Special report

Requirements for auditors of for-profit recipients of HHS COVID-19 relief funding

In response to the COVID-19 pandemic, the U.S. federal government has provided financial awards to various types of healthcare entities, including governments, nonprofits, and for-profit entities. Much of these funds have been provided through the U.S. Department of Health and Human Services (HHS) in the form of Provider Relief Funds (PRF) and other programs.

While governments and nonprofit organizations routinely expend federal awards that are subject to compliance audit requirements, PRF funding will require many for-profit entities that have historically received little to no federal funding to be subject to compliance audit requirements for the first time. In addition, HHS audit requirements for for-profit entities are different than other agencies and are not well understood.

To assist for-profit recipients of HHS funding and their auditors, the AICPA Governmental Audit Quality Center (GAQC) held an informational webinar in January 2022 and released a nonauthoritative practice aid: HHS Audit Requirements for For-Profit Entities with Awards from the Provider Relief Fund Program and Other HHS Programs (GAQC Practice Aid) in February 2022. The GAQC Practice Aid includes an introductory discussion and an FAQ section in two parts:

  • Part 1 – The HHS For-Profit Audit Requirements
  • Part 2 – GAGAS Financial Audit Option

The GAQC Practice Aid also includes illustrative schedules and notes, example auditor’s reports, a schedule of findings and responses, and a primer on Government Auditing Standards. Note: GAGAS refers to generally accepted government auditing standards, also referred to as Government Auditing Standards, or the Yellow Book, which is issued by the U.S. Government Accountability Office (GAO).

This communication is designed to provide background on the HHS audit requirements affecting for-profit entities, provide an overview of the options available to these entities and their auditors, and direct our customers to the most relevant resources that are available from Thomson Reuters®, the AICPA, and HHS to successfully navigate and comply with these challenging and evolving audit requirements.

HHS audit requirements for commercial (for-profit) entities

Auditors should assume that all HHS awards received by for-profit entity clients are subject to the HHS audit requirements, unless otherwise specified — for example, Medicare. The most common awards with requirements affecting for-profit healthcare entities, along with their related Assistance Listing numbers, are as follows:

  • Provider Relief Fund and American Rescue Plan (ARP) Rural Distribution (Assistance Listing 93.498)*
  • HRSA COVID-19 Claims Reimbursement for the Uninsured Program and the COVID-19 Coverage Assistance Fund (Assistance Listing 93.461)
  • COVID-19 Testing and Mitigation for Rural Health Clinics (Assistance Listing 93.697)

HHS, in their adoption of the OMB’s Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) [2 CFR part 200 in the Electronic Code of Federal Regulations (eCFR)], carved out specific audit guidance for commercial (for-profit) entities, which are detailed at 45 CFR 75.216 and 75.501. Those requirements include the following two options available to for-profit entities that report at least $750,000 in federal awards from HHS in an individual fiscal year:

  • Financial related audit of all HHS awards in accordance with GAGAS, or the “Yellow Book.” This will be referred to as a GAGAS financial audit.
  • Single audit or program-specific audit in accordance with 45 CFR 75 Subpart F (Uniform Guidance).

*The Provider Relief Fund, administered by the Health Resources & Services Administration (HRSA), is the largest and most prevalent of the HHS programs distributed to for-profit entities. Therefore, the GAQC Practice Aid and this communication focus primarily on PRF. However, for-profit entities and their auditors should be aware that funds under other HHS programs may have also been awarded and are subject to the audit requirements discussed herein.

Entities that report less than $750,000 annually in federal awards would not be subject to a compliance audit. However, PRF reporting guidance on calculating this amount issued by HHS is not intuitive and could result in some confusion regarding the calculation. Note: This communication is not intended to provide guidance on calculating PRF expenditures and lost revenues for reporting. HHS has issued detailed guidance on how to report PRF expenditures in the schedule of expenditures of federal awards (SEFA) in the case of a single audit, and in the schedule of HHS awards in the case of a program-specific audit or a GAGAS financial audit. That guidance, which is complicated and unusual, is thoroughly detailed in the 2021 OMB Compliance Supplement, the HRSA PRF FAQs, and the GAQC Practice Aid. Links are provided to these resources at the end of this document. The 2021 edition of PPC’s Guide to Single Audits and the 2022 editions of PPC’s Guide to Audits of Local Governments and PPC’s Guide to Audits of Nonprofit Organizations provide an overview of this guidance.

As previously noted, the HHS for-profit audit requirements include the option for either a single audit — or program-specific audit — under the Uniform Guidance or a GAGAS financial audit. The GAQC Practice Aid covers the GAGAS financial audit in detail, as the AICPA believes that it will be the most efficient option for most for-profit entities. The GAGAS financial audit is not a new concept but has not been widely used because for-profit healthcare entities have not historically received HHS funding at such a significant level. Key reporting elements of each type of engagement option are summarized in this communication; however, the GAQC Practice Aid and this communication primarily provide information and resources regarding the GAGAS financial audit.

The following table was derived from the GAQC Practice Aid to illustrate the key differences between each of the HHS audit options available to for-profit entities.

  GAGAS financial audit Single audit Program-specific audit
Criteria for each option

Entity has award(s) 
only from HHS

Entity has award(s) 
only from HHS

Entity has award only from 
one HHS program

Audit of entity’s 
financial statements

Not required

Required (performed 
under GAGAS)

Not required
Presentation of schedule

Schedule of specific element of a financial statement 
(Schedule of HHS Awards)

Schedule of expenditures 
of federal awards (SEFA)

Schedule of specific 
element of a financial 
statement (Schedule of 
HHS Awards)

Auditor reporting 
on the schedule
Opinion on the schedule
under AU-C 805, Special Considerations — Audits
of Single Financial Statements
and Specific Elements,
Accounts, or Items of a
Financial Statement
In addition to the opinion
on the financial statements,
an in- relation-to opinion
on the SEFA (under AU-C 725, Supplementary Information in Relation to the Financial Statements as a Whole)
Opinion on the schedule under AU-C 805, Special Considerations — Audits of Single Financial Statements
and Specific Elements, Accounts, or Items of a Financial Statement

GAGAS reporting on internal control over financial reporting 
and compliance and other matters

Required (as it relates 
to the schedule
under AU-C 805)

Required (as it relates to 
the financial statements 
as a whole)

Required in certain 
circumstances (as it relates to the schedule 
under AU-C 805)

Auditor opinion on 
compliance and reporting on
internal control over compliance

Not required

Required

Required

SOURCE: Adapted from the GAQC Practice Aid, “HHS Audit Re Requirements for For-Profit Entities with Awards from the Provider Relief Fund Program and Other HHS Programs”

Single audit and program-specific audit under the uniform guidance

A single audit for any for-profit entity with multiple federal awards, or a program-specific audit — if the for-profit entity has funding under one HHS program, such as PRF, and meets certain other requirements — has historically been applicable to states, local governments, Indian tribes, institutions of higher education, and nonprofit organizations. Those organizations that expend $750,000 or more in federal awards annually have been audited under the Uniform Guidance for many years.

A single audit is an entity-wide audit consisting of two main parts: an audit of the financial statements and a compliance audit of the entity’s major federal award programs. The audit of the major programs includes gaining an understanding of — and testing internal controls over — compliance, and testing compliance with applicable compliance requirements for each major program.

The compliance requirements subject to audit and the related internal control and compliance audit steps are outlined in the OMB Compliance Supplement, which is updated annually. The 2021 Compliance Supplement was released in August 2021. PRF is included in Part 4 of the 2021 Compliance Supplement. The 2021 Compliance Supplement Addendum 1 and Addendum 2 were released in December 2021 and January 2022, respectively, but did not affect PRF. Minor technical updates to the 2021 Compliance Supplement were issued in April 2022, one of which affected PRF by removing Part 4 — Section III(N)(1) Special Test and Provisions: Out-of-Network Patient Out-of-Pocket Expenses. Auditors should ignore that particular section when using the 2021 Compliance Supplement to determine audit procedures.

The reporting requirements under a single audit include:

  • Auditor’s Report on Financial Statements
  • Auditor’s Report on Internal Control over Financial Reporting and on Compliance and Other Matters (required by Government Auditing Standards at the financial statement level)
  • Auditor’s Report on Schedule of Expenditures of Federal Awards and Auditor’s Report on Compliance and Internal Control over Compliance Applicable to Each Federal Major Program (required by the Uniform Guidance; in-relation-to opinion on the schedule of expenditures of federal awards and reporting on internal control and compliance at the major program level)
  • Auditor’s Schedule of Findings and Questioned Costs

A program-specific audit is only available if the sole federal award of an entity is PRF and the terms and conditions of the award do not require a financial statement audit of the auditee. A program-specific audit effectively means performing a single audit of only one federal program. This may be uncommon due to many for-profit entities receiving other HHS awards in response to COVID-19.

GAGAS financial audit

GAGAS financial audits are required to be performed under AU-C 805, Special Considerations — Audits of Single Financial Statements and Specific Elements, Accounts, or Items of a Financial Statement. The schedule of HHS awards is a specified element of a financial statement. Under AU-C 805, the engagement should also comply with the other provisions of generally accepted auditing standards (GAAS) that apply to financial statement audits. 

This includes matters such as planning the engagement; identifying and assessing the risk of material misstatement whether due to error or fraud; obtaining an understanding of the internal control as it relates to the specified element; designing the nature, timing, and extent of further audit procedures; going-concern considerations; and evaluating passed adjustments.

While an opinion on compliance is not required under a GAGAS financial audit, compliance would still need to be considered by the auditor to determine that amounts in the Schedule of HHS Awards are not misstated. Government Auditing Standards requirements go beyond certain AICPA requirements, in that the auditor must also consider noncompliance with the provisions of contracts and grant agreements. Therefore, a significant amount of professional judgment will be required.

The reporting requirements of a GAGAS financial audit include:

  • An opinion on the entity’s schedule of U.S. Department of Health and Human Services (HHS) awards in accordance with AU-C section 805, Special Considerations — Audits of Single Financial Statements and Specific Elements, Accounts, or Items of a Financial Statement and Government Auditing Standards
  • Auditor’s Report on Internal Control over Financial Reporting and on Compliance and Other Matters
  • Schedule of Findings and Responses, when applicable

Part 2 of the FAQ in the GAQC Practice Aid includes guidance specific to the GAGAS financial audit option. Because the PRF program contains unusual and challenging rules and reporting requirements, auditors should be familiar with the included questions and answers in order to successfully execute and complete these engagements. Those topics include:

  • Use of GAAP basis versus a special purpose framework — that is, cash or income tax basis only
  • Determination of HHS award amounts to be reported on the schedule and for what period
  • Relationship between the schedule and the entity’s financial statements
  • Materiality for the audit of the schedule
  • Additional responsibilities in a GAGAS financial audit
  • Which provisions of laws, regulations, contracts, and grant agreements could have a material effect on the schedule and related disclosures
  • Internal control considerations
  • Level of compliance testing expected

The Appendixes to the GAQC Practice Aid include several facts and circumstance-based scenarios to illustrate the necessary steps to arrive at the appropriate schedules and notes under either the GAAP or cash basis of accounting. The Appendixes also include illustrative auditor’s reports, an illustrative schedule of findings and responses, and a primer on Government Auditing Standards.

Deadlines and audit report submission

The same HHS for-profit audit deadline applies regardless of which option is selected, which is either the earlier of thirty calendar days after the entity’s receipt of the audit report, or nine months after the entity’s fiscal year end. As of the date of this communication, there is an extension in place to allow an additional six months after the normal due date for entities with fiscal years ending through June 30, 2021.

Therefore, the extended due date for audits of entities with a fiscal year ending June 30, 2021, is currently September 30, 2022. There is no extension in place for entities with fiscal years ending after June 30, 2021 — for example, a for-profit entity with a calendar year ending December 31, 2021 would also have a deadline of September 30, 2022.

HHS audit reports of for-profit entities must be submitted via email to HRSA’s Division of Financial Integrity at PRFaudits@hrsa.gov. For-profit entities should not submit their audits to the Federal Audit Clearinghouse.

Government Auditing Standards considerations

Audit firms should carefully consider whether they are able to meet the Yellow Book requirements before taking on an engagement under the Government Auditing Standards — which, as noted previously, apply to each of the HHS audit options of for-profit entities. If the audit firm is not confident that they can meet the requirements, it is conceivable they could continue to audit the financial statements — assuming that it is a continuing engagement — and partner with a firm with Yellow Book expertise for the compliance audit portion of the engagement. Some of the most significant requirements for audit firms as prescribed by the Yellow Book are as follows:

  • Independence. The Yellow Book states that in all matters relating to the audit work, the audit organization and individual auditor, whether government or public, must be independent. If independence is impaired, the auditor should decline to perform a prospective audit or should terminate one that is in progress.

The Yellow Book establishes a conceptual framework that should be used to identify, evaluate, and apply safeguards to address threats to independence. The Yellow Book also identifies specific non-audit services that always impair independence and that auditors are prohibited from providing to audited entities. If a non-audit service is not specifically prohibited, the auditor is required to assess its impact on independence using the relevant conceptual framework.

The main differences between the AICPA and Yellow Book independence standards relate to when the conceptual framework is used and documentation of the assessment of management’s skills, knowledge, or experience.

  • Professional judgment. The Yellow Book stresses the critical role of professional judgment in complying with Government Auditing Standards. Paragraph 3.109 of the Yellow Book establishes an unconditional — that is, “must” — requirement for auditors to use professional judgment in planning, performing, and reporting on audits. Paragraph 3.110 of the Yellow Book states that professional judgment “includes exercising reasonable care and professional skepticism.”

Reasonable care requires auditors to act diligently in accordance with applicable professional standards and ethical principles. Exercising professional skepticism requires auditors to critically assess audit evidence while assuming that management is neither dishonest nor of unquestioned honesty.

Competence and continuing education: The general standard related to competence in the Yellow Book, beginning at Paragraph 4.02, states that the staff assigned to perform the audit engagement must collectively possess adequate professional competence needed to address the audit objectives and perform the work in accordance with Government Auditing Standards. The Yellow Book, Paragraph 4.03, indicates that the audit organization’s management must assign auditors who, before beginning work on the engagement, possess the competence needed for their assigned roles. The Yellow Book, Paragraph 4.04, states that the audit organization should have a process for recruitment, hiring, continuous development, assignment, and evaluation of personnel so that the workforce has the essential knowledge, skills, and abilities necessary to conduct the engagement.

80-hour and 24-hour CPE requirements: The Yellow Book contains very specific and complex CPE requirements for all auditors of GAGAS engagements, which vary depending on each auditor’s role on the engagement. In addition, due to the COVID-19 pandemic, the GAO issued the COVID-19: GAGAS CPE Alert, which provides exceptions to the normal CPE requirements: The Yellow Book CPE requirements and COVID-19 exceptions are detailed at PHC-CX-1.4 of PPC’s Practice Aids for Audits of Health Care Entities (Nonprofit and Investor-owned Entities)

  • Quality control and assurance. The requirement in Paragraph 5.02 of the Yellow Book states “an audit organization conducting engagements in accordance with GAGAS must establish and maintain a system of quality control that is designed to provide the audit organization with reasonable assurance that the organization and its personnel comply with professional standards and applicable legal and regulatory requirements.”

The requirement in Paragraph 5.04 of the Yellow Book states “an audit organization should document its quality control policies and procedures and communicate those policies and procedures to its personnel. The audit organization should document compliance with its quality control policies and procedures and maintain such documentation for a period of time sufficient to enable those performing monitoring procedures and peer reviews to evaluate the extent to which the audit organization complies with its quality control policies and procedures.”

  • Peer review. The Yellow Book, Paragraph 5.84, requires an audit organization not already subject to a peer review requirement to obtain an external peer review at least once every three years. The audit organization should obtain its first peer review covering a review period ending no later than three years from the date an audit organization begins its first Yellow Book audit — that is, the start of field work.

The Yellow Book, at Paragraph 5.77, states that external audit firms should make their most recent peer review report publicly available. This can be done, for example, by posting the peer review report on a publicly available internet site or to a publicly available site designed for transparency of peer review results. The 2021 edition of the AICPA Audit Guide, Government Auditing Standards and Single Audits (GAS/SA Audit Guide), Paragraph 2.63, explains that if these options are not available, the audit firm should use the same mechanism it uses to make other reports or documents public. The audit organization also should provide the peer review report to others when requested.

Any separate communication of findings, conclusions, and recommendations that may have been issued does not have to be made publicly available. Government Auditing Standards, Paragraph 5.81, provides additional information on transparency of peer review reports, including information that might be included with a publicly available report to help users understand its meaning.

Thomson Reuters resources

Single audits and program-specific audits under the uniform guidance

Though single audits and program-specific audits are generally not considered to be the most efficient option for most for-profit entities receiving HHS funding, the following Thomson Reuters resources address single audits and program-specific audits for governmental and nonprofit entities that can be adapted for use on for-profit single audits or program-specific audits.

PPC’s Guide to Single Audits provides comprehensive guidance, practice aids, and resources for performing single audits under the Uniform Guidance, including program-specific audits. It is a single source for all the rules, regulations, and guidelines specific to single audits. It also addresses the Government Auditing Standards requirements that would be used in GAGAS financial audits.

PPCs SMART Practice Aids — Single Audit Suite is designed to enable practitioners to plan and execute single audit engagements from beginning to end, including preparation and electronic signoff of practice aids and Compliance Audit Programs. It can be used for single audits or program-specific audits.

PPC’s Guide to Audits of Nonprofit Organizations and PPC’s Guide to Audits of Local Governments contain a chapter and related practice aids on performing single audits.

GAGAS financial audits

The AICPA believes the GAGAS audit option will be the most efficient option for most for-profit entities. It comprises the Government Auditing Standards requirements and the audit of the Schedule of HHS Awards.

Government Auditing Standards guidance

PPC’s Guide to Single Audits, PPC’s Guide to Audits of Nonprofit Organizations, and PPC’s Guide to Audits of Local Governments all contain guidance and practice aids on performing audits in accordance with Government Auditing Standards that could be adapted for use on audits of for-profit entities.

PPC’s Practice Aids for Audits of Health Care Entities (Nonprofit and Investor-owned Entities) provides practice aids for auditing the financial statements of investor-owned health care entities (for-profit entities) and nonprofit business-oriented health care entities in accordance with GAAS and procedures and practice aids to perform a financial audit in accordance with GAGAS. While the practice aids listed below can be used to address the GAGAS requirements affecting for-profit entities, remember that an audit of the financial statements is not required when performing a GAGAS financial audit. Only the Schedule of HHS Awards must be audited. See the Chapter 5 of PPC’s Guide to Nontraditional Engagements discussion below for more information on auditing the Schedule of HHS Awards.

PHC-CL - 1.3.1

Audit Engagement Letter—Yellow Book—Before Implementing SAS No. 134 and Related SASs

PHC-CL - 1.3.2

Audit Engagement Letter—Yellow Book—After Implementing SAS No. 134 and Related SASs

PHC-CL - 3.1

Management Representation Letter

PHC-CX - 1.3

Evaluating Independence—Yellow Book and GAAS Audits

PHC-CX - 1.4

Continuing Professional Education Documentation Form

PHC-CX - 14

Supervision, Review, and Approval Form

PHC-AP - 1

Audit Program for General Planning Procedures

PHC-AP - 2

Audit Program for General Auditing and Completion Procedures

Customers using Checkpoint Tools would merely select the desired practice aid and complete it for a for-profit entity even if certain wording mentions nonprofits. Customers using PPC’s SMART Practice Aids — Fieldwork would answer the SMART Setup question in the April 2022 rerelease as performing a Government Auditing Standards audit to obtain the desired forms. Those practice aids that address GAGAS requirements include:

Appendix 5A - 1

Illustrative Engagement Letter—Audit of a Specified Element

Appendix 5A - 2

General Audit Program for an Audit of a Specified Element

Appendix 5A - 3

Client Representation Letter—Audit of a Specified Element

Appendix 5A - 4

Supervision, Review, and Approval Form—Audit of a Specified Element

Appendix 5C - 1a

Audit Program for an Audit of a Separate Schedule of Sales

Schedule of HHS awards audit

Chapter 5 of PPC’s Guide to Nontraditional Engagements (NTE) covers auditing and reporting under AU-C 805 in detail. This guidance includes suggested audit documentation, engagement acceptance and planning, substantive procedures, and reporting. Appendix 5A includes a number of practice aids that may be helpful:

Note: The Appendixes referred to above would need to be modified to include the required elements of Government Auditing Standards. For example, auditors could tailor Thomson Reuters existing products to address GAGAS financial audits as follows:

  • Engagement letter: The engagement letters at PHC-CL-1.3.1 (before implementing SAS No. 134 and related SASs) and PCH-CL-1.3.2 (after implementing SAS No. 134 and related SASs) of PPC’s Practice Aids for Audits of Health Care Entities (Nonprofit and Investor-owned Entities) contain the additional information as recommended by the Yellow Book but would need to be modified to accommodate an audit of a specified element (from NTE Appendix 5A-1) rather than a financial statement audit.
  • Audit programs: As previously discussed, there will be a significant level of professional judgment required to determine which provisions of laws and regulations and provisions of contracts and grant agreements could have a material effect on the schedule and related disclosures. In addition to the terms and conditions of the award and publicly available information posted on PRF and other HHS programs, the individual HHS program sections in Part 4 of the OMB Compliance Supplement will be particularly helpful to auditors.
  • GSA-AP-5: Audit Program for Federal Award Programs — Compliance Requirements, included in PPC’s Guide to Single Audits and as Gov. Doc. 4a in PPC’s Government Documents Library is the compliance audit program for major programs in a single audit that are included in Part 4 of the Compliance Supplement. It would also be useful for compliance auditing in a GAGAS financial audit of the HHS schedule of awards. Assistance Listings 93.498 and 93.461 are included in Part 4 of the 2021 Compliance Supplement.
  • GSA-AP-4: Audit Program for Federal Award Programs Not Included in the Compliance Supplement, included in PPC’s Guide to Single Audits and as Gov. Doc. 4b in PPC’s Government Documents Library is the compliance audit program for major programs in a single audit that are not included in the Compliance Supplement. Assistance Listing 93.697 does not appear in the 2021 Compliance Supplement.
  • PPCs SMART Practice Aids — Single Audit Suite can be used to create compliance audit programs for HHS awards.

In addition, the following general and substantive procedures audit programs can be used and tailored as necessary:

  • PHC-AP-1 and PHC-AP-2 of PPC’s Practice Aids for Audits of Health Care Entities (Nonprofit and Investor- owned Entities) include general planning, auditing, and completion procedures for a financial statement audit, which include GAGAS requirements, but would need to be modified to accommodate an audit of a specific element (from NTE Appendix 5A-2).
  • NTE Appendix 5C-1a illustrates a substantive procedures audit program for a specific element — Separate Schedule of Sales — that can be tailored to address the Schedule of HHS Awards.
  • Client representation letter: The management representation letter at PHC-CL-3.1 of PPC’s Practice Aids for Audits of Health Care Entities (Nonprofit and Investor-owned Entities) includes, in the practical considerations to the letter, modification options for an engagement performed under the Yellow Book, but the letter itself would need to be modified to accommodate representations for an audit of a specified element (from NTE Appendix 5A-3) rather than a financial statement audit.
  • Supervision, review, and approval form: Government Auditing Standards establishes an additional requirement for supervisory review. Paragraph 6.31 of the Yellow Book indicates that before the report release date, auditors should document evidence of supervisory review of the work performed that supports the findings and conclusions contained in the audit report.
  • The supervision, review, and approval form at PHC-CX-14 of PPC’s Practice Aids for Audits of Health Care Entities (Nonprofit and Investor-owned Entities), includes Government Auditing Standards considerations, but would need to be modified to accommodate an audit of a specified element (from NTE Appendix 5A-4) rather than a financial statement audit.

AICPA practice aid documents

Illustrative reports

Customers may choose to use the required auditor’s reports directly from the GAQC Practice Aid, rather than tailoring the ones in Thomson Reuters products. This will minimize the customization that would be needed, though tailoring Thomson Reuters report examples would also be acceptable.

Appendix C to the GAQC Practice Aid includes illustrative auditor’s reports for the GAGAS financial audit for both after (Section 1 of Appendix C), and prior to (Section 2 of Appendix C) the implementation of SAS No. 134 and related SASs, as follows:

Section 1 – Illustrative Reports on the Schedule Reflecting Updates for SAS Nos. 134 – 140 and Illustrative GAGAS Reports

Example C - 1

Unmodified Opinion on a Specific Element of a Financial Statement 
(GAAP Basis) — For-Profit Entity Selecting the GAGAS Financial
Audit Option (post- SAS Nos. 134-140)

Example C - 2

Unmodified Opinion on a Specific Element of a Financial Statement 
(Cash Basis) — For-Profit Entity Selecting the GAGAS Financial
Audit Option (post- SAS Nos. 134-140)

Example C - 3

Report on Internal Control Over Financial Reporting and on Compliance 
and Other Matters — No Material Weaknesses, Significant Deficiencies,
or Compliance Matters — For-Profit Entity Selecting the GAGAS Financial
Audit Option

Example C - 4

Report on Internal Control Over Financial Reporting and on Compliance 
and Other Matters Material Weaknesses and Significant Deficiencies 
Identified; Reportable Instances of Noncompliance Matters Identified
— For-Profit Entity Selecting the GAGAS Financial Audit Option

Section 2 – Illustrative Reports on the Schedule for Periods Prior to the Effective Date of SAS Nos. 134 – 140

Example C - 5

Unmodified Opinion on a Specific Element of a Financial Statement 
(GAAP Basis) — For-Profit Entity Selecting the GAGAS Financial
Audit Option (pre-SAS Nos. 134-140)

Example C - 6

Unmodified Opinion on a Specific Element of a Financial Statement 
(Cash Basis) — For-Profit Entity Selecting the GAGAS Financial
Audit Option (pre- SAS Nos. 134-140)

The GAQC Practice Aid reports can simply be copied and pasted or exported from PDF to Microsoft® Word and modified accordingly. The GAQC Practice Aid does not provide report illustrations for auditor’s reports that are other than unmodified, but directs users to AU-C 705, Modifications to the Opinion in the Independent Auditor’s Report. PPC’s Guide to Auditor’s Reports provides extensive guidance on reporting and report modifications.

PPC’s Practice Aids for Audits of Health Care Entities (Nonprofit and Investor-owned Entities) includes several illustrative Government Auditing Standards reports for a variety of scenarios of instances of noncompliance, significant deficiencies, material weaknesses, and other matters.

Illustrative schedule of findings and responses

Appendix D of the GAQC Practice Aid is an Illustrative schedule of findings and responses. There are two options for how findings could be presented in the auditor’s report on internal control over financial reporting and on compliance and other matters: describe findings in the report, or refer to a separate schedule that describes the findings. Either method is acceptable. The schedule in Appendix D uses the second option.

Links to external resources

In addition to accessing the following links, entities or their auditors may contact HRSA with questions at providerreliefcontact@hrsa.gov


Thomson Reuters Cloud Audit Suite

Gain accuracy and efficiency throughout the audit process with the only cloud-based, secure, end-to-end solution