Step three.

Step three.
(1) The auditor must identify Type B programs which are high-risk using professional judgment and the criteria in § 200.519. However, the auditor is not required to identify more high-risk Type B programs than at least one fourth the number of low-risk Type A programs identified as low-risk under Step 2 (paragraph (c) of this section). Except for known material weakness in internal control or compliance problems as discussed in § 200.519(b)(1) and (2) and (c)(1), a single criterion in risk would seldom cause a Type B program to be considered high-risk. When identifying which Type B programs to risk assess, the auditor is encouraged to use an approach which provides an opportunity for different high-risk Type B programs to be audited as major over a period of time.
(2) The auditor is not expected to perform risk assessments on relatively small Federal programs. Therefore, the auditor is only required to perform risk assessments on Type B programs that exceed twenty-five percent (0.25) of the Type A threshold determined in Step 1 (paragraph (b) of this section).

Source

2 CFR § 200.518


Scoping language

None
Is this correct? or