P&N is now EisnerAmper

Effective May 21, 2023, P&N has joined EisnerAmper. Read the full announcement here.

Consulting Services • Published 3/18/2022 Pandemic Funds: Are You Audit-Ready?


State and local governmental entities receiving federal funds, such as CARES and ARPA funding, are required to maintain internal controls over the federal awards under the Uniform Guidance (2 CRF Part 200) regulatory requirement.

Additionally, recipients that spend a total of $750,000 or more in federal funds--including Provider Relief Fund (PRF) payments and other federal financial assistance--during their fiscal year are subject to single audit requirements, as outlined in the regulations under the Uniform Guidance (2 CRF Part 200 Subpart F).

What are the internal control requirements under Uniform Guidance (2 CRF Part 200)?

The entity must establish and maintain effective internal controls that provide reasonable assurance that the entity is managing the award in compliance with the U.S. Constitution, federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in Standards for Internal Control in the Federal Government issued by the Comptroller General of the United States or the Internal Control-Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). 

Related Article: Elements of Internal Control

The entity must also evaluate and monitor its compliance and take prompt action when instances of noncompliance are identified. Further, the entity must take reasonable measures to safeguard protected personally identifiable information and other information the entity designates as sensitive or considers sensitive consistent with applicable federal, state, local, and tribal laws regarding privacy and responsibility for confidentiality.

What are some best practices to include in your internal control environment?

As part of the American Rescue Plan, the Treasury Department has enacted the Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program. On February 28, 2022, Treasury updated and released Compliance and Reporting Guidance, which included internal control best practices:

Best Practice



Written policies and procedures

Formal documentation of recipient policies and procedures

Documented procedure for determining worker eligibility for premium pay

Documented procurement procedures, which are required by CFR §200.318

Written standards of conduct

Formal statement of mission, values, principles, and professional standards

Documented code of conduct / ethics for subcontractors

Risk-based due diligence

Pre-payment validations conducted according to an assessed level of risk

Enhanced eligibility review of sub recipient with imperfect performance history

Risk-based compliance monitoring

Ongoing validations conducted according to an assessed level of risk

Higher degree of monitoring for projects that have a higher risk of fraud, given program characteristics

Record maintenance and retention

Creation and storage of financial and non-financial records.

Storage of all sub-recipient payment information.

Related Article: SLFRF Final Rule in Support of Ongoing COVID-19 Response

What are the risks associated with not maintaining effective internal controls?

Noncompliance may result in one or more of the following as described in CFR 200.339:

  • Imposing additional conditions including, but not limited to requiring payments as reimbursements rather than advance payments; requiring additional, more detailed financial reports; or establishing additional prior approvals.
  • Temporarily withholding cash payments pending correction of the deficiency or more severe enforcement action by the federal awarding agency.
  • Disallowing all or part of the cost of the activity or action not in compliance.
  • Wholly or partly suspending or terminating the federal award.
  • Initiating suspension or debarment proceedings.
  • Withholding further federal awards for the project or program.
  • Taking other remedies that may be legally available.

Risks of noncompliance may also result in one or more of the following:

  • Funds not being used or made available for the communities they are intended to serve.
  • Negative audit results, including findings of noncompliance.
  • Reputational damage.
  • Increased costs of resources necessary to address audit findings and implement corrective measures.
  • Increase in the potential for fraud, such as mismanagement of funds.

How can P&N help?

Funds are subjected to single audit requirements if more than $750,000 in federal funds was spent during the fiscal year. How are you addressing your audit readiness before the single audit? P&N has extensive experience in governmental accounting, internal audit, and grants administration services to assist you with your needs. Contact us today to discuss how we can help you evaluate and strengthen your internal controls.

Scroll to Top