I.
GENERAL AUDIT PROGRAM
A. PURPOSE AND APPLICABILITY
The following General Audit Program provides requirements and guidance for independent audit
organizations in conducting program compliance audits of for-profit recipients and subrecipients of
federal financial assistance from the Department of Energy (DOE).
Such compliance audits must be conducted in accordance with the requirements and guidance set
forth in Statement on Auditing Standards No. 117, Compliance Audits (SAS 117) and generally
accepted government auditing standards (GAGAS). See section C below for more detail. The audit
procedures provided in this Audit Program are the minimum necessary for uniform and consistent
audit coverage.
Auditors conducting audits of entities subject to the requirements of Office of Management and
Budget (OMB) Circular No. A-133, Audits of States, Local Governments and Non-Profit
Organizations, should not use this Audit Program and should instead refer to the Circular and the
OMB Circular No. A-133 Compliance Supplement for requirements and guidance.
B. ACRONYMS AND DEFINITIONS
AICPA - American Institute of Certified Public Accountants
Auditee - Any non-Federal entity, including both recipients and subrecipients, that expends DOE
awards which must be audited under this Audit Program.
Auditor - A public accountant which meets the general standards specified in GAGAS.
Audit Finding - Matters which the auditor is required to report in the schedule of findings
and questioned costs in accordance with Section S(a) of this Audit Program.
CFDA - Catalog of Federal Domestic Assistance.
CFDA Number - The number assigned to a Federal program in the CFDA.
Corrective Action - Action taken by the auditee that:
(1) Corrects identified deficiencies;
(2) Produces recommended improvements; or
(3) Demonstrates that audit findings are either invalid or do not warrant auditee action.
DOE – U.S. Department of Energy
DOE Federal Award - DOE financial assistance that non-Federal entities receive directly from DOE
or indirectly from pass-through entities. It does not include procurement contracts used to buy goods
or services from vendors. (When multiple awards are made to a recipient or subrecipient for projects
under the same CFDA number, the term “award” shall refer to the awards in aggregate, and the audit
of the awards shall be conducted at the aggregate CFDA level.) All references to awards throughout
1
�this audit guidance are in reference to DOE awards only and are not in reference to awards from
other Federal agencies.
Federal Financial Assistance - Under Subpart D of Regulation 10 CFR Part 600 “Administrative
Requirements for Grants and Cooperative Agreements with For-Profit Organizations” (also referred
to in this document as “the Regulation”), financial assistance is the transfer of money or property to a
recipient or subrecipient to accomplish a public purpose of support or stimulation authorized by
Federal statute. Financial assistance instruments are grants, cooperative agreements, and subawards.
(See Regulation 10 CFR 600.3.) Loans, loan guarantees, contracts with prime recipients and
contracts or agreements with DOE labs shall not be considered financial assistance awards for the
purpose of this guidance. All references to financial assistance throughout this audit guidance are in
reference to DOE financial assistance only and are not in reference to financial assistance from other
Federal agencies.
GAAP - Generally Accepted Accounting Principles
GAAS - Generally Accepted Auditing Standards
GAGAS - Generally Accepted Government Auditing Standards issued by the Comptroller General of
the United States
GAO - Government Accountability Office
Internal Control Pertaining to the Compliance Requirements for Federal Awards (Internal Control
over Federal Awards) - A process (effected by an entity's management and other personnel) designed
to provide reasonable assurance regarding the achievement of the following objectives for Federal
awards:
(1) Transactions are properly recorded and accounted for to:
i. Permit the preparation of reliable financial statements and financial reports;
ii. Maintain accountability over assets; and
iii. Demonstrate compliance with laws, regulations, and other compliance
requirements;
(2) Transactions are executed in compliance with:
i. Laws, regulations, and the provisions of contracts or grant agreements that could
have a direct and material effect on a Federal award; and
ii. Any other laws and regulations that are identified in the compliance supplement;
and
(3) Funds, property, and other assets are safeguarded against loss from unauthorized use or
disposition.
Management Decision - The evaluation by the DOE, as the Federal awarding agency, or pass-
through entity of the audit findings and corrective action plan and the issuance of a written decision
as to what corrective action is necessary.
OIG - Office of Inspector General
OMB - Office of Management and Budget of the Executive Office of the President
2
�Pass-Through Entity - A non-Federal entity that provides a DOE Federal award to a subrecipient to
carry out a Federal program.
Questioned Cost - A cost that is questioned by the auditor because of an audit finding:
(1) Which resulted from a violation or possible violation of a provision of a law, regulation,
contract, grant, cooperative agreement, or other agreement or document governing the use of
Federal funds, including funds used to match Federal funds;
(2) Where the costs, at the time of the audit, are not supported by adequate documentation; or
(3) Where the costs incurred appear unreasonable and do not reflect the actions a prudent
person would take in the circumstances.
Recipient - The organization, individual, or other entity that receives an award from DOE and is
financially accountable for the use of any DOE funds or property provided for the performance of the
project, and is legally responsible for carrying out the terms and conditions of the award. (See
Regulation 10 CFR 600.3.)
SAS – AICPA Statements on Auditing Standards
Subrecipient - The legal entity to which a subaward is made and which is accountable to the recipient
for the use of the funds or property provided. (See Regulation 10 CFR 600.302.)
Vendor - A dealer, distributor, merchant, or other seller providing goods or services that are required
for the conduct of a DOE Federal program. These goods or services may be for an organization's
own use or for the use of beneficiaries of the DOE Federal program.
C. BACKGROUND
Under Regulation 10 CFR 600.316, a for-profit recipient that expends $500,000 or more in a year
under DOE Federal awards must have an audit made for that year by an independent auditor. This
requirement also applies to for-profit subrecipients. The audit generally should be made a part of the
regularly scheduled, annual audit of the recipient’s financial statements. However, it may be more
economical in some cases to have DOE Federal awards separately audited, and a recipient may elect
to do so, unless that option is precluded by award terms and conditions or by Federal laws or
regulations applicable to the program(s) under which the awards were made.
D. PERTINENT PUBLICATIONS AND REGULATIONS
1. Pertinent Publications
AICPA Statements on Auditing Standards
GAO Government Auditing Standards (2007 or subsequent revisions)
Chapter 14, Program-Specific Audits, of the AICPA Audit Guide Government Auditing Standards
and Circular No. A-133 Audits
2. Pertinent Regulation
Regulation 10 CFR 600, Subpart D, Administrative Requirements for Grants and Cooperative
Agreements with For-Profit Organizations
3
� E. AUDIT OBJECTIVES
Under Regulation 10 CFR 600.316, a for-profit recipient that expends $500,000 or more in a year
under DOE Federal awards must have an audit made for that year by an independent auditor. This
requirement also applies to for-profit subrecipients. The audit generally should be made a part of the
regularly scheduled, annual audit of the recipient’s financial statements. However, it may be more
economical in some cases to have DOE Federal awards separately audited, and a recipient may elect
to do so, unless that option is precluded by award terms and conditions or by Federal laws or
regulations applicable to the program(s) under which the awards were made.
Threshold of $500,000 According to this Guidance:
When a for-profit recipient or subrecipient has multiple DOE awards and one or more of the awards
have expenditures of $500,000 or more, a compliance audit is required for each of the awards with
$500,000 or more in expenditures. The remaining awards do not require, individually or in the
aggregate, a compliance audit. Recipients or subrecipients that have total expenditures of
$500,000 or more but that do not have any single award with expenditures of $500,000 or more
are required to have a compliance audit of the awards in the aggregate (i.e., as a cluster of
awards). Awards audited as a cluster should share common compliance requirements.
F. EFFECTIVE DATE
The requirements and guidance set forth in this Audit Program are effective for all for-profit
recipients and subrecipients’ 2010 fiscal years (i.e., for any fiscal year ending in 2010) and thereafter.
G. DUE DATES AND SUBMISSIONS
For recipients, financial statement and compliance audit submissions are due to DOE within six
months of the recipients’ fiscal year-end dates. For subrecipients, financial statement and
compliance audit submissions are due to the pass-through entity within six months of the
subawardees’ fiscal year-end dates. For the initial implementation of this guidance, submissions are
due to DOE or the pass-through entity, as applicable, no later than June 30, 2011.
For recipients, the compliance audits must be submitted along with audited financial statements, to
the appropriate DOE Contracting Officer as well as to the DOE Office of the Chief Financial Officer.
Submissions to the Office of the Chief Financial Officer should be emailed to: DOE-Audit-
Submission@[Link].
H. BASIS FOR DETERMINING DOE AWARDS EXPENDED
(a) Determining DOE Federal Awards Expended. The determination of when an award is expended
should be based on when the activity related to the award occurs. Generally, the activity pertains to
events that require the non-Federal entity to comply with laws, regulations, and the provisions of
contracts or grant agreements, such as: expenditure/expense transactions associated with grants,
cooperative agreements, the disbursement of funds passed through to subrecipients, the receipt of
property, the receipt of surplus property, the receipt or use of program income, or any other activity
performed in accordance with the terms of the financial assistance award.
4
�(b) Valuing non-cash assistance. Federal non-cash assistance, such as free rent, food stamps, food
commodities, donated property, or donated surplus property, shall be valued at fair market value at
the time of receipt or the assessed value provided by the Federal agency (DOE).
I. SUBRECIPIENT AND VENDOR CONSIDERATIONS
Section E above details the audit scope and objectives for both recipients and subrecipients. An
auditee may be a recipient, a subrecipient, and a vendor. Payments received for goods or services
provided as a vendor would not be considered DOE Federal awards. The guidance in OMB Circular
No. A-133 at Section .210 should be referred to for purposes of determining whether payments
constitute a DOE Federal award or a payment for goods and services.
In most cases, the auditee's compliance responsibility for vendors is only to ensure that the
procurement, receipt, and payment for goods and services comply with laws, regulations, and the
provisions of contracts or grant agreements. Program compliance requirements normally do not pass
through to vendors. However, the auditee is responsible for ensuring compliance for vendor
transactions which are structured such that the vendor is responsible for program compliance or the
vendor's records must be reviewed to determine program compliance.
J. FREQUENCY OF AUDITS
Regulation 10 CFR 600.316(a) requires that any recipient that expends $500,000 or more in a year
under DOE Federal awards must have an audit made for that year.
K. AUDIT COSTS
(a) Allowable costs. Unless prohibited by law, the cost of compliance audits made in accordance
with the provisions of the Regulation and this Audit Program are allowable charges to DOE
Federal awards. The charges may be considered a direct cost or an allocated indirect cost, as
determined in accordance with the provisions of the Federal Acquisition Regulation (FAR) (48
CFR parts 30 and 31), or other applicable cost principles or regulations. A reasonable allocation
of the costs of the audit of the recipient's financial statement, based on the relative benefit to the
Government and the recipient) are also allowable costs of DOE Federal awards.
(b) Unallowable costs. In accordance with this guidance, a non-Federal entity should not charge the
cost of any compliance audit not conducted in accordance with the Regulation or this Audit
Program (or not approved in advance by the cognizant DOE contracting officer) to a DOE
Federal award.
L. SANCTIONS
No audit costs may be charged to DOE Federal awards when compliance audits required by the
Regulation have not been performed or have been performed but not in accordance with the
Regulation or this guidance. In cases of continued inability or unwillingness to conduct an audit or
resolve findings in accordance with the Regulation or this Audit Program, Federal agencies and pass-
through entities shall take appropriate action using sanctions such as:
(a) Withholding a percentage of DOE Federal awards until the audit is completed
satisfactorily;
(b) Withholding or disallowing overhead costs;
5
�(c) Suspending DOE Federal awards until the audit is conducted; or
(d) Terminating the DOE Federal award.
M. PROGRAM-SPECIFIC COMPLIANCE REQUIREMENTS
If a specific program has compliance requirements that are distinct from the general compliance
requirements included in Part II (General Compliance Supplement) of this guidance, auditors should
follow the guidance in the program-specific compliance supplement available in Part III (Program-
Specific Compliance Supplements) of this guidance. Each program-specific compliance
supplement includes information only on the compliance requirements that are distinct from the
requirements in Part II. As such, auditors should follow the guidance included in Part II of this
guidance unless program-specific compliance requirements for a particular program are available in
Part III.
Included in Part II of this guidance is a matrix that outlines the compliance requirements, including
special tests and provisions, that are applicable to programs performed under DOE CFDA numbers.
For programs performed under each CFDA number, auditors should audit applicable compliance
requirements that are direct and material to the programs.
N. AUDITEE RESPONSIBILITIES
The auditee should:
(a) Identify, in its accounts, all DOE awards received and expended and the DOE programs under
which they were received. DOE program and award identification should include, as applicable, the
CFDA title and number, award number and year, and name of the pass-through entity, if applicable.
(b) Maintain internal control over DOE awards to provide reasonable assurance that the auditee is
managing DOE awards in compliance with laws, regulations, and the provisions of contracts or grant
agreements that could have a material effect on each of its DOE awards.
(c) Comply with laws, regulations, and the provisions of contracts or grant agreements related to each
of its DOE awards.
(d) Prepare appropriate financial statements.
(e) Prepare a schedule of DOE awards (arranged by CFDA number) that includes the CFDA number,
the award number, the name and the identifying number of the pass-through entity (if any) and
expenditures of the period under audit.
(f) Ensure that the audits required by the Regulation are properly performed and submitted when due
(see section G).
(g) Follow up and take corrective action on audit findings, including preparation of a summary
schedule of prior audit findings and a corrective action plan.
O. AUDITEE FINDINGS FOLLOW-UP
(a) General. The auditee should be responsible for follow-up and corrective action on all audit
findings. As part of this responsibility, the auditee should prepare a summary schedule of prior audit
findings. The auditee should also prepare a corrective action plan for current year audit findings.
The summary schedule of prior audit findings and the corrective action plan should include the
reference numbers the auditor assigns to audit findings. Since the summary schedule may include
6
�audit findings from multiple years, it should include the fiscal year in which the finding initially
occurred.
(b) Summary schedule of prior audit findings. The summary schedule of prior audit findings should
report the status of all audit findings included in the prior audit's schedule of findings and questioned
costs relative to DOE awards. The summary schedule should also include audit findings reported in
the prior audit's summary schedule of prior audit findings except audit findings listed as corrected in
accordance with paragraph (b)(1) of this section, or no longer valid or not warranting further action
in accordance with paragraph (b)(4) of this section.
(1) When audit findings were fully corrected, the summary schedule need only list the audit
findings and state that corrective action was taken.
(2) When audit findings were not corrected or were only partially corrected, the summary
schedule should describe the planned corrective action as well as any partial corrective action
taken.
(3) When corrective action taken is significantly different from corrective action previously
reported in a corrective action plan or in DOE’s or the pass-through entity's management
decision (see section P), the summary schedule should provide an explanation.
(4) When the auditee believes the audit findings are no longer valid or do not warrant further
action, the reasons for this position should be described in the summary schedule. A valid
reason for considering an audit finding as not warranting further action is that all of the
following have occurred:
(i) Two years have passed since the audit report in which the finding occurred was
submitted;
(ii) DOE or the pass-through entity is not currently following up with the auditee on
the audit finding; and
(iii) A management decision was not issued.
(c) Corrective action plan. At the completion of the audit, the auditee should prepare a corrective
action plan to address each audit finding included in the current year auditor's reports. The corrective
action plan should provide the name(s) of the contact person(s) responsible for corrective action, the
corrective action planned, and the anticipated completion date. If the auditee does not agree with the
audit findings or believes corrective action is not required, then the corrective action plan should
include an explanation and specific reasons.
P. MANAGEMENT DECISION
(a) General. The DOE is responsible for management decisions related to direct awards. The
management decision shall clearly state whether or not the audit finding is sustained, the reasons for
the decision, and the expected auditee action to repay disallowed costs, make financial adjustments,
or take other action. If the auditee has not completed corrective action, a timetable for follow-up
should be given. Prior to issuing the management decision, DOE or the pass-through entity may
request additional information or documentation from the auditee, including a request for auditor
assurance related to the documentation, as a way of mitigating disallowed costs. The management
decision should describe any appeal process available to the auditee.
7
�(b) Pass-through entity. The pass-through entity shall be responsible for making the management
decision for audit findings that relate to DOE awards it makes to subrecipients.
(c) Time requirements. The entity responsible for making the management decision shall do so
within six months of receipt of the audit report. Corrective action should be initiated within six
months after receipt of the audit report and should proceed as rapidly as possible.
(d) Reference numbers. Management decisions shall include the reference numbers the auditor
assigned to each audit finding.
Q. SCOPE OF AUDIT
Auditors must conduct the compliance audit in accordance with GAAS, including SAS 117, and
GAGAS. For-profit recipients should submit audited financial statements to DOE as a part of the
compliance audit. (If the recipient is a subsidiary for which separate financial statements are not
available, the recipient may submit the financial statements of the consolidated group.) Subrecipients
should submit audited financial statements to the pass-through entity as part of the compliance audit.
Auditors do not need to conduct the financial statement audit in accordance with GAGAS, but should
instead conduct the financial statement audit in compliance with either GAAS or standards put in
place by the Public Company Accounting Oversight Board (PCAOB), as appropriate.
In the event the recipient (or subrecipient) is not a domestic entity and the audit is performed in a
foreign jurisdiction, auditors may perform the audit in accordance with the auditing standards
applicable in the foreign jurisdiction. Auditors must disclose in the audit report which auditing
standards were used.
The compliance audit and related reporting will generally follow the requirements as set forth in this
audit guidance.
(a) Internal control.
(1) In addition to the requirements of GAGAS, the auditor shall perform procedures to obtain
an understanding of internal control over compliance with DOE awards sufficient to plan the
audit to support a low assessed level of control risk.
(2) Except as provided in paragraph (a)(3) of this section, the auditor shall:
(i) Plan the testing of internal control over compliance to support a low assessed level
of control risk for the assertions relevant to the compliance requirements for each
award (or cluster of awards); and
(ii) Perform testing of internal control over compliance as planned in paragraph
(a)(2)(i) of this section.
(3) When internal controls over some or all of the compliance requirements for an award or
cluster of awards are likely to be ineffective in preventing or detecting noncompliance, the
planning and performing of testing described in paragraph (a)(2) of this section are not
required for those compliance requirements. However, the auditor should assess control risk
at the maximum and consider whether any additional compliance tests are required because
of ineffective internal control. The auditor also should report a significant deficiency or a
material weakness in internal control over compliance as part of the audit findings.
8
�(b) Compliance.
(1) In addition to the requirements of GAGAS, the auditor shall determine whether the
auditee has complied with laws, regulations, and the provisions of contracts or grant
agreements that may have a direct and material effect on each of its awards or cluster of
awards.
(2) The principal compliance requirements applicable to the DOE awards subject to audit in
this Audit Program are identified in Part II of this Audit Program. An audit of these
compliance requirements will meet the requirements of the Regulation.
(3) The compliance testing shall include tests of transactions and such other auditing
procedures necessary to provide the auditor sufficient evidence to support an opinion on
compliance for each DOE award or cluster of awards required to be audited.
(c) Audit follow-up. The auditor shall follow-up on prior audit findings, perform procedures to assess
the reasonableness of the summary schedule of prior audit findings prepared by the auditee, and
report, as a current year audit finding, when the auditor concludes that the summary schedule of prior
audit findings materially misrepresents the status of any prior audit finding. The auditor shall
perform audit follow-up procedures regardless of whether a prior audit finding relates to an award or
cluster of awards in the current year.
R. AUDIT REPORTING
The reporting package submitted to DOE or the pass-through entity should include:
Audited financial statements of the entity.
A schedule of DOE awards (arranged by CFDA number) that includes the CFDA number, the
award number, the name and the identifying number of the pass-through entity (if any) and
expenditures of the period under audit
The auditor’s opinion on the financial statements and an opinion on the schedule in relation to the
financial statements. (see section Q above)
A report on internal control over compliance related to major awards or cluster of awards. This
report shall describe the scope of testing of internal control and the results of the tests, and, where
applicable, refer to the separate schedule of findings and questioned costs described below. The
auditor's report(s) shall state that the audit was conducted in accordance with U.S. Department of
Energy Audit Guidance: For-Profit Recipients and Subrecipients and GAGAS.
A report on compliance with laws, regulations, and the provisions of contracts or grant
agreements. This report shall also include an opinion (or disclaimer of opinion) as to whether the
auditee complied with laws, regulations, and the provisions of contracts or grant agreements
which could have a direct and material effect on each award or cluster of awards, and, where
applicable, refer to the separate schedule of findings and questioned costs described below. The
auditor's report(s) shall state that the audit was conducted in accordance with U.S. Department of
Energy Audit Guidance: For-Profit Recipients and Subrecipients and GAGAS.
9
� A schedule of findings and questioned costs which shall include the following two components1:
(1) A summary of the auditor's results which shall include:
(i) Where applicable, a statement that significant deficiencies or material weaknesses
in internal control over awards or cluster of awards were disclosed by the audit;
(ii) An identification of DOE awards or cluster of awards audited;
(iii) The type of report the auditor issued on compliance for each award or cluster of
awards audited (i.e., unqualified opinion, qualified opinion, adverse opinion, or
disclaimer of opinion);
(iv) A statement as to whether the audit disclosed any audit findings which the
auditor is required to report.
(2) Findings and questioned costs for DOE awards or clusters of awards which shall include
audit findings as defined in the following section. Audit findings (e.g., internal control
findings, compliance findings, questioned costs, or fraud) which relate to the same issue
should be presented as a single audit finding.
S. AUDIT FINDINGS
(a) Audit findings reported. The auditor shall report the following as audit findings in a schedule of
findings and questioned costs:
(1) Significant deficiencies or material weaknesses in internal control over awards or cluster
of awards. The auditor's determination of whether a deficiency in internal control is a
significant deficiency for the purpose of reporting an audit finding is in relation to a type of
compliance requirement for an award (or cluster of awards) or an audit objective identified in
the compliance supplement.
(2) Material noncompliance with the provisions of laws, regulations, contracts, or grant
agreements related to an award or cluster of awards. The auditor's determination of whether
a noncompliance with the provisions of laws, regulations, contracts, or grant agreements is
material for the purpose of reporting an audit finding is in relation to a type of compliance
requirement for an award (or cluster of awards) or an audit objective identified in Part II of
this guidance.
(3) Known questioned costs which are greater than $10,000 for a type of compliance
requirement for an award or cluster of awards. Known questioned costs are those specifically
identified by the auditor. In evaluating the effect of questioned costs on the opinion on
compliance, the auditor considers the best estimate of total costs questioned (likely
questioned costs), not just the questioned costs specifically identified (known questioned
costs). The auditor shall also report known questioned costs when likely questioned costs are
greater than $10,000 for a type of compliance requirement for an award or cluster of awards.
1
Although not directly applicable, chapter 13, Reporting Requirements and Communication Considerations, of the
AICPA Audit Guide Government Auditing Standards and Circular A-133 Audits, provides useful guidance for the
preparation of this schedule.
10
� In reporting questioned costs, the auditor shall include information to provide proper
perspective for judging the prevalence and consequences of the questioned costs.
(4) Known questioned costs which are greater than $10,000 for a DOE award which is not
audited as a separate award. Except for audit follow-up, the auditor is not required under the
Regulation to perform audit procedures for such an award and therefore normally will not
find questioned costs for such an award. However, if the auditor does become aware of
questioned costs for a DOE award which is not audited as a separate award (e.g., as part of
audit follow-up or other audit procedures) and the known questioned costs are greater than
$10,000, then the auditor shall report this as an audit finding.
(5) The circumstances concerning why the auditor's report on compliance for awards or
cluster of awards is other than an unqualified opinion, unless such circumstances are
otherwise reported as audit findings in the schedule of findings and questioned costs for DOE
awards.
(6) Known fraud affecting a DOE award, unless such fraud is otherwise reported as an audit
finding in the schedule of findings and questioned costs for DOE awards. This paragraph
does not require the auditor to make an additional reporting when the auditor confirms that
the fraud was reported outside of the auditor's reports under the direct reporting requirements
of GAGAS.
(7) Instances where the results of audit follow-up procedures disclosed that the summary
schedule of prior audit findings prepared by the auditee materially misrepresents the status of
any prior audit finding.
(b) Audit finding detail. Audit findings shall be presented in sufficient detail for the auditee to
prepare a corrective action plan and take corrective action and for DOE and pass-through entities to
arrive at a management decision. The following specific information shall be included, as applicable,
in audit findings:
(1) Specific DOE award identification including the CFDA title and number, DOE award
number and year, and name of the applicable pass-through entity. When information, such as
the CFDA title and number or DOE award number, is not available, the auditor shall provide
the best information available to describe the DOE award.
(2) The criteria or specific requirement upon which the audit finding is based, including
statutory, regulatory, or other citation.
(3) The condition found, including facts that support the deficiency identified in the audit
finding.
(4) Identification of questioned costs and how they were computed.
(5) Information to provide proper perspective for judging the prevalence and consequences of
the audit findings, such as whether the audit findings represent an isolated instance or a
systemic problem. Where appropriate, instances identified shall be related to the universe
and the number of cases examined and be quantified in terms of dollar value.
(6) The possible asserted effect to provide sufficient information to the auditee and the DOE,
or pass-through entity in the case of a subrecipient, to permit them to determine the cause and
effect to facilitate prompt and proper corrective action.
(7) Recommendations to prevent future occurrences of the deficiency identified in the audit
finding.
11
� (8) Views of responsible officials of the auditee when there is disagreement with the audit
findings, to the extent practical.
(c) Reference numbers. Each audit finding in the schedule of findings and questioned costs shall
include a reference number to allow for easy referencing of the audit findings during follow-up.
T. AUDIT WORKING PAPERS
(a) Retention of working papers. The auditor shall retain working papers and reports for a minimum
of three years after the date of issuance of the auditor's report(s) to the auditee. When the auditor is
aware that the DOE, pass-through entity, or auditee is contesting an audit finding, the auditor shall
contact the parties contesting the audit finding for guidance prior to destruction of the working papers
and reports.
(b) Review of working papers. A partner of the auditing firm (or someone substantially equivalent to
a partner) shall review relevant audit working papers and document the review of such working
papers.
(c) Access to working papers. Audit working papers shall be made available upon request to DOE or
GAO at the completion of the audit, as part of a quality review, to resolve audit findings, or to carry
out oversight responsibilities consistent with the purposes of the Regulation. Access to working
papers includes the right of DOE or GAO to obtain copies of working papers, as is reasonable and
necessary.
U. ENGAGEMENT LETTER
The auditor should prepare a written engagement letter for the audited entity, which clearly sets forth
the terms, nature, and limitations of the audit engagement. The engagement letter may include terms
and conditions that the auditee and the auditor deem appropriate.
12
