7 CFR § 1773.32 - Reports on internal control; compliance with provisions of laws, regulations, contracts, and grant agreements; and instances of fraud.
(a) As required by GAGAS, the auditor must prepare a written report describing the scope of the auditor's testing of internal control over financial reporting and of compliance with provisions of laws, regulations, contracts, and grant agreements, and that the tests provided sufficient, appropriate evidence to support opinions on the effectiveness of internal control and on compliance with provisions of laws, regulations, contracts, and grant agreements. This report must include the manual, printed or digital signature of the audit firm and must include the following items as appropriate:
(1) Significant deficiencies and material weaknesses in internal control;
(2) Instances of fraud and noncompliance with provisions of laws or regulations that have a material effect on the audit and any other instances that warrant the attention of those charged with governance;
(3) Noncompliance with provisions of contracts or grant agreements that have a material effect on the audit; and
(4) Abuse that has a material effect on the audit.
(b) When the auditor detects instances of noncompliance or abuse that have an effect on the financial statements that are less than material but warrant the attention of those charged with governance, they should communicate those findings in writing to those charged with governance in a separate communication. If the auditor has issued a separate communication detailing immaterial instances of noncompliance or abuse, the reports on internal control; compliance with provisions of laws, regulations, contracts, and grant agreements; and instances of fraud must be modified to include a statement such as:
“We noted certain immaterial instances of noncompliance [and/or abuse], which we have reported to the management of (auditee's name) in a separate letter dated (month, day, 20XX).”
(c) If the auditor has issued a separate letter to management to communicate other matters involving the design and operation of the internal control over financial reporting, the reports on internal control; compliance with provisions of laws, regulations, contracts, and grant agreements; and instances of fraud must be modified to include a statement such as:
“However, we noted other matters involving the internal control over financial reporting that we have reported to the management of (auditee's name) in a separate letter dated (month, day, 20XX).”
(d) The report must contain the status of known but uncorrected deficiencies from prior audits that affect the current audit objective.