COVID-19 Federal Assistance e311


Compliance & Reporting, Due Diligence & Fraud Protection

How should a municipality prepare for future audits of programs using federal funds?

In preparing for an audit, municipalities should consider which areas government agencies may scrutinize when performing an audit.  In a 2017 report[1] issued by the Office of the Inspector General (OIG) of the Department of Homeland Security, the OIG considered several factors in determining which activities to audit during disaster relief recovery periods, including:

  • Risk of fraud, waste, and abuse of federal funds;
  • Statutory and regulatory requirements;
  • Magnitude of current or potential dollar amounts;
  • Requests from congressional, Federal Emergency Management Agency (FEMA), or state officials; and
  • Reports/allegations of impropriety or problems in implementing FEMA programs.

The recommendations below are informed by lessons learned from the administration of the Coronavirus Relief Fund (CRF) established by the CARES Act of 2020.  Additionally, on May 11, 2021, the United States Department of Treasury (“Treasury”) released new guidance on the American Rescue Plan Act (ARP)[2] titled the “Interim Final Rule”. This guidance reinforced the importance of transparency, documentation, and accountability. For example, the background section of this new guidance states “…the interim final rule establishes certain regular reporting requirements, including by requiring State, local and Tribal governments to publish information regarding uses of Fiscal Recovery Funds payments in their local jurisdiction. These reporting requirements reflect the need for transparency and accountability.” As a result, it is important that municipalities sufficiently document and monitor their activities to prepare for future audits by the Federal Government or other oversight entities. Municipalities should consult specific guidance promulgated by the relevant authorities when available, but should also be guided on a regular basis by a rule of thumb for auditors: if program activities are not clearly documented, they did not happen.

CRF Compliance Requirements

With regards to the CRF, for direct payments offered and disbursed by the Treasury, governmental auditors reference 2 CFR Part 200, Appendix XI Compliance Supplement Addendum[3] when developing audit procedures to test compliance with the requirements for this federal program. The Office of Management and Budget (OMB) has determined that auditors must a) determine which of the 12 types of compliance requirements have been identified as subject to the audit, and b) determine which of the compliance requirements are subject to the audit, and are likely to have a direct and material effect on the federal program from which the auditee received funds.  Of the 12 types of OMB compliance requirements, the following five compliance requirements are subject to audit under CRF:

  1. Activities Allowed or Unallowed[4]
  2. Allowable Costs / Cost Principles[5]
  3. Period of Performance[6]
  4. Reporting[7]
  5. Sub-recipient Monitoring[8]

For each compliance requirement subject to the audit listed above, the auditor must reference Part 3 of the 2 CFR Part 200, Appendix XI Compliance Supplement (for which specific pages have been referenced) in conjunction with the addendum referenced in Footnote 2 in the section titled ”Department of the Treasury.”


Audit Checklist

In preparing for an audit, it may help to understand the audit methodology that will be utilized, so that municipalities may reverse engineer the audit to better prepare. Understanding what the auditors will be examining will allow municipalities to ensure that the proper documents and supporting data are available.

According to OIG-CA-21-004[9] Coronavirus Relief Fund Prime Recipient Desk Review Procedures, once the information is incorporated into GrantSolutions, the Office of the Inspector General of the Department of the United States Treasury (“Treasury OIG”) will perform a desk review which evaluates the prime recipient’s documentation supporting the uses of CFR proceeds as reported and assess the risk of unallowable fund uses.  Part of the desk review will include the use of other publicly available audits, such as a single audit or other state auditor reports.  Desk audits may result in site visits to the prime recipient for a more in-depth review or recommendation for audit.  The review methodology includes, but is not limited to the following;

  • Review the prime recipient’s quarterly GrantSolutions submission(s);
  • Review other audit reports (Single Audit, State Auditor, Government Accountability Office (GAO), and other applicable Federal agency OIG reports at for internal control or other deficiencies that may pose risk or impact the prime recipients uses of CRF proceeds;
  • Review the National Association of State Auditors, Comptrollers, and Treasurers newsletter for issues that may pose risk or impact the prime recipient’s use of CRF proceeds;
  • Select a judgmental sample of contracts, grants, loans, transfers to other governments, direct payments, and aggregate reporting (hereinafter referred to as payment types) based on risks identified in other audit reports, GrantSolutions reporting deficiencies identified by monitoring/approval team, and anomalies identified by the Data Analytics manager.  If necessary, consult with a statistician to identify a sampling methodology to determine the appropriate sample size for review of the prime recipient’s reporting obligations and expenditures;
  • Obtain and evaluate the prime recipient’s documentation and records used to support the quarterly submission(s);
  • Interview the prime recipient’s preparer(s) and certifier as deemed appropriate;
  • Interview State Auditors and other applicable oversight agency personnel as deemed necessary; and
  • Conduct site visits to the prime recipient, as deemed necessary.

The Office of the Inspector General will be using the following criteria to select a prime recipient for a CRF desk review so it is critical that cities prepare reports early and accurately, submit quarterly reports on time, and verify that all costs reported are eligible under guidance released by the US Treasury:

  • The prime recipient has exhibited a high degree of difficulty in the quarterly reporting process;
  • The prime recipient has submitted one or more late quarterly reports; or
  • The prime recipient has triggered a non-compliance status in one or more quarterly reports.[10]

According to the Journal of Accountancy[11] (the Journal), the awards presented through the CRF are creating a challenge for single auditors because the terms and conditions surrounding their use are not always clear.  Auditors, much like municipalities, are awaiting guidance on key issues and adjusting based on the availability of such guidance. The Journal provides the below tips that help auditors face these challenges;

  • Do what you can and update your teams regularly;
  • Seek out regulators’ FAQs[12];
  • Document award timing;
  • Ensure that pandemic relief is separated on the Schedule of Expenditures and Federal Awards (“SEFA”);
  • Dig into major program determination;
  • Pay special attention to internal controls; and
  • Watch for “double dipping”.

Proper Documentation and Transparency

According to OIG-CA-21-004R[13] CRF Prime Recipient Desk Review Procedures, each prime recipient or recipient of funds directly from Treasury should report COVID-19 related costs incurred during the covered period (the period beginning on March 1, 2020, and ending on December 31, 2020) into the GrantSolutions portal, as outlined in the Coronavirus Relief Fund Reporting Requirements Update (OIG-CA-20-025[14], July 31, 2020) as follows:

  • Projects: the prime recipient must list all projects it plans to complete with CRF payments;
  • Expenditure Categories: The prime recipient must select the specific expenditure category from the available options from a dropdown menu (See Footnote 9 for dropdown menu categories).
  • Each prime recipient must also provide detailed obligation and expenditure information for any contracts and grants awarded, loans issued, transfers made to other government entities, and direct payments made by the prime recipient that are greater than or equal to $50,000 as follows:
    • Contracts Greater Than or Equal to $50,000
    • Grants Greater Than or Equal to $50,000
    • Loans Greater Than or Equal to $50,000
    • Transfers to Other Government Entities Greater Than or Equal to $50,000
    • Direct Payments Greater Than or Equal to $50,000
    • Aggregate reporting below $50,000 and for payments to individuals

In basic terms stated by Treasury in the CRF Guidance (as published in the Federal Registrar on January 15, 2021)[15]: “A government should keep records sufficient to demonstrate that the amount of Fund payments to the government has been used in accordance with section 601(d) of the Social Security Act[16].” Pending any further guidance from the Treasury on the ARP’s reporting requirements, these same criteria should also be used for documenting ARP expenditures.

According to OIG-CA-20-021[17] Memorandum for Coronavirus Relief Fund Recipients, records to support compliance with subsection 601(d) and provide accurate and complete documentation for the data requested for the GrantSolutions portal may include, but are not limited to, copies of the following:

  1. General Ledger and subsidiary Ledgers used to account for:​​ a. ​​​​​The receipt of CRF Payments; and b. The disbursements of such payments to meet eligible expenses related to the public health emergency due to COVID-19.
  2. 2019 and 2020 budget records;
  3. Payroll, time records, human resource records to support costs incurred for payroll expenses related to addressing the public health emergency due to COVID-19;
  4. Receipts of purchases related to addressing the public health emergency due to COVID-19;
  5. Contracts and subcontracts entered into using CRF payments and all documents related to such contracts;
  6. Grant agreements and grant sub-award agreements entered into using CRF payments and all documents related to such awards;
  7. All documentation of reports, audits, and other monitoring of contractors, including subcontractors, and grant recipient and sub-recipients;
  8. All documentation supporting the performance outcomes of contracts, subcontracts, grant awards, and grant recipient sub-awards;
  9. All internal and external email/electronic communications related to use of CRF payments; and
  10. All investigative files and inquiry reports involving CRF payments.

Last Revised: May 18, 2021


[16] Subsection 601(d) of the Social Security Act, as amended, (42 U.S.C. 801(d)), requires that the payments from the Coronavirus Relief Fund only be used to cover expenses that—[16]

  1. are necessary expenditures incurred due to the public health emergency with respect to the Coronavirus Disease 2019 (COVID–19);
  2. were not accounted for in the budget most recently approved as of March 27, 2020 (the date of enactment of the CARES Act) for the State or government; and
  3. were incurred during the period that begins on March 1, 2020, and ends on December 31, 2021.