Step two.

Step two.
(1) The auditor must identify Type A programs which are low-risk. In making this determination, the auditor must consider whether the requirements in § 200.519(c), the results of audit follow-up, or any changes in personnel or systems affecting the program indicate significantly increased risk and preclude the program from being low risk. For a Type A program to be considered low-risk, it must have been audited as a major program in at least one of the two most recent audit periods (in the most recent audit period in the case of a biennial audit), and, in the most recent audit period, the program must have not had:
(i) Internal control deficiencies which were identified as material weaknesses in the auditor's report on internal control for major programs as required under § 200.515(c);
(ii) A modified opinion on the program in the auditor's report on major programs as required under § 200.515(c); or
(iii) Known or likely questioned costs that exceed five percent of the total Federal awards expended for the program.
(2) Notwithstanding paragraph (c)(1) of this section, OMB may approve a Federal awarding agency's request that a Type A program may not be considered low risk for a certain recipient. For example, it may be necessary for a large Type A program to be audited as a major program each year at a particular recipient to allow the Federal awarding agency to comply with 31 U.S.C. 3515. The Federal awarding agency must notify the recipient and, if known, the auditor of OMB's approval at least 180 calendar days prior to the end of the fiscal year to be audited.


2 CFR § 200.518

Scoping language

Is this correct? or