ARPA Audits – What to Expect and What You Can Advise Your Clients to Do Now
December 2, 2021
Reprinted with permission from the December 2, 2021 edition of The Legal Intelligencer © 2021 ALM Media Properties, LLC. Further duplication without permission is prohibited. All rights reserved.
Recognizing the importance of The American Rescue Plan Act of 2021 (ARPA), our colleague, attorney Timothy Horstmann, wrote the first article in this series titled “The American Rescue Plan Act of 2021. Here’s What to Expect” in April 2021 and in July 2021 he penned an article titled “ARPA Windfall: What May Pa. and Its Municipalities Do With This Money?” Adding to this series, we will now discuss what to expect in an ARPA audit. This article will focus on Pennsylvania’s $13,450,275,500.40 portion of the $350 billion Coronavirus State and Local Fiscal Recovery Funds Program (CSLFRF), which is the specific program under ARPA that provides new funding to tribal governments, states, territories and local governments across the United States to aid in their recovery from the COVID-19 pandemic.
Local governments in Pennsylvania have received their first tranche of funds—consisting, in most cases, of 50% of those available—from ARPA and should expect to receive their second tranche of funds in no later than 2022. Consistent with the purpose and goals of ARPA and CSLFRF, municipalities in the commonwealth of Pennsylvania are already busily making plans and spending their funds. One important factor that may be overlooked when municipalities are determining how to spend those funds: accounting for and factoring in the cost associated with the requisite record trail the federal government requires state and local governments to maintain to ensure the funds are being utilized in a reasonable and efficient manner.
One such parameter is the applicability of the Uniform Guidance (2 CFR Part 200), which provides the basis for a systematic and periodic collection and uniform submission by federal agencies of information on all federal financial assistance programs to the Office of Management and Budget (OMB). It also establishes federal policies related to the delivery of this information to the public, including through the use of electronic media (2 CFR 200.100(a)(2)). The U.S. Department of the Treasury has confirmed that most of the provisions of the Uniform Guidance apply to ARPA and CSLFRF, including the cost principles (Subpart E) and Single Audit Act (Subpart F) requirements.
The single audit is key. Regardless of the amount of the ARPA award, federal requirements will be triggered—but the specific single audit provisions, and the requirement to conduct an audit in accordance with the Single Audit Act, will apply to any nonprofit or governmental organization whose federal expenditures in its fiscal year exceed $750,000. If a single audit is triggered, a review of the municipality’s financial statements and the award monies received will be conducted. The single audit reviews how the government agency managed the grant and ensures that agency followed the rules for dollars associated with the grant or award. The single audit is both a compliance and financial-based audit in that the auditor will be reviewing the government agency’s financial records to ensure that what is being reported is correct and financially sound as well as to ensure that it complied with all the ARPA requirements (valid eligible uses, federal procurement rules and etc.).
As an aside, in addition to the Single Audit Act’s applicability to ARPA funds, there are other reporting and compliance guidelines governmental entities must follow. Those reporting and compliance guidelines can be reviewed in the U.S. Treasury’s Compliance and Reporting Guidance—Version I (6/17/21), U.S. Treasury’s Compliance and Reporting Guidance—Version II.1 (11/15/21), and the U.S. Treasury’s User Guide (8/9/21). Furthermore, the U.S. Treasury has presented on this topic, and the recorded presentations are available at the following link: Recipient Compliance and Reporting Responsibilities | U.S. Department of the Treasury.
Turning back to the compliance- and financial-based single audit, the agency will be responsible for the performance of a single audit for any fiscal year in which $750,000 or more was expended by the government agency. The audit requirements as they pertain to awards of federal monies are contained in 2 CFR Part 200 Subpart F—audit requirements. Section 200.508 provides a list of the auditee’s responsibilities as they pertain to the Single Audit Act. Those responsibilities for the auditee include procuring or arranging for an audit and ensuring it is properly performed; preparing the appropriate financial statements; promptly following up and taking corrective action on any audit findings; and providing the auditor access to the auditee’s records.
Furthermore, Single Audit Act Section 200.514 provides a list of the auditor’s responsibilities. Those include conducting the audit in accordance with generally accepted government auditing standards (GAGAS); reviewing internal controls; determining whether the financial statements of the municipality are presented fairly and accurately; determining whether the municipality has complied with federal statutes, regulations, and the terms and conditions of the awards (e.g., confirming whether the expenditure was an authorized use under ARPA); following up on prior audit findings to confirm the procedures have been implemented to correct prior audit findings; and reviewing relevant documents.
The auditor will then provide a report that includes any findings in accordance with Section 200.515 and 200.516. Specifically, the auditor will report findings that demonstrate any significant deficiencies and material weaknesses in internal controls; material noncompliance with the provisions of federal statutes, regulations, or the terms and conditions of federal awards; known questioned costs; the circumstances pertaining to the findings; known or likely fraud affecting a federal award; and any misrepresentations of the status of any prior audit findings. The auditor’s report and findings are available upon request and are reported—except for Indian tribes and tribal organizations—on the federal government’s “Federal Audit Clearinghouse Image Management System” publicly accessible website.
If the municipality does not comply with the Single Audit Act requirements and the related provisions, the municipality may be subject to the following ramifications:
- Pay funds back equal to the amount received;
- Loss of grant or future federal funding;
- High risk status, which results in more frequent audits; and
- In extreme cases, findings of criminal fraud.
In conclusion, this article is intended to just scratch the surface on the Single Audit Act requirements and to prepare municipalities as to what they could expect in an ARPA audit. We recommend that each municipality work closely with its legal and financial advisers to establish policies for compliance as well as with the auditors to ensure compliance as early as possible in the planning stage. Furthermore, federal laws and regulations specifically allow for the municipality to use a portion of the funds received to account for the audit responsibilities. Accordingly, the relevant audit requirements subsequent to the municipality’s use of funds need to be considered when the municipality is determining how it should use the funds received.
What Else Is to Come?
We are still waiting to see how the U.S. Treasury, if at all, makes any changes when passing its final rule. We are also expecting an OMB compliance supplement specific to the COVID-19 related federal funds later this year or early next year that will provide more details regarding compliance with the relevant federal laws, including Single Audit Act compliance. Stay tuned!
Frannie Reilly and Ryan Gonder are public finance attorneys with the law firm of McNees Wallace & Nurick and practice in the firm’s public finance and government services practice group. The firm has Pennsylvania offices in Harrisburg, Lancaster, Devon, Scranton, State College and York. Reilly can be reached at email@example.com and Gonder at firstname.lastname@example.org.