 
made or that were made in an incorrect amount under applicable 
requirements. Improper payments also include payments to ineligible 
recipients, payments for ineligible service, duplicate payments, and 
payments for services not received. Federal agencies are required to 
follow four basic steps under the Improper Payments Information Act 
(IPIA)[Footnote 3] and related OMB guidance: 

(1) assess risk of improper payments in all programs, 

(2) estimate improper payments for programs susceptible to significant 
improper payments (defined by OMB as exceeding both 2.5 percent of 
program payments and $10 million annually), 

(3) annually report on estimates of improper payments, and: 

(4) for programs with over $10 million in improper payments, implement 
a plan to reduce improper payments and report on actions to reduce 

To the extent that single audits are not providing reliable information 
about internal control and compliance with program requirements, 
agencies may not be receiving the information needed to fulfill their 
responsibilities under IPIA. 

In its statement,[Footnote 4] OMB pointed out that it is exploring 
longer-term reforms to the single audit process that will help achieve 
successful results in the implementation of IPIA. OMB plans to evaluate 
how single audits can be expanded beyond federal program compliance to 
assess the risk of improper payments and the extent to which improper 
payments are systemic throughout a program. OMB's plan to evaluate how 
the single audit can be expanded for this purpose has merit, and we 
support this initiative. 

Question 3. During the hearing, Ms. Franzel mentioned several issues 
that need to be resolved before implementing the proposed training 
recommendations in the PCIE study. Who should resolve these issues and 
what is the need to deal with these issues considering the impact on 
the timing of correcting the current audit quality problems? 

Since OMB would ultimately be responsible for putting a training 
requirement in place, it should also be responsible for resolving any 
related implementation issues involved, with input from key 
stakeholders. However, there are several interrelated factors at play 
here that would impact the timing of implementing proposed training 
requirements. The universe of completed single audits in the Federal 
Audit Clearinghouse database for a given year is over 35,000. According 
to AICPA, approximately 7,000 firms perform governmental audits which 
include single audits. Those firms are located across the U.S., in 
large cities, small towns, and rural areas. Because of the large number 
of auditors to be trained and their dispersion across the county, there 
are clearly efficiency and cost-benefit aspects that need to be 
considered. In addition, effective and efficient training delivery 
mechanisms would need to be identified and put in place. Resolving 
these substantial implementation issues could take some time. Further, 
cost-benefit considerations may be significantly affected if the 
current single audit approach and universe of audits were to change 
significantly in the near-term. If an effort is undertaken in the near- 
term to revisit the approach to single audits, it may be advantageous 
to wait until any new approaches resulting from this effort are 
established to implement training requirements. 

Question 4. What type of accountability mechanisms and oversight would 
be helpful to oversee the various parties' implementation of the PCIE 
recommendations? Is there anything the Congress can do to address these 

Because of OMB's statutory responsibilities related to single audits, 
we believe that OMB should be the party responsible for tracking the 
status of implementing the PCIE recommendations. However, OMB could 
delegate that responsibility to another federal agency or to the PCIE. 
As mentioned in our testimony, we believe that a number of issues need 
to be resolved before specific actions are taken to implement some of 
the recommendations. Also, as discussed in our response to question 1, 
a separate effort taking into account the overall framework for single 
audits may be warranted. In our testimony, we also highlighted two 
other critical factors that need to be considered when determining 
actions to improve audit quality: (1) audit quality problems associated 
with the size of audit, and (2) the distribution of size in the 
universe of single audits. GAO could monitor the results of any changes 
in this area as part of our expanded review of the single audit 

The hearing also brought to light other key issues that affect the 
usefulness of single audits and the effectiveness of federal oversight 
over grant funds that require immediate attention. We would be pleased 
to continue to keep the Congress informed on the extent of any progress 
made in evaluating issues surrounding single audits, implementing the 
PCIE recommendations, and improving the accountability and oversight 
structure for federal grant funds. 

In addition, GAO currently has a request from this subcommittee to 
identify further actions to improve federal oversight and 
accountability for grant funds. We will continue to keep the 
subcommittee informed about our progress and any suggested actions for 
improving the single audit process developed as a result of this work. 

Question 5. In your role as the standards-setting organization for 
Government Auditing Standards, what part does GAO plan to play in 
helping to improve single audit quality? 

The Single Audit Act requires that audits be done in accordance with 
generally accepted government auditing standards (GAGAS). In our role 
as standards setter, we will continue our regular activities to promote 
high-quality auditing under GAGAS. GAO recently issued a modernized 
version of GAGAS.[Footnote 5] Also, GAO's Comptroller General chairs 
the National Intergovernmental Audit Forum that monitors the standards 
setting bodies, and advances the audit standards within the government 
and the audit profession. Through these processes, we have had, and 
continue to have, extensive interaction with the audit community, 
including state and local government auditors, and CPA firms of all 
sizes across the country. 

GAO provides technical assistance to auditors from public accounting 
firms and government audit organizations to assist them in conducting 
quality audits. Each year, GAO receives thousands of telephone and e- 
mail inquiries, and we generally respond to most inquiries within 24 
hours. This interaction also alerts GAO to emerging issues and problem 
areas for auditors. In addition, GAO maintains a Yellow Book web page 
which provides various technical resources for auditors conducting 
government audits. 

We are sending a copy of our responses to the posthearing questions to 
Senators Coburn and McCaskill who also attended the hearing. Should you 
have any questions on matters discussed in this response or need 
additional information, please contact me at (202) 512-9471 or at or Sabrina Springfield at (202) 512-9328 or at Contact points for our Office of Congressional 
Relations and Public Affairs may be found on the last page of this 
report. Major contributors to this report include Emily Clancy and 
David Merrill. 

Sincerely yours, 

Signed by: 

Jeanette Franzel: 


Financial Management and Assurance: 

[End of section] 


[1] GAO, Single Audit Quality: Actions Needed to Address Persistent 
Audit Quality Problems, GAO-08-213T (October 25, 2007). 

[2] The Compliance Supplement is based on the requirements of the 1997 
revisions to OMB Circular No. A-133, which provide for the issuance of 
a compliance supplement to assist auditors in performing the required 
audits. It provides a source of information for auditors to understand 
the federal program's objectives, procedures, and compliance 
requirements relevant to the audit as well as audit objectives and 
suggested audit procedures for determining compliance with these 

[3] Pub L. No. 107-300, 116 Stat. 2350 (November 26, 2002). 

[4] Office of Management and Budget, Statement of the Honorable Daniel 
I. Werfel, Acting Controller, Office of Federal Financial Management, 
Office of Management and Budget before the Senate Subcommittee on 
Federal Financial Management, Government Information, Federal Services, 
and International Security (October 25, 2007). 

[5] GAO, Government Auditing Standards: July 2007 Revision, GAO-07-731G 
(July 2007).

GAO's Mission: 

The Government Accountability Office, the audit, evaluation, and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink,]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink,]  
and select "E-mail Updates." 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office: 
441 G Street NW, Room LM: 
Washington, DC 20548: 

To order by Phone: 
Voice: (202) 512-6000: 
TDD: (202) 512-2537: 
Fax: (202) 512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 


Web site: [hyperlink,]: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Gloria Jarmon, Managing Director, 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, DC 20548: 

Public Affairs: 

Chuck Young, Managing Director, 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, DC 20548: