Launch the Fireworks! The 2019 Compliance Supplement Is Here!

Jerry Ashworth
July 1, 2019 at 15:47:49 ET
Image Image

The 2019 Office of Management and Budget (OMB) Compliance Supplement is now available! This year’s version is perhaps the most widely anticipated supplement in recent years as OMB as the audit community, as well as auditees, get their chance to see the numerous changes from previous versions.

OMB announced the 1600-plus-page 2019 Compliance Supplement (2 C.F.R. 200, Appendix XI) in the July 1 Federal Register, and it is now available here. The 2019 supplement replaces the 2017 and 2018 versions and applies to audits of fiscal years beginning after June 30, 2018. Numerous programs have been added, deleted and modified in this year's supplement. 

A critical change in this year’s version is a new requirement for auditors to test a maximum of six of the 12 compliance requirements for each of the 200-plus federal programs within the supplement, rather than testing up to 12 according to past versions. Federal agencies administering the programs in the supplement determined which six of the 12 compliance requirements were most important for auditors to test to determine if they are direct and material to the client’s program. The change is part of an effort under the President’s Management Agenda to reduce auditor burden and focus audit work on the areas of highest risk.

The maximum of six requirements tested applies to the programs included within the supplement in the Part 2 matrix. For programs not included in the supplement, auditors would continue to use guidance in Part 7 of the supplement to identify the types of compliance requirements to test as direct and material to the client’s program, and as a result, may test more than six requirements. In addition, two compliance requirements addressing “allowability” — “activities allowed and unallowed” and “allowable costs and cost principles” — were considered as one requirement by awarding agencies, therefore some programs may require the testing of five compliance requirements, plus these two, to be counted as the six to be tested.

“This reduction helps focus limited grantee, agency and auditor resources on the most critical areas affecting programs and has the potential to save taxpayers millions of dollars in audit fees and overhead costs,” according to OMB.

Further, OMB notes that federal agencies “scrubbed” the detailed audit objectives, procedures and steps in 20 percent of their programs contained in the supplement to streamline the review requirements.

Further, OMB updated auditor internal control testing requirements in Part 6 to include two appendices. One provides illustrative entitywide controls over compliance for the following internal control components — “control environment,” “risk assessment,” “information and communication” and “monitoring”. The other provides illustrative specific controls for “control activities,” the remaining internal control component. Part 6 is now more closely aligned with other internal control standards.

The supplement also updates to the “procurement and suspension and debarment” section in Part 3.2.I to address changes to the micro-purchase and simplified acquisition purchase thresholds in response to OMB Memorandum M-18-18, which essentially allowed nonfederal entities to seek approval from their cognizant agency to increase their micro-purchase and simplified acquisition purchase threshold levels. Appendix VII of the supplement provides auditor instruction to address provisions in the NDAA of 2018, explaining that auditors are not expected to develop audit findings for grant recipients that have implemented increased thresholds after June 20, 2018, without federal approval as long as the entity documented the decision in its internal procurement policies.

Auditing firms conducting single audits should study the new supplement carefully to determine what has changed, particularly for each program and cluster in Parts 4 and 5 that they are evaluating. Compliance requirements that they tested for years may no longer be required, so they should be prepared to change their traditional procedures. In addition, despite the fact that auditors will only be testing a maximum of six compliance requirements, auditees still must comply with all 12 under their programs to stay in compliance with federal regulations and avoid losing their funding or be deemed high-risk.

Join us for our following Federal Grants Forums:
Pittsburgh, Pa., July-23-25, 2019
Dallas, Texas, Oct. 16-18, 2019

Learn more at