In the midst of the COVID-19 pandemic, through the Coronavirus Aid, Relief, and Economic Security (CARES) Act and the Paycheck Protection Program and Health Care Enhancement Act (PPPCHE), the federal government allocated $178 billion in payments to be distributed through the Provider Relief Fund (PRF). The PRF was designed to pay for healthcare-related expenses and/or lost revenue caused by COVID-19. The CARES Act and PPPCHE promised that the PRF distributions would not need to be returned to the federal government, assuming applicable terms and conditions were met. It’s time to think about those terms and conditions.

Generally speaking, funds from federal sources come with many strings attached, most of which are easy to address, but others prove more challenging. PRF dollars are subject to federal compliance audit requirements, which, if you received and expended more than $750,000 in your latest fiscal year, inclusive of PRF and other federal funds received from other sources, will require the involvement of a qualified and experienced audit firm to certify your entity’s compliance with the terms of your federal programs. This compliance audit will bring an added cost and complexity to what you probably originally thought would be a relatively simple process – get money, spend money, report on how that money was spent.

These compliance audits, which technically are known as Single Audits, are required by the Office of Management and Budget’s (OMB) “Uniform Guidance.” It’s a mouthful, and gets confusing, but that’s why you have us. Most of you reading this likely have not lived through a Single Audit and may now be subject to one for the first time. In very simple terms, an independent auditor would be following certain required auditing protocols, procedures, and tests to render an opinion on your compliance with the terms of the PRF program. The federal government issues fairly explicit steps (compliance supplement) that must be followed, and your auditors will be testing that compliance. Assuming all goes well, you’ll receive a report from your auditors reflecting a “clean opinion” on such compliance, essentially certifying that they did not identify any material instances of noncompliance. It’s important to not downplay the burdensome nature of this audit. It will take time for both you and the auditors. It will not be cheap. And it will, at times, be frustrating for you and your staff, as it requires more controls and compliance related testing. That’s the unfortunate nature of the beast, a consequence of accepting federally sourced money, and really the nature of auditing.

There may be less burdensome alternatives available to recipient organizations that have received federal funds from the PRF, but not from any other federal programs. This so-called program-specific audit would reduce some of the testing and simplify the reporting required of auditors. Another option that might be available to certain not-for-profit organizations may also exist in the form of a financial audit performed in conformance with government auditing standards. This form of audit would remove some of the compliance issues imposed on a typical Single Audit but add other financial statement auditing.

There are deadlines to be concerned with. The Single Audit needs to be uploaded to the Federal Audit Clearinghouse (FAC) within thirty days of the issuance of the compliance report by the audit firm or nine months after the entity’s fiscal year-end, whichever comes earlier. A three-month extension may be applicable in certain situations though. The audit firm normally would champion this upload process, which, in a sense, regurgitates the major elements of the Single Audit in a prescribed online form for the FAC to easily and quickly review and digest.

If you think you’re subject to this auditing requirement and are unfamiliar with this subject, we’d be pleased to help you navigate the various rules and options available to you.

The PRF reporting requirements don’t start and end with a Single Audit. All recipients of more than $10,000 of PRF must have attested to and accepted the funds online (If you haven’t, do so here). More detailed after-the-fact reporting will be made online through another portal that is not yet fully operational. You’ll need to register (go here to do that now) and eventually upload financial data that illustrates how much in additional costs were incurred as a result of COVID-19 (these can be direct costs or general and administrative ones) and how much revenue was lost as a result of COVID-19. Lost revenue can be calculated multiple ways – by comparing 2020 and 2019 actual revenue, 2020 actual revenue to 2020 budgeted revenue, or via an alternative method that the entity considers reasonable. The reporting obligations are more intense for entities that received more than $500,000 of PRF, including support for expenses, lost revenue, methodologies, etc.

While the PRF certainly was a positive shot in the arm for entities on the frontlines battling COVID-19, its after-effects must be carefully considered and addressed to ensure that funds stay with the recipient entities and are not later recouped by the federal government. Stay apprised of these rules and regulations by periodically reviewing this website and stay connected to us over the next few months as the reporting portal goes live, and as Single Audits start to commence. Plan now to avoid pain later.

Matthew Burke, CPA, CFE

Matthew Burke, CPA, CFE


Matt specializes in providing Cerini and Associates’ diverse array of midsized business clientele and nonprofit organizations with valuable consulting and assurance services. He prides himself on value-added, responsive, and innovative service to his clients; with a focus on forward-thinking and creative solutions. Matt has more than seventeen years of experience with many types of complex accounting, auditing, compliance, and general business matters that impact entrepreneurial, established, and nonprofit businesses.