Skip to content
a piece of wood with a piece of wood on it

Oh No, an Audit Finding!

Published
Sep 11, 2025
By
Stephen Bearry
Freddy Smith
Share

There are many misconceptions about what it means to have a finding reported in the schedule of findings and questioned costs. Some individuals believe that a finding means they could lose their job or receive embarrassing press, while others may ignore the information altogether. So, what is an audit finding? Why is it important? What does it tell us? To answer these questions, one must first understand why the auditor must report findings and what they convey.

Key Takeaways

  • An audit finding describes weaknesses in internal controls or instances of noncompliance, which an auditor must report under certain circumstances to inform governance and regulatory bodies for timely corrective action.
  • Although computer automation and artificial intelligence have become more prevalent, organizations are still run by humans who make mistakes. Treat findings as an opportunity to learn and improve.
  • Organizations should carefully evaluate their findings, considering both frequency and impact, and implement recommendations for remediation. They should use the findings as an opportunity to enhance internal controls, operational efficiency, and compliance.

What Is the Purpose of an Audit?

Let’s consider two types of audits: a financial statement audit and a compliance audit. A financial statement audit is designed to assure a user of financial statements that the amounts and disclosures are materially correct. In contrast, a compliance audit, such as a Single Audit for federal grants, assures providers of funds and other stakeholders that funds were administered in compliance with applicable regulations.

If your organization receives state or federal funds, your entity may be required to obtain a financial statement audit in accordance with Government Audit Standards, an audit of compliance pursuant to Subpart F of the Uniform Guidance, also known as a Single Audit, or both. Under these standards, the following reports and schedules are required:

  • The auditor’s report on the financial statements.
  • A report on internal controls over financial reporting, and on compliance, and other matters.
  • A report on compliance for each major program and on internal controls over compliance, and (if subject to Single Audit).
  • A schedule of findings and questioned costs.

In performing these audits, an auditor is to consider internal controls over financial reporting and those over compliance with certain laws, regulations, contracts, and/or grants to determine whether the financial statements might be misstated or noncompliance might exist.

What Is an Audit Finding?

During the review of internal controls and compliance, if an auditor identifies weaknesses in internal control issues or instances of noncompliance, the auditing standards require, in certain circumstances, that these matters be reported in writing. Two internal control findings may be identified by the auditor. These are as follows:

  • A significant deficiency is a deficiency, or a combination of deficiencies, in internal controls that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.
  • A material weakness is a deficiency, or combination of deficiencies, in internal controls that leads to a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis.

Noncompliance that may be reported as a finding might involve a range of issues, including those pertaining to federal or state grants, payroll tax matters, restrictions of tax propositions, violations of debt covenants, violations of law, or others that could affect the financial statements or overall compliance with the terms of a grant program. Examples could include failure to file payroll tax returns and submit payroll tax deposits, unallowable costs charged to a grant, or failure to operate within a budget, which are generally limited to material matters. An intentional act of noncompliance or misappropriation can be considered fraud and must also be reported as a finding.

It is important to note that a compliance finding, including those involving fraud, typically indicates a potential deficiency in internal controls over compliance. It could, therefore, result in a finding in both areas as the graphic below illustrates:

Audit internal controls compliance finding

Evaluating a Finding

Findings must be evaluated by report users and by management, so that they can be remediated by management and monitored by regulators and oversight agencies. When assessing a compliance finding, one should consider the frequency of the finding, its pervasiveness, and the potential effects to the organization’s financial condition, questioned costs, or its impacts to current and future grant funding.

To more clearly explain the matters reported by auditors, standards require specific components of a finding as described below:

  • Identification data – Agency, program, Assistance Listing Award Number (ALN), and year.
  • Criteria – What is the law, rule, or standard?
  • Condition – How did the auditee not comply with the law, rule, or standard?
  • Cause – Why did this happen?
  • Effect – What is the impact, financial or other, of the finding?
  • Questioned costs and how computed – Known costs are reported.
  • Recommendations – Auditors’ input on how to remediate the finding.
  • View of responsible officials – Auditee responds and can reference a corrective action plan, if applicable.

Who’s to Blame?

The financial and legal environment in which governments operate is complex and sometimes challenging to navigate. New laws, additional federal funding, complex accounting standards, and a shortage of emerging government finance officers present numerous challenges for state and local governments. This, and the fact that organizations are managed and governed by humans, makes audit findings rather common versus being the exception.

Absent fraud, impropriety, or misappropriation, there’s no shame in a finding in your report. Just as with all shortcomings or mistakes, the larger problem occurs when an organization does not fix the finding. With over 50 years of experience, our audit professionals work with public and private companies, while also providing audit services to local, state, and federal agencies, educational institutions, and housing authorities. Our governmental audit team specializes in grants Administration and Compliance Services, Governmental Accounting Standards Board (GASB) accounting standards, Uniform Guidance Subpart F audits, and Government Finance Officers Association (GFOA) and Association of School Business Officials (ASBO)-certified reporting. With a tailored approach and emphasis on continued learning and support, we can help you transform your organization and navigate the complexities of compliance. To learn more about how we can help you, contact us below.

What's on Your Mind?

Stephen Bearry

View Profile
a man in a suit smiling

Freddy Smith

View Profile

Start a conversation with the team

Explore More Insights

a drawing of a sphere
On-Demand Webinar

Fraud in Focus | Emerging Risks and Real-World Insights from EisnerAmper

Read More
a set of stairs
Article

Preparing the SEFA- It's Not for Beginners

Read More
a close-up of a stethoscope on a table
Article

Strategic Services and Frameworks for Medicare and Medicaid Cost Reporting

Read More
a group of white dominoes
Article

Understanding the Ripple Effects of the October 2025 Federal Government Shutdown on State and Local Governments

Read More
a pen and a calculator on a pile of money
Article

Maximizing Medicare Reimbursement: Why Medicare Cost Reports Matter

Read More
a few people working at a table
Article

Calculating Personal Net Worth for Disadvantaged Business Enterprises (DBEs) and Airport Concession Disadvantaged Business Enterprises (ACDBEs)

Read More
a group of people sitting on a bench in front of a building
Article

Modernizing School-Based Medicaid for State Education and Medicaid, and Local Education Agencies

  • School-Based Medicaid
Read More
a white building with a dome and a fountain in front of it
Article

Government Removes Race & Gender-Based Presumptions of Economic Disadvantage: What Businesses Need to Know

Read More
a wooden sculpture of a dog and a cat
Article

What to Do After Receiving Federal Funding: A Guide for Subrecipients

Read More
a person walking in a library
Article

Customer Relationship Valuation: Avoiding the Pitfalls of Shortcuts in Purchase Price Allocations

Read More
a blue and white logo
Article

The Cybersecurity Topical Requirement: What You Need to Know

  • Cybersecurity
Read More
a group of windmills in a field of yellow flowers
Article

Updates on Required California Climate Risks, and Greenhouse Gas Emissions Reporting with Assurance

Read More
View All Insights

Receive the latest business insights, analysis, and perspectives from EisnerAmper professionals.

Subscribe