This Part follows the same format as 2 CFR 200.500. We purposely did not renumber the paragraphs within this part so that auditors and recipients can compare this to the single audit requirements contained in 2 CFR 200.500.

(a) Audit required. A for-profit entity that expends $750,000 or more during the non-Federal entity's fiscal year in DOE awards must have a compliance audit conducted for that year in accordance with the provisions of this Part.

(b) Compliance audit. (1) If a for-profit entity has one or more DOE awards with expenditures of $750,000 or more during the for-profit entity's fiscal year, they must have a compliance audit for each of the awards with $750,000 or more in expenditures. A compliance audit should comply with the applicable provisions in § 910.514—Scope of Audit. The remaining awards do not require, individually or in the aggregate, a compliance audit.

(2) If a for-profit entity receives more than one award from DOE with a sum total of expenditures of $750,000 or more during the for-profit entity's fiscal year, but does not have any single award with expenditures of $750,000 or more; the entity must determine whether any or all of the awards have common compliance requirements (i.e., are considered a cluster of awards) and determine the total expenditures of the awards with common compliance requirements. A compliance audit is required for the largest cluster of awards (if multiple clusters of awards exist) or the largest award not in a cluster of awards, whichever corresponding expenditure total is greater. A compliance audit should comply with the applicable provisions in § 910.514—Scope of Audit. The remaining awards do not require, individually or in the aggregate, a compliance audit;

(3) If a for-profit entity receives one or more awards from DOE with a sum total of expenditures less than $750,000, no compliance audit is required;

(4) If the for-profit entity is a sub-recipient, 2 CFR 200.501(h) requires that the pass-through entity establish appropriate monitoring and controls to ensure the sub-recipient complies with award requirements. These compliance audits must be conducted in accordance with 2 CFR 200.514 Scope of audit

(c) Program-specific audit election. Not applicable.

(d) Exemption when Federal awards expended are less than $750,000. A for-profit entity that expends less than $750,000 during the for-profit's fiscal year in DOE awards is exempt from DOE audit requirements for that year, except as noted in § 910.503 Relation to other audit requirements, but records must be available for review or audit by appropriate officials of the Federal agency, pass-through entity, and Government Accountability Office (GAO).

(e) Federally Funded Research and Development Centers (FFRDC). Management of an auditee that owns or operates a FFRDC may elect to treat the FFRDC as a separate entity for purposes of this part.

(f) Subrecipients and Contractors. An auditee may simultaneously be a recipient, a subrecipient, and a contractor. Federal awards expended as a recipient are subject to audit under this part. The payments received for goods or services provided as a contractor are not Federal awards. The provisions of 2 CFR 200.331, Subrecipient and contractor determinations should be considered in determining whether payments constitute a Federal award or a payment for goods or services provided as a contractor.

(g) Compliance responsibility for contractors. In most cases, the auditee's compliance responsibility for contractors is only to ensure that the procurement, receipt, and payment for goods and services comply with Federal statutes, regulations, and the terms and conditions of Federal awards. Federal award compliance requirements normally do not pass through to contractors. However, the auditee is responsible for ensuring compliance for procurement transactions which are structured such that the contractor is responsible for program compliance or the contractor's records must be reviewed to determine program compliance. Also, when these procurement transactions relate to a major program, the scope of the audit must include determining whether these transactions are in compliance with Federal statutes, regulations, and the terms and conditions of Federal awards.

(h) For-profit subrecipient. Since this part does not apply to for-profit subrecipients, the pass-through entity is responsible for establishing requirements, as necessary, to ensure compliance by for-profit subrecipients to DOE Federal award requirements. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for- profit subrecipient's compliance responsibility. Methods to ensure compliance for Federal awards made to for-profit subrecipients may include pre-award audits, monitoring during the agreement, and post-award audits. See also 2 CFR 200.332, Requirements for pass- through entities.

(a) Determining Federal awards expended. The determination of when a Federal award is expended must be based on when the activity related to the DOE award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of DOE awards, such as: Expenditure/expense transactions associated with awards including grants, cost-reimbursement contracts under the FAR, compacts with Indian Tribes, cooperative agreements, and direct appropriations; the disbursement of funds to subrecipients; the use of loan proceeds under loan and loan guarantee programs; the receipt of property; the receipt of surplus property; the receipt or use of program income; the distribution or use of food commodities; the disbursement of amounts entitling the for-profit entity to an interest subsidy; and the period when insurance is in force.

(b) Loan and loan guarantees (loans). Loan and loan guarantees issued by the DOE Loan Program Office corresponding to Title XVII of the Energy Policy Act of 2005, as amended, 42 U.S.C. 16511-16516 (“Title XVII”) are exempt from these provisions.

(1) Not applicable.

(2) Not applicable.

(3) Not applicable.

(c) Not applicable.

(d) Prior loan and loan guarantees (loans). See paragraph (b) of this section.

(e) Endowment funds. The cumulative balance of DOE awards for endowment funds that are federally restricted are considered DOE awards expended in each audit period in which the funds are still restricted.

(f) Free rent. Free rent received by itself is not considered a DOE award expended under this Part. However, free rent received as part of a DOE award to carry out a DOE program must be included in determining DOE awards expended and subject to audit under this part.

(g) Valuing non-cash assistance. DOE non-cash assistance, such as free rent, food commodities, donated property, or donated surplus property, must be valued at fair market value at the time of receipt or the assessed value provided by DOE.

(h) Not applicable.

(i) Not applicable.

(j) Not applicable.

(a) An audit conducted in accordance with this Part must be in lieu of any financial audit of DOE awards which a for-profit entity is required to undergo under any other Federal statute or regulation. To the extent that such audit provides DOE with the information it requires to carry out its responsibilities under Federal statute or regulation, DOE must rely upon and use that information.

(b) Notwithstanding paragraph (a) of this section, DOE, Inspectors General, or GAO may conduct or arrange for additional audits which are necessary to carry out its responsibilities under Federal statute or regulation. The provisions of this Part do not authorize any for-profit entity to constrain, in any manner, DOE from carrying out or arranging for such additional audits, except that DOE must plan such audits to not be duplicative of other audits of DOE. Any additional audits must be planned and performed in such a way as to build upon work performed, including the audit documentation, sampling, and testing already performed, by other auditors.

(c) The provisions of this Part do not limit the authority of DOE to conduct, or arrange for the conduct of, audits and evaluations of DOE awards, nor limit the authority of any Federal agency Inspector General or other Federal official.

(d) DOE to pay for additional audits. If DOE conducts or arranges for additional audits it must, consistent with other applicable Federal statutes and regulations, arrange for funding the full cost of such additional audits.

(e) Not applicable.

Audits required by this Part must be performed annually.

(a) Not applicable.

(b) Not applicable.

In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, DOE and pass-through entities must take appropriate action as provided in 2 CFR 200.339, Remedies for noncompliance.

See 2 CFR 200.425 Audit services.

(a) Program-specific audit guide available. In some cases, a program-specific audit guide will be available to provide specific guidance to the auditor with respect to internal controls, compliance requirements, suggested audit procedures, and audit reporting requirements. A listing of current program-specific audit guides can be found on the OMB website in the compliance supplement, in part 8, appendix VI, Program-Specific Audit Guides, which includes a website where a copy of the guide can be obtained. When a current program-specific audit guide is available, the auditor must follow generally accepted government auditing standards (GAGAS) and the guide when performing a compliance audit.

(b) Program-specific audit guide not available. (1) When a program-specific audit guide is not available, the auditee and auditor must conduct the compliance audit in accordance with GAAS and GAGAS.

(2) If audited financial statements are available, for-profit recipients should submit audited financial statements to DOE as a part of the compliance audit. (If the recipient is a subsidiary for which separate financial statements are not available, the recipient may submit the financial statements of the consolidated group.)

(3) The auditor must:

(i) Not applicable;

(ii) Obtain an understanding of internal controls and perform tests of internal controls over the DOE program consistent with the requirements of § 910.514 Scope of audit;

(iii) Perform procedures to determine whether the auditee has complied with Federal statutes, regulations, and the terms and conditions of DOE awards that could have a direct and material effect on the DOE program consistent with the requirements of § 910.514 Scope of audit;

(iv) Follow up on prior audit findings, perform procedures to assess the reasonableness of the summary schedule of prior audit findings prepared by the auditee in accordance with the requirements of § 910.511 Audit findings follow-up, and report, as a current year audit finding, when the auditor concludes that the summary schedule of prior audit findings materially misrepresents the status of any prior audit finding; and

(v) Report any audit findings consistent with the requirements of § 910.516 Audit findings.

(4) The auditor's report(s) may be in the form of either combined or separate reports and may be organized differently from the manner presented in this section. The auditor's report(s) must state that the audit was conducted in accordance with this part and include the following:

(i) An opinion (or disclaimer of opinion) as to whether the financial statement(s) (if available) of the DOE program is presented fairly in all material respects in accordance with the stated accounting policies;

(ii) A report on internal control related to the DOE program, which must describe the scope of testing of internal control and the results of the tests;

(iii) A report on compliance which includes an opinion (or disclaimer of opinion) as to whether the auditee complied with laws, regulations, and the terms and conditions of DOE awards which could have a direct and material effect on the DOE program; and

(iv) A schedule of findings and questioned costs for the DOE program that includes a summary of the auditor's results relative to the DOE program in a format consistent with § 910.515 Audit reporting, paragraph (d)(1) and findings and questioned costs consistent with the requirements of § 910.515 Audit reporting, paragraph (d)(3).

(c) Report submission for program-specific audits. (1) The audit must be completed and the reporting required by paragraph (c)(2) or (3) of this section submitted within the earlier of 30 calendar days after receipt of the auditor's report(s), or nine months after the end of the audit period, unless a different period is specified in a program-specific audit guide. Unless restricted by Federal law or regulation, the auditee must make report copies available for public inspection. Auditees and auditors must ensure that their respective parts of the reporting package do not include protected personally identifiable information.

(2) When a program-specific audit guide is available, the compliance audits must be submitted (along with audited financial statements if audited financial statements are available), to the appropriate DOE Contracting Officer as well as to the DOE Office of the Chief Financial Officer.

(3) When a program-specific audit guide is not available, the reporting package for a program-specific audit must consist of, a summary schedule of prior audit findings, and a corrective action plan as described in paragraph (b)(2) of this section, and the auditor's report(s) described in paragraph (b)(4) of this section. The compliance audit must be submitted (along with audited financial statements if audited financial statements are available), to the appropriate DOE Contracting Officer as well as to the DOE Office of the Chief Financial Officer.

(d) Other sections of this part may apply. Compliance audits are subject to:

(1) Section 910.500 Purpose through § 910.503 Relation to other audit requirements, paragraph (d);

(2) Section 910.504 Frequency of audits through § 910.506 Audit costs;

(3) Section 910.508 Auditee responsibilities and § 910.509 Auditor selection;

(4) Section 910.511 Audit findings follow-up;

(5) Section 910.512 Report submission, paragraphs (e) through (h);

(6) Section 910.513 Responsibilities;

(7) Section 910.516 Audit findings and § 910.517 Audit documentation;

(8) Section 910.521 Management decision; and

(9) Other referenced provisions of this part unless contrary to the provisions of this section, a program-specific audit guide, or program statutes and regulations.

The auditee must:

(a) Procure or otherwise arrange for the audit required by this Part in accordance with § 910.509 Auditor selection, and ensure it is properly performed and submitted when due in accordance with § 910.512 Report submission.

(b) Submit appropriate financial statements (if available).

(c) Submit the schedule of expenditures of DOE awards in accordance with § 910.510 Financial statements.

(d) Promptly follow up and take corrective action on audit findings, including preparation of a summary schedule of prior audit findings and a corrective action plan in accordance with § 910.511 Audit findings follow- up, paragraph (b) and § 910.511 Audit findings follow-up, paragraph (c), respectively.

(e) Provide the auditor with access to personnel, accounts, books, records, supporting documentation, and other information as needed for the auditor to perform the audit required by this Part.

(a) Auditor procurement. When procuring audit services, the objective is to obtain high-quality audits. In requesting proposals for audit services, the objectives and scope of the audit must be made clear and the for-profit entity must request a copy of the audit organization's peer review report which the auditor is required to provide under GAGAS. Factors to be considered in evaluating each proposal for audit services include the responsiveness to the request for proposal, relevant experience, availability of staff with professional qualifications and technical abilities, the results of peer and external quality control reviews, and price. Whenever possible, the auditee must make positive efforts to utilize small businesses, minority-owned firms, and women's business enterprises, in procuring audit services as stated in 2 CFR 200.321 Contracting with small and minority businesses, women's business enterprises, and labor surplus area firms, or the FAR (48 CFR part 42), as applicable.

(b) Restriction on auditor preparing indirect cost proposals. An auditor who prepares the indirect cost proposal or cost allocation plan may not also be selected to perform the audit required by this Part when the indirect costs recovered by the auditee during the prior year exceeded $1 million. This restriction applies to the base year used in the preparation of the indirect cost proposal or cost allocation plan and any subsequent years in which the resulting indirect cost agreement or cost allocation plan is used to recover costs.

(c) Use of Federal auditors. Federal auditors may perform all or part of the work required under this Part if they comply fully with the requirements of this Part.

(a) Financial statements. If available, the auditee must submit financial statements that reflect its financial position, results of operations or changes in net assets, and, where appropriate, cash flows for the fiscal year audited. The financial statements must be for the same organizational unit and fiscal year that is chosen to meet the requirements of this Part. However, for-profit entity-wide financial statements may also include departments, agencies, and other organizational units that have separate audits in accordance with § 910.514 Scope of audit, paragraph (a) and prepare separate financial statements.

(b) Schedule of expenditures of DOE awards. The auditee must prepare a schedule of expenditures of DOE awards for the period covered by the auditee's fiscal year which must include the total DOE awards expended as determined in accordance with § 910.502 Basis for determining DOE awards expended. While not required, the auditee may choose to provide information requested by DOE and pass- through entities to make the schedule easier to use. For example, when a DOE program has multiple DOE award years, the auditee may list the amount of DOE awards expended for each DOE award year separately. At a minimum, the schedule must:

(1) List individual DOE programs. For a cluster of programs, provide the cluster name, list individual DOE programs within the cluster of programs. For R&D, total DOE awards expended must be shown by individual DOE award and major subdivision within DOE. For example, the National Institutes of Health is a major subdivision in the Department of Health and Human Services.

(2) Not applicable.

(3) Provide total DOE awards expended for each individual DOE program and the CFDA number For a cluster of programs also provide the total for the cluster.

(4) Not applicable.

(5) Not applicable.

(6) Include notes that describe that significant accounting policies used in preparing the schedule, and note whether or not the for-profit entity elected to use the 10% de minimis cost rate as covered in 2 CFR 200.414 Indirect (F&A) costs.

(a) General. The auditee is responsible for follow-up and corrective action on all audit findings. As part of this responsibility, the auditee must prepare a summary schedule of prior audit findings. The auditee must also prepare a corrective action plan for current year audit findings. The summary schedule of prior audit findings and the corrective action plan must include the reference numbers the auditor assigns to audit findings under § 910.516 Audit findings, paragraph (c). Since the summary schedule may include audit findings from multiple years, it must include the fiscal year in which the finding initially occurred. The corrective action plan and summary schedule of prior audit findings must include findings relating to the financial statements which are required to be reported in accordance with GAGAS.

(b) Summary schedule of prior audit findings. The summary schedule of prior audit findings must report the status of all audit findings included in the prior audit's schedule of findings and questioned costs. The summary schedule must also include audit findings reported in the prior audit's summary schedule of prior audit findings except audit findings listed as corrected in accordance with paragraph (b)(1) of this section, or no longer valid or not warranting further action in accordance with paragraph (b)(3) of this section.

(1) When audit findings were fully corrected, the summary schedule need only list the audit findings and state that corrective action was taken.

(2) When audit findings were not corrected or were only partially corrected, the summary schedule must describe the reasons for the finding's recurrence and planned corrective action, and any partial corrective action taken. When corrective action taken is significantly different from corrective action previously reported in a corrective action plan or in DOE's or pass-through entity's management decision, the summary schedule must provide an explanation.

(3) When the auditee believes the audit findings are no longer valid or do not warrant further action, the reasons for this position must be described in the summary schedule. A valid reason for considering an audit finding as not warranting further action is that all of the following have occurred:

(i) Two years have passed since the audit report in which the finding occurred was submitted to DOE;

(ii) DOE is not currently following up with the auditee on the audit finding; and

(iii) A management decision was not issued.

(c) Corrective action plan. At the completion of the audit, the auditee must prepare, in a document separate from the auditor's findings described in § 910.516 Audit findings, a corrective action plan to address each audit finding included in the current year auditor's reports. The corrective action plan must provide the name(s) of the contact person(s) responsible for corrective action, the corrective action planned, and the anticipated completion date. If the auditee does not agree with the audit findings or believes corrective action is not required, then the corrective action plan must include an explanation and specific reasons.

(a) General. (1) The audit must be completed and the reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor's report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day.

(2) Unless restricted by Federal statutes or regulations, the auditee must make copies available for public inspection. Auditees and auditors must ensure that their respective parts of the reporting package do not include protected personally identifiable information.

(b) Data collection. See paragraph (b)(1) of this section:

(1) A senior level representative of the auditee (e.g., director of finance, chief executive officer, or chief financial officer) must sign a statement to be included as part of the reporting package that says that the auditee complied with the requirements of this Part, the reporting package does not include protected personally identifiable information, and the information included in its entirety is accurate and complete.

(2) Not applicable.

(3) Not applicable.

(c) Reporting package. The reporting package must include the:

(1) Financial statements (if available) and schedule of expenditures of DOE awards discussed in § 910.510 Financial statements, paragraphs (a) and (b), respectively;

(2) Summary schedule of prior audit findings discussed in § 910.511 Audit findings follow-up, paragraph (b);

(3) Auditor's report(s) discussed in § 910.515 Audit reporting; and

(4) Corrective action plan discussed in § 910.511 Audit findings follow-up, paragraph (c).

(d) Submission to DOE. The auditee must electronically submit the compliance reporting package described in paragraph (c) of this section compliance audits must be submitted (along with audited financial statements if audited financial statements are available), to the appropriate DOE Contracting Officer as well as to the DOE Office of the Chief Financial Officer.

(e) Requests for management letters issued by the auditor. In response to requests by a Federal agency, auditees must submit a copy of any management letters issued by the auditor.

(f) Report retention requirements. Auditees must keep one copy of the reporting package described in paragraph (c) of this section on file for three years from the date of submission to DOE.

(g) Not applicable.

(h) Not applicable.

(a)(1) Not applicable.

(2) Not applicable.

(3) Not applicable.

(i) Not applicable.

(ii) Not applicable.

(iii) Not applicable.

(iv) Not applicable.

(v) Not applicable.

(vi) Not applicable.

(vii) Not applicable.

(viii) Not applicable.

(ix) Not applicable.

(b) Not applicable.

(1) Not applicable.

(2) Not applicable.

(c) DOE responsibilities. DOE must perform the following for the awards it makes (See also the requirements of 2 CFR 200.211 Information contained in a Federal award):

(1) Ensure that audits are completed and reports are received in a timely manner and in accordance with the requirements of this Part.

(2) Provide technical advice and counsel to auditees and auditors as requested.

(3) Follow-up on audit findings to ensure that the recipient takes appropriate and timely corrective action. As part of audit follow-up, the DOE must:

(i) Issue a management decision as prescribed in § 910.521 Management decision;

(ii) Monitor the recipient taking appropriate and timely corrective action;

(iii) Use cooperative audit resolution mechanisms (see 2 CFR 200.1, Cooperative audit resolution) to improve DOE program outcomes through better audit resolution, follow-up, and corrective action; and

(iv) Develop a baseline, metrics, and targets to track, over time, the effectiveness of the DOE's process to follow-up on audit findings and on the effectiveness of Compliance Audits in improving non-Federal entity accountability and their use by DOE in making award decisions.

(4) Not applicable.

(5) Not applicable.

(i) Not applicable.

(ii) Not applicable.

(6) Not applicable.

(7) Not applicable.

(i) Not applicable.

(ii) Not applicable.

(iii) Not applicable.

(iv) Not applicable.

(v) Not applicable.

(vi) Not applicable.

(vii) Not applicable.

(viii) Not applicable.

(a) General. The audit must be conducted in accordance with GAGAS. The audit must cover the entire operations of the auditee, or, at the option of the auditee, such audit must include a series of audits that cover departments, agencies, and other organizational units that expended or otherwise administered DOE awards during such audit period, provided that each such audit must encompass the schedule of expenditures of DOE awards for each such department, agency, and other organizational unit, which must be considered to be a for-profit entity. The financial statements (if available) and schedule of expenditures of DOE awards must be for the same audit period.

(b) Financial statements. If financial statements are available, the auditor must determine whether the schedule of expenditures of DOE awards is stated fairly in all material respects in relation to the auditee's financial statements as a whole.

(c) Internal control. (1) The compliance supplement provides guidance on internal controls over Federal programs based upon the guidance in Standards for Internal Control in the Federal Government issued by the Comptroller General of the United States and the Internal Control—Integrated Framework, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).

(2) In addition to the requirements of GAGAS the auditor must perform procedures to obtain an understanding of internal control over DOE programs sufficient to plan the audit to support a low assessed level of control risk of noncompliance for major programs.

(3) Except as provided in paragraph (c)(4) of this section, the auditor must:

(i) Plan the testing of internal control over compliance to support a low assessed level of control risk for the assertions relevant to the compliance requirements; and

(ii) Perform testing of internal control as planned in paragraph (c)(3)(i) of this section.

(4) When internal control over some or all of the compliance requirements are likely to be ineffective in preventing or detecting noncompliance, the planning and performing of testing described in paragraph (c)(3) of this section are not required for those compliance requirements. However, the auditor must report a significant deficiency or material weakness in accordance with § 910.516 Audit findings, assess the related control risk at the maximum, and consider whether additional compliance tests are required because of ineffective internal control.

(d) Compliance. (1) In addition to the requirements of GAGAS, the auditor must determine whether the auditee has complied with Federal statutes, regulations, and the terms and conditions of Federal awards that may have a direct and material effect.

(2) The principal compliance requirements applicable to most Federal programs and the compliance requirements of the largest Federal programs are included in the compliance supplement.

(3) For the compliance requirements related to Federal programs contained in the compliance supplement, an audit of these compliance requirements will meet the requirements of this part. Where there have been changes to the compliance requirements and the changes are not reflected in the compliance supplement, the auditor must determine the current compliance requirements and modify the audit procedures accordingly. For those Federal programs not covered in the compliance supplement, the auditor should follow the compliance supplement's guidance for programs not included in the supplement.

(4) The compliance testing must include tests of transactions and such other auditing procedures necessary to provide the auditor sufficient appropriate audit evidence to support an opinion on compliance.

(e) Audit follow-up. The auditor must follow-up on prior audit findings, perform procedures to assess the reasonableness of the summary schedule of prior audit findings prepared by the auditee in accordance with § 910.511 Audit findings follow-up paragraph (b), and report, as a current year audit finding, when the auditor concludes that the summary schedule of prior audit findings materially misrepresents the status of any prior audit finding. The auditor must perform audit follow-up procedures.

(f) Not applicable.

The auditor's report(s) may be in the form of either combined or separate reports and may be organized differently from the manner presented in this section. The auditor's report(s) must state that the audit was conducted in accordance with this part and include the following:

(a) An opinion (or disclaimer of opinion) as to whether the financial statements (if available) are presented fairly in all material respects in accordance with generally accepted accounting principles and an opinion (or disclaimer of opinion) as to whether the schedule of expenditures of DOE awards is fairly stated in all material respects in relation to the financial statements (if available) as a whole.

(b) A report on internal control over financial reporting and compliance with Federal statutes, regulations, and the terms and conditions of the DOE award, noncompliance with which could have a material effect on the financial statements. This report must describe the scope of testing of internal control and compliance and the results of the tests, and, where applicable, it will refer to the separate schedule of findings and questioned costs described in paragraph (d) of this section.

(c) A report on compliance and report and internal control over compliance. This report must describe the scope of testing of internal control over compliance, include an opinion or modified opinion as to whether the auditee complied with Federal statutes, regulations, and the terms and conditions of DOE awards which could have a direct and material effect and refer to the separate schedule of findings and questioned costs described in paragraph (d) of this section.

(d) A schedule of findings and questioned costs which must include the following three components:

(1) A summary of the auditor's results, which must include:

(i) The type of report the auditor issued (if applicable) on whether the financial statements (if available) audited were prepared in accordance with GAAP (i.e., unmodified opinion, qualified opinion, adverse opinion, or disclaimer of opinion);

(ii) Where applicable, a statement about whether significant deficiencies or material weaknesses in internal control were disclosed by the audit of the financial statements (if available);

(iii) A statement (if applicable) as to whether the audit disclosed any noncompliance that is material to the financial statements (if available) of the auditee;

(iv) Where applicable, a statement about whether significant deficiencies or material weaknesses in internal control over major programs were disclosed by the audit;

(v) The type of report the auditor issued on compliance (i.e., unmodified opinion, qualified opinion, adverse opinion, or disclaimer of opinion);

(vi) A statement as to whether the audit disclosed any audit findings that the auditor is required to report under § 910.516 Audit findings, paragraph (a);

(vii) Not applicable.

(viii) Not applicable.

(ix) Not applicable.

(2) Findings relating to the financial Statements (if available) which are required to be reported in accordance with GAGAS.

(3) Findings and questioned costs for DOE awards which must include audit findings as defined in § 910.516 Audit findings, paragraph (a).

(i) Audit findings (e.g., internal control findings, compliance findings, questioned costs, or fraud) that relate to the same issue should be presented as a single audit finding.

(ii) Audit findings that relate to both the financial statements (if available) and DOE awards, as reported under paragraphs (d)(2) and (3) of this section, respectively, should be reported in both sections of the schedule. However, the reporting in one section of the schedule may be in summary form with a reference to a detailed reporting in the other section of the schedule.

(e) Nothing in this part precludes combining of the audit reporting required by this section with the reporting required by § 910.512 Report submission, paragraph (b), when allowed by GAGAS.

(a) Audit findings reported. The auditor must report the following as audit findings in a schedule of findings and questioned costs:

(1) Significant deficiencies and material weaknesses in internal control over major programs and significant instances of abuse relating to major programs. The auditor's determination of whether a deficiency in internal control is a significant deficiency or material weakness for the purpose of reporting an audit finding is in relation to a type of compliance requirement for a major program identified in the Compliance Supplement.

(2) Material noncompliance with the provisions of Federal statutes, regulations, or the terms and conditions of DOE awards related to a major program. The auditor's determination of whether a noncompliance with the provisions of Federal statutes, regulations, or the terms and conditions of DOE awards is material for the purpose of reporting an audit finding is in relation to a type of compliance requirement for a major program identified in the compliance supplement.

(3) Known questioned costs that are greater than $25,000 for a type of compliance requirement for a major program. Known questioned costs are those specifically identified by the auditor. In evaluating the effect of questioned costs on the opinion on compliance, the auditor considers the best estimate of total costs questioned (likely questioned costs), not just the questioned costs specifically identified (known questioned costs). The auditor must also report known questioned costs when likely questioned costs are greater than $25,000 for a type of compliance requirement for a major program. In reporting questioned costs, the auditor must include information to provide proper perspective for judging the prevalence and consequences of the questioned costs.

(4) Known questioned costs that are greater than $25,000 for a DOE program. which is not audited as a major program. Except for audit follow-up, the auditor is not required under this Part to perform audit procedures for such a DOE program; therefore, the auditor will normally not find questioned costs for a program that is not audited as a major program. However, if the auditor does become aware of questioned costs for a DOE program that is not audited as a major program (e.g., as part of audit follow-up or other audit procedures) and the known questioned costs are greater than $25,000, then the auditor must report this as an audit finding.

(5) Not applicable.

(6) Known or likely fraud affecting a DOE award, unless such fraud is otherwise reported as an audit finding in the schedule of findings and questioned costs for DOE awards. This paragraph does not require the auditor to report publicly information which could compromise investigative or legal proceedings or to make an additional reporting when the auditor confirms that the fraud was reported outside the auditor's reports under the direct reporting requirements of GAGAS.

(7) Instances where the results of audit follow-up procedures disclosed that the summary schedule of prior audit findings prepared by the auditee in accordance with § 910.511 Audit findings follow-up, paragraph (b) materially misrepresents the status of any prior audit finding.

(b) Audit finding detail and clarity. Audit findings must be presented in sufficient detail and clarity for the auditee to prepare a corrective action plan and take corrective action, and for DOE to arrive at a management decision. The following specific information must be included, as applicable, in audit findings:

(1) Federal program and specific Federal award identification including the CFDA title and number, and Federal award identification number and year. When information, such as the CFDA title and number or DOE award identification number, is not available, the auditor must provide the best information available to describe the Federal award.

(2) The criteria or specific requirement upon which the audit finding is based, including the Federal statutes, regulations, or the terms and conditions of the DOE awards. Criteria generally identify the required or desired state or expectation with respect to the program or operation. Criteria provide a context for evaluating evidence and understanding findings.

(3) The condition found, including facts that support the deficiency identified in the audit finding.

(4) A statement of cause that identifies the reason or explanation for the condition or the factors responsible for the difference between the situation that exists (condition) and the required or desired state (criteria), which may also serve as a basis for recommendations for corrective action.

(5) The possible asserted effect to provide sufficient information to the auditee and DOE to permit them to determine the cause and effect to facilitate prompt and proper corrective action. A statement of the effect or potential effect should provide a clear, logical link to establish the impact or potential impact of the difference between the condition and the criteria.

(6) Identification of questioned costs and how they were computed. Known questioned costs must be identified by applicable CFDA number(s) and applicable DOE award identification number(s).

(7) Information to provide proper perspective for judging the prevalence and consequences of the audit findings, such as whether the audit findings represent an isolated instance or a systemic problem. Where appropriate, instances identified must be related to the universe and the number of cases examined and be quantified in terms of dollar value. The auditor should report whether the sampling was a statistically valid sample.

(8) Identification of whether the audit finding was a repeat of a finding in the immediately prior audit and if so any applicable prior year audit finding numbers.

(9) Recommendations to prevent future occurrences of the deficiency identified in the audit finding.

(10) Views of responsible officials of the auditee.

(c) Reference numbers. Each audit finding in the schedule of findings and questioned costs must include a reference number in the format meeting the requirements of the data collection form submission required by § 910.512 Report submission, paragraph (b) to allow for easy referencing of the audit findings during follow-up.

(a) Retention of audit documentation. The auditor must retain audit documentation and reports for a minimum of three years after the date of issuance of the auditor's report(s) to the auditee, unless the auditor is notified in writing by DOE or the cognizant agency for indirect costs to extend the retention period. When the auditor is aware that the Federal agency or auditee is contesting an audit finding, the auditor must contact the parties contesting the audit finding for guidance prior to destruction of the audit documentation and reports.

(b) Access to audit documentation. Audit documentation must be made available upon request to the cognizant agency for indirect cost, DOE, or GAO at the completion of the audit, as part of a quality review, to resolve audit findings, or to carry out oversight responsibilities consistent with the purposes of this Part. Access to audit documentation includes the right of Federal agencies to obtain copies of audit documentation, as is reasonable and necessary.

(a) General. The auditor's determination should be based on an overall evaluation of the risk of noncompliance occurring that could be material to the DOE program. The auditor must consider criteria, such as described in paragraphs (b), (c), and (d) of this section, to identify risk in Federal programs. Also, as part of the risk analysis, the auditor may wish to discuss a particular DOE program with auditee management and DOE.

(b) Current and prior audit experience. (1) Weaknesses in internal control over DOE programs would indicate higher risk. Consideration should be given to the control environment over DOE programs and such factors as the expectation of management's adherence to Federal statutes, regulations, and the terms and conditions of DOE awards and the competence and experience of personnel who administer the DOE programs.

(i) A DOE program administered under multiple internal control structures may have higher risk. The auditor must consider whether weaknesses are isolated in a single operating unit (e.g., one college campus) or pervasive throughout the entity.

(ii) When significant parts of a DOE program are passed through to subrecipients, a weak system for monitoring subrecipients would indicate higher risk.

(2) Prior audit findings would indicate higher risk, particularly when the situations identified in the audit findings could have a significant impact on a DOE program or have not been corrected.

(3) DOE programs not recently audited as major programs may be of higher risk than Federal programs recently audited as major programs without audit findings.

(c) Oversight exercised by DOE. (1) Oversight exercised by DOE could be used to assess risk. For example, recent monitoring or other reviews performed by an oversight entity that disclosed no significant problems would indicate lower risk, whereas monitoring that disclosed significant problems would indicate higher risk.

(2) Federal agencies, with the concurrence of OMB, may identify Federal programs that are higher risk. OMB will provide this identification in the compliance supplement.

(d) Inherent risk of the Federal program. (1) The nature of a Federal program may indicate risk. Consideration should be given to the complexity of the program and the extent to which the Federal program contracts for goods and services. For example, Federal programs that disburse funds through third party contracts or have eligibility criteria may be of higher risk. Federal programs primarily involving staff payroll costs may have high risk for noncompliance with requirements of 2 CFR 200.430 Compensation—personal services, but otherwise be at low risk.

(2) The phase of a Federal program in its life cycle at the Federal agency may indicate risk. For example, a new Federal program with new or interim regulations may have higher risk than an established program with time-tested regulations. Also, significant changes in Federal programs, statutes, regulations, or the terms and conditions of Federal awards may increase risk.

(3) The phase of a Federal program in its life cycle at the auditee may indicate risk. For example, during the first and last years that an auditee participates in a Federal program, the risk may be higher due to start-up or closeout of program activities and staff.

(4) Programs with larger Federal awards expended would be of higher risk than programs with substantially smaller Federal awards expended.

An auditee that meets all of the following conditions for each of the preceding two audit periods may qualify as a low-risk auditee and be eligible for reduced audit coverage.

(a) Compliance audits were performed on an annual basis in accordance with the provisions of this Subpart, including submitting the data collection form to DOE within the timeframe specified in § 910.512 Report submission. A for-profit entity that has biennial audits does not qualify as a low-risk auditee.

(b) The auditor's opinion on whether the financial statements (if available) were prepared in accordance with GAAP, or a basis of accounting required by state law, and the auditor's in relation to opinion on the schedule of expenditures of DOE awards were unmodified.

(c) There were no deficiencies in internal control which were identified as material weaknesses under the requirements of GAGAS.

(d) The auditor did not report a substantial doubt about the auditee's ability to continue as a going concern.

(e) None of the DOE programs had audit findings from any of the following in either of the preceding two audit periods:

(1) Internal control deficiencies that were identified as material weaknesses in the auditor's report on internal control as required under § 910.515 Audit reporting, paragraph (c);

(2) Not applicable.

(3) Not applicable.

(a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, DOE agency may also issue a management decision on findings relating to the financial statements (if they were available) which are required to be reported in accordance with GAGAS.

(b) As provided in § 910.513 Responsibilities, paragraph (c)(3), DOE is responsible for issuing a management decision for findings that relate to DOE awards it makes to for-profit entities.

(c) Not applicable.

(d) Time requirements. DOE must issue a management decision within six months of acceptance of the audit report. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report.

(e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with § 910.516 Audit findings paragraph (c).