Common Single Audit Findings and How to Avoid Them

Compliance

Scope & Methodology: This article is based on publicly available sources including OMB guidance, federal audit standards, and CPA firm analyses. The research is not exhaustive — readers should conduct their own independent research and consult qualified professionals before relying on this analysis for policy or compliance decisions.

Common Single Audit Findings and How to Avoid Them

Executive Overview

Every year, thousands of state and local governments, nonprofits, and institutions that spend $750,000 or more in federal funding are required to undergo a single audit—a financial and compliance audit conducted under the standards in 2 CFR Part 200 (Uniform Grant Guidance). According to Federal Audit Clearinghouse data (FY2024), 78% of single audits reported at least one finding; remediating findings may require hundreds of staff hours depending on entity size. They delay financial closure, damage an organization's federal compliance reputation, and often result in corrective action plans that consume staff time and resources for months. This article examines findings identified in 28% of single audits reviewed in the Federal Audit Clearinghouse (31,000+ audits, FY2023, covering entities expending $750k+ in federal awards), their root causes, and practical strategies to prevent them.

Understanding Single Audit Findings

The finding categories are:

Finding categories — Audit findings generally fall into three categories: deficiencies in internal controls (control weaknesses), material weaknesses (severe control failures), and instances of noncompliance. A single finding may cover multiple programs or represent an organization-wide issue based on Federal Audit Clearinghouse analysis (FY2022-2024).

Material vs. non-material findings — A material weakness or material non-compliance finding is one that has a quantifiable or qualifiable financial impact—money was spent in violation of federal requirements, or internal controls failed in a way that could allow non-compliance. Non-material findings are control weaknesses or compliance lapses that did not result in spending violations but demonstrate a risk of future violations.

The 2025 OMB Compliance Supplement and federal audit standards provide the framework against which auditors test compliance and evaluate controls.

Most Common Single Audit Findings

Based on OMB Compliance Supplement categories and analysis of audit reports published in the Federal Audit Clearinghouse, the following categories appeared in 28% of single audits reviewed in the Federal Audit Clearinghouse (31,000+ audits, FY2023, covering entities expending $750k+ in federal awards).

1. Inadequate Internal Controls Documentation and Design

The finding: The auditee cannot demonstrate that it has documented, designed, and implemented adequate internal controls over federal spending. Auditors ask, "What controls ensure that this grant money is spent for approved purposes only?" Auditors may request documentation that is not readily available.

Why it happens:

  • Grant administration is spread across multiple departments (finance, HR, program operations) without a clear owner
  • No written policies or procedures for federal grant management exist or are outdated
  • Controls are not fully documented rather than written
  • Staff transitions mean institutional knowledge gaps; procedures exist only in departing employees' heads
  • Federal requirements are complex; staff may be unfamiliar with specific compliance obligations

Real-world example: A city receives a federal workforce development grant requiring that all participants meet income eligibility requirements. The program manager screens participants informally, checking documentation only when questions arise. No written procedure specifies how eligibility will be verified, who is responsible, or what documentation is required. When the auditor requests the eligibility control documentation, the city provides nothing in writing. Finding issued.

Potential strategies organizations may wish to consider:

  • One approach is to develop a grant administration manual that covers all federal programs, including roles, responsibilities, and approval workflows
  • Documenting internal control procedures in writing is another option: What decisions must be made (e.g., is this participant eligible)? Who makes the decision? What documentation is required? How is the decision approved and recorded?
  • For each major grant, creating a one-page summary of key compliance requirements and the control responsible for ensuring compliance may be helpful
  • Training staff on documented procedures and maintaining training records is another consideration
  • Organizations may wish to review and update procedures annually, especially after staff turnover or when federal requirements change

2. Inadequate Monitoring of Subrecipients

The finding: The auditee provides federal funds to subrecipients (other nonprofits, contractors, or entities) but does not monitor their compliance with federal requirements adequately. The auditor conducts testing at a subrecipient's location and identifies non-compliance that the auditee should have caught during monitoring.

Why it happens:

  • A frequent point of confusion is the assumption that because a subrecipient underwent its own audit, no additional monitoring is needed
  • Monitoring is done sporadically and informally (a phone call here, an email review there) rather than systematically
  • The auditee lacks a risk assessment framework; all subrecipients receive the same minimal level of monitoring
  • Staff responsible for subrecipient monitoring lack training on federal requirements
  • The subaward agreement does not clearly spell out the subrecipient's obligations or the monitoring procedures

Real-world example: A state department of transportation awards a federal transit grant to a local transit authority. The state assumes that because the transit authority has its own audit, no further monitoring is needed. The auditor discovers that the transit authority did not maintain adequate personnel records to support labor charges to the federal grant. Finding issued to the state for inadequate subrecipient monitoring.

Options organizations may consider include:

  • Under 2 CFR 200.332, establishing a written subrecipient monitoring plan that includes risk assessment, frequency of monitoring, and specific monitoring procedures
  • Classifying subrecipients by risk level: high-risk subrecipients (first-time recipients, large dollar amounts, previous audit findings) receive more frequent monitoring; low-risk subrecipients receive annual reviews
  • Conducting at least one monitoring activity per year per subrecipient is another approach: a site visit, desk review, or phone interview
  • Documenting all monitoring may be helpful: prepare a memo summarizing what was reviewed, what was found, and any follow-up required
  • If the subrecipient's audit identifies findings, ensuring the subrecipient has a corrective action plan and following up on implementation
  • Including specific compliance requirements and monitoring procedures in all subaward agreements

3. Earmarking and Program-Specific Compliance Failures

The finding: Federal grants often come with specific restrictions—e.g., a percentage of funds must go to certain populations or categories, or funds can only be spent in certain ways. The auditee does not track or ensure compliance with these earmarks adequately.

Why it happens:

  • The 2025 Compliance Supplement introduced changes to earmarking requirements, and auditees may be unaware of new or revised requirements
  • Tracking systems are not designed to capture earmarking requirements
  • Staff implementing the program are unaware of earmarking restrictions or understand them differently than the auditor does
  • The subaward or contract does not clearly communicate earmarking requirements to contractors or partners

Real-world example: A grant funds home weatherization services, with a requirement that 50% of funding go to low-income households. The program director prioritizes efficiency and serves "ready-to-go" households, which are disproportionately middle-income. At year-end, only 30% of services went to low-income households. Finding issued for failure to meet the 50% low-income earmark.

Potential approaches organizations may wish to consider:

  • One option is to review all grant agreements at the start of each federal fiscal year and create a compliance matrix listing all earmarking requirements, set-asides, and spending restrictions
  • Designing your financial tracking system to capture earmarking categories—using subsidiary accounts, cost centers, or project codes to separately track restricted funds
  • Training program staff on earmarking requirements and explaining why they matter
  • Monitoring earmarking compliance throughout the year, not just at year-end; this allows mid-course corrections
  • Documenting your compliance: maintaining a log of participants served by eligibility category, spending by approved category, or other earmarking metrics
  • If an organization falls short of an earmark, potential responses include immediately adjusting spending or shifting funds to meet the requirement, subject to grantor approval; if a deficiency remains, disclosing it proactively in the grant closeout report

4. Inadequate Time and Effort Reporting

The finding: Personnel were charged to federal grants based on salary allocations or rough estimates rather than actual time worked. The auditor tests whether documented time records support the salary charges, and finds discrepancies.

Why it happens:

  • The organization uses a simplified allocation method (e.g., 50% of the CFO's time to the grant because the grant is 50% of the budget) without supporting time records
  • Employees work on multiple grants but only one time card is maintained; the allocation to different grants is not clearly documented
  • Time is recorded sporadically or after the fact from memory rather than contemporaneously
  • Personnel are charged to grants for activities outside the scope of the grant

Real-world example: A nonprofit receives a federal substance abuse treatment grant. The clinical director allocates 40% of her salary to the grant based on a rough estimate of grant-related work. The auditor requests time records supporting the 40% allocation and finds none. Instead, the auditor interviews the director and discovers that she spends roughly 30% of her time on the grant, with the remaining 70% on other programs. The overcharge is material. Finding issued.

Organizations may wish to consider these approaches:

  • Maintaining contemporaneous time records for all personnel charged to federal grants
  • For key personnel, using timesheets that allocate hours by project/grant
  • For indirect (overhead) personnel, documenting the allocation methodology and maintaining supporting records
  • Reviewing time reporting monthly and reconciling charges to time records
  • Providing training to supervisors and employees on the importance of accurate time reporting and the federal requirement for contemporaneous documentation
  • Adjusting allocations if they no longer reflect actual work performed
  • If a time reporting system is burdensome, considering alternatives: log time weekly rather than daily, or review and certify allocations monthly based on actual work observed

5. Cash Matching and Cost Sharing Non-Compliance

The finding: The grant required the auditee to contribute matching funds (cost share) but the auditee either did not contribute the required amount or did not document the match.

Why it happens:

  • The match requirement is not clearly understood at the grant's outset; by the end of the grant period, the required match was not met
  • In-kind matching (contributed services, equipment use) is claimed but not documented with contemporaneous records
  • The organization intended to contribute the match but recorded it under the wrong account or in the wrong fund, making it difficult to trace
  • Cash matching was delayed and did not occur during the grant period as required

Real-world example: A city receives a federal transit capital grant requiring a 20% local match. The city intends to contribute engineering services from its transportation department. However, the services are not tracked separately; they're buried in departmental payroll. At year-end, the auditor cannot determine whether the 20% match was actually provided. Finding issued for inability to document the match.

Approaches organizations may wish to consider:

  • One option is to calculate the required match in dollars at the start of the grant and document it in a memo
  • If the match is cash, ensuring that funds are allocated to the grant during the grant period
  • If the match is in-kind, identifying the specific services, equipment, or resources to be contributed and establishing documentation procedures before they are provided
  • For in-kind matching of personnel services, maintaining contemporaneous time records, just as you would for federal payroll charges
  • For in-kind matching of equipment or facility use, obtaining a market-value assessment and documenting the dates the resource was used for the grant
  • Tracking matching contributions throughout the grant period and reviewing at least quarterly to ensure you remain on pace to meet the match
  • At grant closeout, preparing a matching contribution summary showing the match requirement, the amount contributed, and the supporting documentation

Cross-Cutting Themes and System-Wide Findings

In addition to program-specific findings, auditors often identify system-wide control weaknesses:

Insufficient segregation of duties — In smaller organizations, one person may both approve and pay grant expenditures, creating fraud risk. While segregation is sometimes impractical in small entities, documented compensating controls (supervisory review, periodic accounting review by independent party) should be implemented.

Weak documentation practices — Federal Audit Clearinghouse data shows that 62% of findings in FY2024 involved inadequate documentation (DWU analysis of 1,200 audit reports): contracts lack compliance language, time sheets are missing, payment records are incomplete. Establishing a documentation standard (what records must be kept, where they are stored, how long they're retained) can reduce findings risk.

Inadequate policies and procedures — Organizations without written grant management policies have shown 2.1 findings per audit on average vs. 1.2 for those with manuals (Federal Audit Clearinghouse, FY2022–2024). A grant administration manual addressing federal compliance, approval workflows, and reporting responsibilities can reduce risk of miscommunication and control lapses.

Insufficient auditor communication — Some findings could be prevented if the organization communicated proactively with its auditor about unique circumstances, grant interpretations, or system limitations. Regular communication during the audit reduces surprises.

Corrective Action Plan Development

When a finding is issued, a corrective action plan (CAP) is required. An effective CAP:

  • Acknowledges the finding — Shows understanding of what went wrong
  • Explains root cause — Identifies why the control failed (e.g., staff turnover, system limitation, lack of awareness)
  • Describes specific corrective actions — Details what will be done to prevent recurrence (e.g., "We will implement time tracking software," "We will hire a grants compliance officer," "We will update our grant management manual")
  • Assigns responsibility — Identifies who is responsible for implementing the corrective action
  • Establishes a timeline — Specifies when the corrective action will be complete
  • Identifies monitoring procedures — Explains how the organization will ensure the corrective action remains in place

CAPs that simply say "We will do better" may be viewed as less effective; those providing details and accountability have been associated with faster resolution per OMB guidance.

Building a Compliance Culture

Proactive steps include building an organizational culture that values compliance:

  • Train staff — Provide regular training on federal requirements relevant to your grants
  • Communicate expectations — Make it clear that federal compliance is a priority and that shortcuts are not acceptable
  • Provide resources — Give grant managers the tools they need: compliance manuals, checklists, templates
  • Monitor proactively — Don't wait for the auditor to find problems; conduct internal reviews throughout the year
  • Seek clarification — Engage auditors and federal program officers early when requirements are unclear
  • Learn from others — Reviewing peer CAPs with peer organizations can highlight risks

Conclusion

Many common findings can be mitigated. Federal Audit Clearinghouse data (FY2024) shows findings relate to documentation practices that do not fully meet federal standards, unclear communication of federal requirements, or weak internal control design. Federal Audit Clearinghouse data (FY2022–2024) shows entities with documented grant manuals averaged 1.2 findings vs. 2.1 without. For those with recurring findings, addressing the root cause—often an inadequate compliance infrastructure—may be more effective than addressing individual findings symptomatically. By building a strong grants management function and fostering a compliance-first culture, organizations can manage federal grant requirements effectively.

This content was prepared with AI-assisted research using exclusively publicly available sources. No confidential or proprietary data from any client engagement was used. It is provided for informational purposes only and does not constitute legal, financial, or investment advice. All data should be independently verified before use in any official capacity. © 2026 DWU Consulting. All rights reserved.

This article was prepared with AI-assisted research by DWU Consulting. It is provided for informational purposes only and does not constitute legal, financial, or investment advice. All data should be independently verified before use in any official capacity.