2 C.F.R. § 200.518

Current through October 31, 2024
Section 200.518 - Major program determination
(a)General. The auditor must use a risk-based approach to determine which Federal programs are major programs. This risk-based approach must consider current and prior audit experience, oversight by Federal agencies and pass-through entities, and the inherent risk of the Federal program. The process described in paragraphs (b) through (h) of this section must be followed.
(b)Step one.
(1) The auditor must identify and label the larger Federal programs as Type A programs. Type A programs are defined as Federal programs with Federal awards expended during the audit period exceeding the levels outlined in table 1:

Table 1 to Paragraph (b)(1)

Total Federal awards expendedType A threshold
Equal to or exceed $1,000,000 but less than or equal to $34 million$1,000,000.
Exceed $34 million but less than or equal to $100 millionTotal Federal awards expended times .03.
Exceed $100 million but less than or equal to $1 billion$3 million.
Exceed $1 billion but less than or equal to $10 billionTotal Federal awards expended times .003.
Exceed $10 billion but less than or equal to $20 billion$30 million.
Exceed $20 billionTotal Federal awards expended times .0015.

(2) Federal programs not labeled Type A under paragraph (b)(1) of this section must be labeled Type B programs.
(3) Including large loans and loan guarantees (loans) must not result in the exclusion of other programs as Type A programs. A Federal program providing loans is considered a large loan program when it exceeds four times the largest non-loan program. The auditor must identify each large loan program as a Type A program and exclude its values in determining other Type A programs. This recalculation of the Type A program is performed after removing the total of all large loan programs. For this paragraph, a program is only considered a Federal program providing loans if the value of Federal awards expended for loans within the program comprises 50 percent or more of the total Federal awards expended for the program. A cluster of programs is treated as one program, and the value of Federal awards expended under a loan program is determined as described in § 200.502 .
(4) For biennial audits (see § 200.504 ), the determination of Type A and Type B programs must be based on the Federal awards expended during the two-year audit period.
(c)Step two.
(1) The auditor must identify Type A programs that are low-risk. In making this determination, the auditor must consider whether the requirements in § 200.519(c) , the results of audit follow-up, or any changes in personnel or systems affecting the program indicate significantly increased risk and preclude the program from being low-risk. For a Type A program to be considered low-risk, it must have been audited as a major program in at least one of the two most recent audit periods (in the most recent audit period in the case of a biennial audit), and, in the most recent audit period, the program must not have had:
(i) Internal control deficiencies that were identified as material weaknesses in the auditor's report on internal control for major programs as required under § 200.515(c) ;
(ii) A modified opinion on the program in the auditor's report on major programs as required under § 200.515(c) ; or
(iii) Known or likely questioned costs that exceed five percent of the total Federal awards expended for the program.
(2) Notwithstanding paragraph (c)(1) of this section, OMB may approve a Federal agency request that a Type A program not be considered low-risk for a specific recipient. For example, it may be necessary for a large Type A program to be audited as a major program each year for a particular recipient for the Federal agency to comply with 31 U.S.C. 3515 . The Federal agency must notify the auditee and, if known, the auditor of OMB's approval at least 180 calendar days prior to the end of the fiscal year to be audited.
(d)Step three.
(1) The auditor must identify high-risk Type B programs using professional judgment and the criteria in § 200.519 . However, the auditor is not required to identify more high-risk Type B programs than at least one-fourth of the number of low-risk Type A programs identified as low-risk under step two. Except for known material weakness in internal control or compliance problems as discussed in § 200.519(b)(1), (2), and (c)(1) , a single criterion in risk would rarely cause a Type B program to be considered high-risk. When identifying which Type B programs to assess for risk, the auditor is encouraged to use an approach that provides an opportunity for different high-risk Type B programs to be audited as major programs over a period of time.
(2) The auditor is not expected to perform risk assessments on relatively small Federal programs. Therefore, the auditor is only required to perform risk assessments on Type B programs that exceed 25 percent (0.25) of the Type A threshold determined in step one.
(e)Step four. At a minimum, the auditor must audit all of the following as major programs:
(1) All Type A programs not identified as low-risk under step two.
(2) All Type B programs identified as high-risk under step three.
(3) Additional programs as necessary to comply with the percentage of coverage rule described in paragraph (f). This rule may require the auditor to audit more programs as major programs than the number of Type A programs.
(f)Percentage of coverage rule. When the auditee meets the criteria in § 200.520 , the auditor only needs to audit the major programs identified in paragraphs (e)(1) and (2) of this section and such additional Federal programs with Federal awards expended that, in the aggregate, all major programs encompass at least 20 percent (0.20) of total Federal awards expended. Otherwise, the auditor must audit the major programs identified in paragraphs (e)(1) and (2) of this section and such additional Federal programs with Federal awards expended that, in the aggregate, all major programs encompass at least 40 percent (0.40) of total Federal awards expended.
(g)Documentation of risk. The auditor must include in the audit documentation the risk analysis used for determining major programs.
(h)Auditor's judgment. The auditor's judgment in applying the risk-based approach to determine major programs must be presumed correct when the determination was performed and documented in accordance with this part. Challenges by a Federal agency or pass-through entity must only be for clearly improper use of the requirements in this part. However, a Federal agency or pass-through entity may provide auditors guidance about the risk of a particular Federal program. The auditor must consider this guidance in determining major programs in audits not yet completed.

2 C.F.R. §200.518

85 FR 49574 , 11/12/2020; 89 FR 30136 , 10/1/2024