Skip to main content
GrantPipe logo GrantPipe logo

SF-SAC Data Collection Form: Single Audit Filing Guide

Published: Last updated: Reviewed: Sources: ecfr.gov fac.gov whitehouse.gov

TLDR

The SF-SAC dual-signature flow - auditee certifying officer signs first, then the auditor counter-signs separately - is the single most common reason single audits sit unfiled past the 30-day post-report deadline.

SF-SAC Data Collection Form: Single Audit Filing Guide

The single audit is complete when the auditor signs the reports. The filing is complete when the SF-SAC clears the Federal Audit Clearinghouse. Those two events are not the same, and the gap between them is where organizations miss the 30-day deadline.

The SF-SAC is a two-party process - auditee certifies, auditor counter-certifies, in that order. Both parties need FAC accounts. Both parties must act within the 30-day window. Most missed deadlines occur because the auditee submitted their portion and waited, assuming the auditor would handle the rest automatically.

The 30-Day Filing Window

Under 2 CFR 200.512, the submission deadline is the earlier of:

  • 30 days after the auditor’s report date, or
  • 9 months after the fiscal year end

For a December 31 fiscal year end with an audit report dated April 15, the deadline is May 15.

For a June 30 fiscal year end with a report dated February 28, the 30-day deadline (March 30) is earlier than 9 months (March 31) - both land in the same window but the 30-day rule controls.

The FAC timestamp records when the submission is fully complete - both signatures in place. The auditee signing on day 28 and the auditor signing on day 33 means the submission is late.

What the SF-SAC Contains

The SF-SAC is a data collection form, not the audit itself. It summarizes:

SectionWhat it captures
General informationOrganization EIN, UEI, fiscal year, audit type
Financial statementsAudit opinions, going concern disclosures, financial statements
Federal awardsEach ALN, program name, expenditures, major program status
FindingsFinding numbers, types, questioned costs, repeat findings
Auditee certificationCertifying official’s attestation
Auditor certificationAuditor’s attestation

All of these data points must be consistent with the uploaded reporting package documents. FAC does limited automated validation, but inconsistencies between the SF-SAC data and the uploaded reports create issues when oversight agencies review submissions.

FAC Account Requirements

The transition to fac.gov in 2023 (from the prior Census-run system) introduced Login.gov as the authentication mechanism. Key requirements:

Auditee: The certifying official must have a Login.gov account. For organizations submitting their first single audit, allow 3-5 business days for identity verification. The certifying official must be authorized by the organization - FAC requires a separate auditee authorization.

Auditor: The audit firm must be registered in FAC as an audit firm, and the individual CPA certifying must have a Login.gov account linked to that firm. Many audit firms pre-register during audit planning; confirm this well before the 30-day window opens.

Common Errors That Delay Acceptance

  1. Mismatched report dates: The date entered in FAC must match the date on the signed audit report. A one-day discrepancy triggers rejection.

  2. Password-protected PDFs: FAC requires accessible PDFs. Password-protected or encrypted documents fail upload validation.

  3. Inconsistent finding numbers: Finding reference numbers in the SF-SAC data entry must match the numbering in the uploaded schedule of findings exactly. “2026-001” in the data and “Finding 1” in the document fails.

  4. Missing corrective action plan: Every finding requires a corresponding corrective action plan entry. A finding without a CAP prevents submission completion.

  5. Auditor delay: The auditor receives an email invitation to certify after the auditee signs. If the auditor does not act within the window, the submission stalls. Coordinate timing explicitly - confirm the auditor’s certification date before the auditee signs.

How GrantPipe Helps

GrantPipe’s audit preparation module keeps the SEFA data current throughout the year, which means the federal awards data entered into FAC can be extracted directly from the system rather than assembled from spreadsheets at year-end. The corrective action plan tracking in GrantPipe ensures each finding gets a structured response with owner and due date - the same format the SF-SAC requires - rather than a narrative memo drafted under deadline pressure.

Free resource

Get the Nonprofit Grant Compliance Checklist

A practical checklist for post-award grant compliance: restricted funds, reporting cadence, audit prep, and common failure points. Delivered by email.

We'll email the resource and a short follow-up sequence. Unsubscribe any time.

Email is required because the download link is delivered by email, not on-page.
Under 2 CFR 200.521, federal agencies may use single audit results to impose additional award conditions, disallow costs, or terminate federal awards in cases of significant non-compliance

Source: 2 CFR Part 200, Subpart F, Section 200.521

DEFINITION

SF-SAC
Standard Form - Single Audit Collection. The official data collection form submitted to the Federal Audit Clearinghouse to complete the single audit reporting requirement. Contains audit summary data, findings, and financial statement information.

DEFINITION

Federal Audit Clearinghouse (FAC)
The federal repository for single audit submissions, now operated by GSA. Publicly accessible at fac.gov. All single audit submissions are publicly searchable.

DEFINITION

Auditee certifying official
The individual authorized to sign the auditee section of the SF-SAC on behalf of the organization - typically the executive director or chief financial officer. Must have a Login.gov account linked to the FAC.

DEFINITION

Corrective action plan (CAP)
The auditee's written response to audit findings, required under 2 CFR 200.511(c). Must include: the finding number, nature of the finding, planned corrective actions, responsible person, and expected completion date. The CAP is uploaded as part of the SF-SAC reporting package.

DEFINITION

Schedule of findings and questioned costs
The auditor's document listing all findings from the single audit, organized by financial statement findings, findings on internal control, and compliance findings. Questioned costs are identified separately.

Q&A

How does the dual-signature process work?

The SF-SAC submission requires two separate authenticated sign-offs. First, the auditee creates the submission in FAC, enters all required data, and the certifying official electronically signs the auditee certification. Then the auditor independently logs into FAC, reviews the auditee-submitted data, and certifies the auditor section. The submission is not complete - and FAC will not accept it - until both parties have signed. This is the primary source of deadline misses: organizations submit the auditee portion and wait for the auditor, not realizing the auditor must separately log in and act.

Q&A

What is included in the reporting package upload?

The complete package is uploaded as PDFs: the audited financial statements with notes, the SEFA, the auditor's report on the financial statements, the report on internal control over financial reporting and on compliance with federal requirements (the Yellow Book/GAGAS report), the schedule of findings and questioned costs, and the corrective action plan. All documents must be uploaded before the submission is marked complete.

Q&A

What if there are errors in the SF-SAC after submission?

FAC allows amendments to accepted submissions. The auditee must reopen the submission, correct the data, re-certify, and have the auditor re-certify. The original submission date is preserved in FAC's public record, but the amendment date is also noted. Frequent amendment cycles are visible to oversight agencies.

Frequently asked

Frequently Asked Questions

What is the SF-SAC?
The SF-SAC (Standard Form - Single Audit Collection) is the data collection form submitted to the Federal Audit Clearinghouse (FAC) to fulfill the single audit reporting requirement under 2 CFR 200.512. It summarizes audit findings, the financial statements audited, and the list of federal programs. It is submitted electronically through the FAC's online portal at fac.gov.
When must the SF-SAC be submitted?
The single audit reporting package must be submitted to the FAC no later than 30 days after the auditor's report date, or 9 months after the end of the fiscal year, whichever is earlier. For calendar-year organizations with a December 31 year-end and an audit completed April 30, submission is due May 30.
Who submits the SF-SAC?
The auditee submits the SF-SAC. The auditee's certifying official (typically the executive director or CFO) signs the auditee portion. The auditor then separately logs into FAC and certifies the auditor section. Both signatures must be in the system before the submission is complete.
What is the Federal Audit Clearinghouse?
The Federal Audit Clearinghouse (FAC) is the repository for all single audit submissions. Operated by the US Census Bureau under delegation from OMB, it processes SF-SAC submissions and makes single audit data publicly available. The FAC transitioned from Census to GSA management in 2023.
What happens if the submission is late?
Late submission may trigger adverse conditions from federal awarding agencies, including holding future payments, requiring more frequent reporting, or initiating a risk assessment. OMB's 2023 updates to the Uniform Guidance give agencies more tools to address late filers. The FAC itself does not impose a monetary penalty, but late filings appear on the public record.
What documents are submitted with the SF-SAC?
The complete reporting package includes: (1) the basic financial statements and notes, (2) the SEFA, (3) the auditor's report on the financial statements, (4) the auditor's report on internal control and compliance (GAGAS Yellow Book report), (5) the schedule of findings and questioned costs, and (6) the auditee's corrective action plan for any findings.

Keep reading

Compare options

01

SEFA Preparation Checklist for Nonprofits

Step-by-step Schedule of Expenditures of Federal Awards (SEFA) preparation for single audits. What goes in each column, pass-through rules, and cluster

02

Single Audit Threshold: $750,000 Raised to $1,000,000

The single audit threshold changed from $750,000 to $1,000,000 under the revised 2 CFR 200.501, effective for fiscal years ending September 30, 2025 or later

03

2 CFR 200 (Uniform Guidance): A Practical Guide for Nonprofit Operators

2 CFR Part 200 governs how nonprofits must manage federal grants - cost principles, indirect cost rates, subrecipient monitoring, and audit requirements. This

04

Low-Risk Auditee Criteria: Qualifying for Reduced Single Audit Coverage

The five criteria under 2 CFR 200.520 that qualify a nonprofit as a low-risk auditee, reducing major-program audit coverage from 40% to 20%.

05

Common Single Audit Findings: What They Are and How to Prevent Them

The most common single audit findings for nonprofits - from procurement violations and subrecipient monitoring failures to allowable cost disallowances - and

Next step

See the workflow in GrantPipe.

Start a 1-month free trial and test donor, grant, restricted-fund, and compliance work in one place.

Start your 1-month free trial