TLDR
Missing low-risk auditee status costs mid-sized nonprofits $8,000–$15,000 per audit cycle in avoidable additional testing. The five eligibility criteria are largely within management's control — but only if you track them year-over-year.
Low-Risk Auditee Criteria: Qualifying for Reduced Single Audit Coverage
Single audit scope is not fixed. The risk-based major-program selection framework in 2 CFR 200.518 means that organizations with clean audit histories pay for less testing than those with findings. The difference, expressed in dollars, is typically $8,000–$20,000 in audit fees per cycle — plus the management hours consumed by expanded auditor requests.
Low-risk auditee status is the mechanism through which that difference is formalized. It is earned through two consecutive years of clean audit results and lost the moment a material weakness, uncorrected significant deficiency, or compliance finding appears on the record.
How Major-Program Coverage Works
The auditor selects major programs using a risk-based framework. Programs are classified as Type A (larger) or Type B (smaller) based on dollar thresholds. Type A programs are presumptively major unless the auditor determines they are low-risk. Type B programs may be selected as major based on risk factors.
Once programs are selected, the auditor must achieve coverage:
| Auditee status | Required coverage |
|---|---|
| Standard (non-low-risk) | At least 40% of total federal expenditures |
| Low-risk | At least 20% of total federal expenditures |
Coverage means the dollar value of major programs tested must reach the threshold. If no single program is large enough, multiple programs are selected until the coverage requirement is met.
The Five Criteria in Detail
Criterion 1: Single audits performed for both prior years The organization must have had single audits — not program-specific audits, not compilations — completed for each of the two preceding years. An organization that crossed the $750,000 threshold recently and has only one prior audit cannot qualify.
Criterion 2: Unmodified opinions on financial statements in both years Any modified opinion — qualified, adverse, or disclaimer — disqualifies. Even a qualified opinion on a single fund eliminates low-risk eligibility for that year in the lookback.
Criterion 3: No material weaknesses reported in either year If the auditor issued an internal control report citing a material weakness in either of the two prior years, the organization does not qualify. This criterion covers the full internal control report — financial statement material weaknesses and program-related material weaknesses both count.
Criterion 4: No uncorrected significant deficiencies The 2024 Uniform Guidance revision added nuance here. Significant deficiencies that have been corrected before the next audit may not disqualify an organization, depending on the auditor’s assessment of the corrective action’s effectiveness. Uncorrected significant deficiencies — or those with inadequate corrective action — continue to disqualify.
Criterion 5: No compliance findings in either prior year If any federal program had a finding of direct and material noncompliance in either prior year, the organization does not qualify. This criterion applies at the program level but affects overall low-risk status — a finding in one program disqualifies the entire organization for the low-risk determination.
Protecting Low-Risk Status Year Over Year
The two-year lookback means current-year audit results affect two future audit cycles. A material weakness issued in 2025 disqualifies low-risk status in 2026 and 2027 — the organization must have two consecutive clean years before requalifying.
The most effective way to protect status is to treat each audit finding not as a compliance exercise but as a control failure requiring genuine remediation. Organizations that acknowledge findings in corrective action plans but take no substantive action typically see the same finding recur, extending the disqualification period.
How GrantPipe Helps
GrantPipe’s activity log and compliance tracking surfaces the documentation auditors request during compliance testing — the evidence that programs operated in compliance with federal requirements during the year. When auditors have immediate access to well-organized support, testing completes faster and exceptions surface earlier, before they rise to the level of reportable findings. Maintaining low-risk status is substantially a documentation discipline, and GrantPipe is built around that premise.
Free resource
Get the Nonprofit Grant Compliance Checklist
A practical checklist for post-award grant compliance: restricted funds, reporting cadence, audit prep, and common failure points. Delivered by email.
Source: AICPA Government Audit Quality Center, Single Audit Benchmarking Survey 2023
- Low-risk auditee
- An entity meeting all five criteria under 2 CFR 200.520, qualifying for reduced major-program coverage (20% instead of 40% of total federal expenditures) during the single audit.
DEFINITION
- Major program
- A federal program selected by the auditor for compliance testing based on risk criteria under 2 CFR 200.518. Major programs receive a compliance opinion as part of the single audit report.
DEFINITION
- Material weakness
- A deficiency in internal control such that there is a reasonable possibility that a material misstatement of the financial statements will not be prevented, detected, or corrected on a timely basis. A material weakness in either prior audit year disqualifies low-risk status.
DEFINITION
- Significant deficiency
- A deficiency in internal control that is less severe than a material weakness, but important enough to merit attention from those charged with governance. Uncorrected significant deficiencies in prior years disqualify low-risk status.
DEFINITION
- Direct and material noncompliance
- Failure to comply with a federal program requirement that has a direct and material effect on the program. Compliance findings in either prior audit year disqualify low-risk status for that program.
DEFINITION
Q&A
If an organization had a significant deficiency two years ago but corrected it, do they still lose low-risk status?
Under the 2024 Uniform Guidance revision, significant deficiencies that have been corrected do not automatically disqualify an auditee from low-risk status in subsequent years. The auditor evaluates whether the corrective action was effective. Material weaknesses, however, are harder to clear — the prior year must show a clean opinion with no material weakness reported.
Q&A
What happens to audit fees when low-risk status is lost?
When major-program coverage doubles from 20% to 40%, auditors typically test more federal programs in detail. Each additional major program requires substantive compliance testing across the Compliance Supplement requirements. Audit fee increases of $8,000–$20,000 are common when an organization moves from low-risk to standard-risk, depending on program complexity and award dollar values.
Q&A
What is the difference between major-program coverage and the number of major programs?
Coverage refers to the dollar percentage of federal expenditures tested, not the number of programs. If an organization has five programs totaling $2 million, the auditor selects major programs until the aggregate value covers 40% (standard) or 20% (low-risk) of $2 million. A single large program might satisfy the coverage requirement alone; smaller programs may all be needed to reach the threshold.
Frequently asked