Scale your CPA & accounting firm with elite offshore talent trusted by 1,000+ firms.
Thank you for your interest. Our due diligence checklist will be shared with you within 48 hours.
Nonprofit clients are good clients. They tend to be relationship-driven, they generate audit work that falls outside the April tax crunch, and they often come with a community of board members and donors who become referral sources. The audit work that comes with them — a nonprofit financial statement audit, and in many cases a Single Audit under the Uniform Guidance — is not inherently difficult for a capable CPA firm to manage.
What makes it hard is the combination: two compliance frameworks, two sets of independence standards, a compliance supplement that changes every year, GAGAS CPE requirements that sit on top of state licensing requirements, and a federal filing deadline that does not care about your busy season schedule. For a firm doing four or five of these engagements a year, that combination either demands dedicated infrastructure or it produces findings.
The 2024 Uniform Guidance revisions made this more demanding, not less. This blog looks at the real pros and cons of maintaining this practice at low to moderate volume, what changed in 2024 that firms need to be tracking, and what the decision looks like when a structured partner is the right answer.
There are real reasons CPA firms have built nonprofit audit capabilities. The arguments are worth examining honestly.
When a nonprofit client grows its federal funding past the audit threshold, their first call is to their existing CPA. Keeping that work in-house deepens the relationship and removes a reason for the client to look elsewhere for services. A nonprofit that uses your firm for tax work, advisory, and audit is a sticky client. One that has to go elsewhere for the audit has introduced a competitor into the relationship.
The qualification is the same as it always is: the retention argument only holds if the audit work your team delivers is strong enough to protect the relationship. A deficient Single Audit with federal findings puts your firm in the middle of a conversation with the grantor agency and the client — and that conversation does not go well.
Nonprofit audit season runs primarily from September through June, with peaks around calendar and June fiscal year-ends. For tax-heavy practices, this timing fills revenue gaps that exist in the fall and early winter. The appeal is real.
The practical qualification: Single Audit engagements have a 9-month submission deadline from fiscal year end. A calendar-year nonprofit must file by September 30. That deadline does not move, and it lands directly in the middle of extension season. Firms that underestimate the time required for Single Audit compliance testing often find that the off-peak timing advantage disappears into September deadline pressure.
Federal funding for nonprofits has grown significantly over the past decade, expanding the population of organizations that cross the Single Audit threshold. As more nonprofits reach $1 million in federal expenditures, the demand for qualified Single Audit providers is increasing. For firms already serving the nonprofit sector, this growth translates directly into more audit opportunities within their existing client base.
The complexity of GAGAS requirements, the annual Compliance Supplement changes, and the independence restrictions have pushed smaller CPA firms out of the Single Audit market. In many geographic markets, the remaining options are a handful of specialists and the firms willing to staff up. For practices already doing this work, fewer competitors means more pricing power — provided the quality holds up.
Serving Non-profit Clients Who Need Audit Support? We Can Help.
We partner with CPA firms on valuation delivery — M&A, estate, ESOP, and more — so you stay in the room for your client's most important financial moments.
Here is where maintaining a nonprofit and Single Audit practice at low volume becomes genuinely difficult — not in principle, but in the quality reviews and the staff development math.
The Yellow Book's independence requirements catch firms that have not read them carefully. Services that do not impair GAAS independence can impair GAGAS independence. If your firm prepares the financial statements for a nonprofit client, provides bookkeeping services, or has acted in a management capacity — you may not be independent for the Single Audit, even if you are independent for a standard financial statement audit.
This needs to be evaluated at the engagement acceptance stage, before fieldwork begins. Firms that discover the independence issue mid-engagement face the choice of withdrawing or issuing a report that will not survive grantor review. Either outcome damages the client relationship the audit was meant to protect.
Source: Government Accountability Office, Government Auditing Standards (Yellow Book), 2018 Revision.
Every federal fiscal year, the OMB releases an updated Compliance Supplement specifying which requirements apply to which major programs. Auditors must test against the current year's supplement — not last year's. For firms doing two or three Single Audits per year, staying current across multiple program types requires ongoing investment in training and research that does not amortize well at low volume.
The 2024 revision added cybersecurity as a required internal control area. Recipients and subrecipients must now include data encryption and multi-factor authentication as part of their internal controls over federal awards — and auditors must evaluate and report on those controls. A firm that pulled last year's workpapers as a starting point for a 2025 audit is missing a testing area that has not existed before.
Source: OMB Revised Uniform Guidance, 2 CFR 200, April 2024; CBIZ, 2024 Uniform Guidance Changes, 2024.
Auditors performing Single Audits must complete 80 hours of CPE every two-year period, with at least 24 hours specifically related to government auditing. These requirements stack on top of state licensing CPE obligations — they are not interchangeable. For a firm doing two Single Audits a year with a team that rotates through the work, the per-engagement CPE cost is a real number that rarely makes it into the fee calculation.
Beyond the CPE cost, there is the practice issue: auditors who do this work infrequently do not develop the judgment that comes from repetition. The Compliance Supplement is dense. The major program determination requires applying specific thresholds correctly. The Schedule of Findings and Questioned Costs has specific content requirements. These are not intuitive the first few times.
Single Audit reporting packages must be submitted to the Federal Audit Clearinghouse within 9 months of fiscal year end, or 30 days after receipt of the auditor's report — whichever comes first. For a calendar-year organization, that is September 30. For a June fiscal year-end organization, that is March 31.
Missing this deadline has consequences for the auditee: federal agencies can withhold funding, require corrective action plans, or impose conditions on future awards. The consequences for the auditor are reputational — and in the nonprofit sector, where program officers communicate with each other, reputation travels.
Source: 2 CFR §200.512; Federal Audit Clearinghouse (GSA).
The 2024 Uniform Guidance raised the Single Audit threshold from $750,000 to $1,000,000 in federal expenditures, effective for fiscal years beginning October 1, 2024. This will remove some smaller nonprofit clients from the Single Audit requirement. For firms that built their Single Audit practice around smaller organizations near the old threshold, a portion of that practice is disappearing.
The organizations that remain above the new threshold are typically larger, with more complex federal program portfolios, more major programs to test, and greater scrutiny from cognizant agencies. The work is not getting easier. It is getting more concentrated in the organizations where deficiencies have the most consequences.
The 2024 Uniform Guidance changes removed some clients from the Single Audit requirement and added new testing requirements for the ones that remain. The net effect is higher complexity per engagement, not lower.
The pattern here is the same one that applies to EBP audits: the firms best positioned to do nonprofit and Single Audit work well are the ones doing it at volume — with dedicated teams, current GAGAS CPE, annual Compliance Supplement training, and documented workflows that get refined engagement after engagement.
For firms doing fewer than ten of these engagements per year, the question worth asking is not whether you can do the work. It is whether the client is better served by a team doing this once or twice a year, or by a team doing it thirty times a year. The answer affects the independence analysis, the quality of the Compliance Supplement testing, and the likelihood that the federal filing lands clean.
Referring or structuring these engagements through a specialized partner does not mean losing the nonprofit client relationship. It means protecting it and protecting the firm from the kind of federal findings that complicate client relationships in ways that no fee rate justifies.
MYCPE ONE has been working with CPA and accounting firms for over 10 years. 200+ partner firms, 3,000+ professionals across 40+ offices in two countries, 10,000+ clients supported. The nonprofit and Single Audit team maintains current GAGAS CPE, annual Compliance Supplement training, and workflows built to the 2024 Uniform Guidance revisions. The infrastructure that takes years for a low-volume practice to build is already there.
No In-House Valuator?
You Can Still Be the Advisor Your Clients Call First.
MYCPE ONE supports CPA firms with business valuation delivery through referral and white-label arrangements — your client relationship stays intact throughout.
Nonprofit clients are worth serving well. The audit work they require — financial statement audits under ASC 958 and, in many cases, Single Audits under the Uniform Guidance — is demanding enough that it rewards the firms doing it at volume and punishes the ones doing it occasionally.
The 2024 Uniform Guidance changes have added new requirements to an already complex compliance framework. A firm whose Single Audit approach was built before October 2024 needs to evaluate whether its current processes account for the cybersecurity testing requirements, the revised program thresholds, and the terminology changes that affect how findings are documented and reported.
The decision for CPA firms is the same one that applies to EBP audits and financial statement audits: is retaining the engagement work the same as retaining the client? It does not have to be. A structured partner arrangement that delivers clean, defensible audits protects the client relationship more reliably than in-house execution that carries deficiency risk.
It may. GAGAS independence requirements are stricter than GAAS. Preparing financial statements, maintaining accounting records, or acting in a management capacity for an audit client can impair independence for a Yellow Book engagement even if it does not impair GAAS independence. This analysis must happen at engagement acceptance, not after fieldwork begins.
The Single Audit threshold increased from $750,000 to $1,000,000 in federal expenditures (for fiscal years beginning October 1, 2024). Cybersecurity controls are now a required testing area. Type A program thresholds adjusted. The term 'non-federal entity' was replaced throughout with 'recipient' and 'subrecipient.'
Within 9 months of fiscal year end, or 30 days after receipt of the auditor's report, whichever comes first. For calendar-year organizations, that is September 30. The Federal cognizant agency can authorize extensions, but this requires advance coordination — not a retroactive request.
Potentially, depending on state board rules — but GAGAS CPE requirements are not satisfied by general CPA licensing CPE. The 24-hour government auditing component must specifically address government auditing, the government environment, or the entity being audited. This cannot be satisfied with general accounting or tax CPE.
The originating firm remains the auditor of record and is responsible for independence analysis, engagement acceptance, and report sign-off. The backend team provides execution support. Independence is evaluated at the originating firm level — the same way it would be for any firm using a component auditor or subcontractor.
Christopher is the Director of Client Relations and Business Development at MYCPE ONE, a leader known for his energy and people-first approach. Chris leads from the front mentoring teams, driving growth, and building lasting client relationships. With over a decade of experience in sales, coaching, and business strategy, he has helped 5,000 CPAs nationwide overcome challenges and discover new opportunities. Chris is a familiar presence at major accounting conferences, representing MYCPE ONE and shaping meaningful industry partnerships. Passionate about leadership and professional growth, he continues to inspire teams and professionals to reach their highest potential.
How to Scale CAAS (Client Accounting & Advisory Service) + VCFO with Offshoring!
How To Scale CFO And Advisory Services With Offshoring
Bursting myths around Offshoring for an Accounting firm
