Navigating the Compliance Supplement

June 17, 2025

A Guide for Federal Award Recipients

If your organization receives federal funding, you’ve likely heard of the Compliance Supplement. But what is it, and how can it help you navigate the complexities of a single audit? Whether you’re a nonprofit, local government, educational institution or healthcare provider, the Compliance Supplement is your go-to resource for ensuring your programs meet federal requirements.

Non-compliance with federal award requirements can have severe consequences. You could lose funding, face penalties or be required to repay funds, which can cripple smaller organizations. The Supplement helps you understand what’s expected, from how you manage cash to how you monitor subrecipients. It’s particularly important for organizations with limited compliance staff, as it provides clear guidance on meeting federal standards.

Each year, the OMB publishes a new Compliance Supplement that is a valuable resource for program recipients. Here is a breakdown of its key components and practical tips to keep your organization compliant.

Read the full 2024 Compliance Supplement here.

Key Components of the Compliance Supplement

Part One – Background, Purpose and Applicability

The first section of the Compliance Supplement discusses its history, uses and a brief overview of each of the subsequent sections. Most importantly, it notes the effective date of the supplement – each new supplement supersedes the previous one and is effective for audits of fiscal years beginning after June 30 of the prior year. For example, if your fiscal year ends on June 30, 2024 or Dec. 31, 2024, you will use the 2024 Compliance Supplement.

Part Two – Matrix of Compliance Requirements

The matrix identifies programs included within the Compliance Supplement, as well as notes which of the 12 compliance requirements are applicable to each of those programs. If your programs are included within the Compliance Supplement, this is where you’ll be able to determine which compliance requirements may be subject to audit for the applicable period. Please note that although a compliance requirement may not be marked as subject to audit, that does not mean those requirements do not apply to your program and need to continue to be met.

Part Three – Compliance Requirements

This section describes each of the 12 compliance requirements, notes the statutes they’re derived from and provides suggested audit procedures. It is important to note that these procedures are only suggestions, and auditor judgment still applies regarding the nature, timing and extent of the procedures necessary. Additionally, compliance requirements are unique to each program, and the specifics of that program may affect audit procedures. Part Three is an excellent starting place for staff members who are new to program compliance. It’s also a valuable resource for experienced staff who may need a refresher.

Part Four – Agency Program Requirements

Each program (not including clusters, see Part Five below) that is included within the Compliance Supplement is listed here. This section offers program-specific information, particularly when the unique aspects of a program necessitate deviations from the suggested audit procedures outlined in Part Three. Among the 12 compliance requirements, Special Tests and Provisions stands out since it’s especially tailored to each individual program. Essentially, it serves as a catch-all category for program requirements that don’t fit into one of the other eleven compliance requirements. If Special Tests and Provisions applies to your program, you’ll find detailed information about the requirement and its suggested audit procedures here. To find your program, simply search for its Assistance Listing Number, which should be in a “##.###” format. The page number should start with “4-” and then list the Assistance Listing Number.

It is important to note that out of the 12 compliance requirements, the Compliance Supplement is limited to selecting six as being applicable to each program each year. However, if Activities Allowed and Unallowed and Allowable Costs/Cost Principles are both marked as applicable, the OMB can select seven requirements for that program. Keep in mind the requirements selected as applicable can change from year to year.

For the applicable compliance requirements, your auditor must then use their judgment to determine if all of them are considered direct and material, and thus, subject to audit procedures.

Part Five – Clusters of Programs

Program clusters are closely related programs identified by the OMB and treated as one program for the purposes of 2 CFR Part 200, Subpart F. There are three types of clusters: research and development (R&D), student financial assistance (SFA) and other clusters. Other clusters are listed in Part 4 alongside the singular programs, but R&D and SFA are listed within Part 5.

Part Six – Internal Control

To achieve program compliance, recipients must have properly designed internal controls operating effectively. Whether you’re an entity with a well-established and robust control environment, or one that is looking to strengthen their controls, this section is a great resource for understanding the objectives of various internal controls. It also provides useful examples of how you can achieve those objectives.

Part Seven – Guidance for Auditing Programs Not Included in this Compliance Supplement

While many commonly received programs are listed within the Compliance Supplement, it is not feasible for the OMB to include them all. For instances in which a program is not listed, auditors will refer to Part 7, as well as utilize the award document, to determine and design their audit procedures.

A Practical Example: XYZ Nonprofit’s Audit Preparation

Let’s say you’re the compliance officer at XYZ Nonprofit, which receives federal funding for education and healthcare programs. Your fiscal year ends Dec. 31, 2024, so you’re using the 2024 Compliance Supplement. Here’s how you’d use the Supplement:

Identify Applicable Requirements: In Part Four, you find your programs using their Assistance Listing Numbers and note any Special Tests and Provisions, like unique reporting rules for your healthcare program.
Check the Matrix: In Part Two, you see that Reporting and Subrecipient Monitoring are marked for your education program, so you double-check your reporting processes and subrecipient oversight.
Strengthen Controls: Using Part Six, you review your internal controls, ensuring purchase approvals align with federal guidelines.
Review Updates: You check Appendix V for 2024 changes, noting updates to Student Financial Assistance requirements that affect your education program.

By addressing these areas, you’re well-prepared for your audit, reducing the risk of findings.

Questions?

The Compliance Supplement is more than a technical document—it’s a lifeline for organizations managing federal awards. By understanding its components and staying updated with changes, you can ensure your programs remain compliant, safeguarding your funding and reputation. Don’t navigate this alone—reach out to the Adams Brown Audit and Attestation team for expert guidance and audit preparation services. Contact us today to simplify your compliance journey.

Categories: Closely-held Business, Local Government, Audits & Attestation, Business Planning, Compliance,

Alexis Crispin:

How I help . . . I’m passionate about providing clients insight into federal programs and the governmental environment. Helping my clients reach their goals while creating lasting relationships is one of my favorite aspects of my job. While my background is in auditing, I have been able to assist in ways beyond just the […]