How is low-risk defined in the context of major programs for audits?

In the context of major programs for audits, low-risk is defined by the requirement to test a specific percentage of total awards expended. This means that when determining whether a program is considered low-risk, auditors assess the total amount of financial assistance the program has received, and if they identify that 20 percent of the total awards expended have been tested, the program is typically viewed as having a lower risk of material non-compliance.

This definition is grounded in the Uniform Guidance and is important for auditors as it helps them decide which programs can be subjected to a reduced level of testing based on their risk assessments. By focusing on a percentage of total expenditures, auditors are able to apply a systematic approach to identify and concentrate on high-risk areas while confidently scaling back testing on those deemed low-risk, thereby enhancing the efficiency and effectiveness of the audit process.

Other options do not accurately define low-risk in this audit context: stating that most programs are low-risk by default overlooks the necessity of specific risk evaluation, emphasizing compliance above all does not align with the quantitative assessment needed for categorization as low-risk, and suggesting that low-risk programs require no testing is misleading, as even low-risk programs still necessitate some level of testing to confirm their status.