On May 21, 2026, the U.S. Department of Health and Human Services (HHS) announced the Audit Enforcement and Risk Oversight (AERO) program to track compliance with federal audit requirements, including grantees’ timely submission of annual audits and grantees’ progress in resolving audit findings through corrective action. The AERO program will review Single Audit data across all 50 states with advanced AI analytical tools to identify grantees with persistent noncompliance issues and enhance funding agency oversight and enforcement of audit findings.

Justification for AERO Program

HHS claims that a recent review of audit data shows some grantees have failed to remediate serious internal control deficiencies detected through audit, and that “hundreds” of HHS grantees have submitted their audits with considerable delay, some being delinquent in filing audit reports over multiple years. According to HHS, AERO will analyze audit histories spanning at least the past five years and monitor future audit submissions.

Federal Grant Audit Requirements

The Single Audit Act, 31 U.S.C. § 7501 through 7507, and Subpart F of the Uniform Administrative Requirements, Cost Principles and Audit Requirements for Federal Awards, 2 C.F.R. Part 200 (the “Uniform Guidance”), require states, local governments, ⁠nonprofits, ​institutions of higher education, and other grantees that spend ​at least $1 million annually in federal awards to undergo a “Single Audit.” 

As part of a Single Audit, an independent auditor reviews the grantee’s financial statements, schedule of expenditures of federal awards, and internal controls over federal programs. Funding agencies also review submitted audits and are responsible for addressing identified deficiencies and audit findings.

HHS reiterated that grantees that fail to correct audit deficiencies may face one or more long-standing sanctions, including:  

• Temporarily withholding federal payments until the grant recipient or subrecipient comes into compliance
• Disallowing costs for all or part of the activity associated with noncompliance
• Suspending or terminating a grant award in whole or in part
• Initiating suspension or debarment proceedings
• Withholding future federal funds (including both new awards and continuation funding) for the project or program

Areas Likely to Trigger Increased Scrutiny

The announcement reflects the Administration’s broader emphasis on accountability and oversight in Medicaid and other federally funded health programs. Based on HHS’s announcement, grantees should note areas likely to attract increased scrutiny, including:

• Repeatedly delinquent Single Audit submissions
• Recurring or unresolved audit findings
• Failure to implement corrective action plans
• Inadequate remediation of previously identified deficiencies
• Failure to periodically rebid audit services
• Use of audit firms lacking meaningful Single Audit experience

Grantee Options to Mitigate Enforcement Risk

Grantees may wish to consider proactive risk mitigating strategies, including: 

• Reviewing audit workflows and internal audit preparedness
• Examining engagement agreements to confirm access rights to audit working papers
• Evaluating response to prior audit findings to confirm that all deficiencies have been fully addressed
• Communicating with external auditors regarding potential inquiries from federal enforcement agencies
• Evaluating whether current internal controls and compliance processes remain sufficient and commensurate with grantee’s funding portfolio size and complexity
• Compiling and organizing documentation on corrective action, remediation efforts, and funding agency feedback
• Assessing their procurement of audit services, with particular emphasis on auditor selection, audit costs, and multiple auditee responsibilities in the Uniform Guidance, Subpart F.

Grantees should recognize that the risk of enforcement is significant. Proactive compliance efforts and careful documentation may help mitigate risk and better position organizations in the event of future HHS scrutiny or enforcement activity.

Feldesman LLP will continue monitoring developments related to HHS’s Audit Enforcement and Risk Oversight Initiative. If you have any questions, please contact Phillip A. Escoriaza, Mindy B. Pava, Brendan M. Tyler, Edward T. Waters.

Stay current on key Single Audit requirements by joining Feldesman’s upcoming webinar, The Single Audit Under the Uniform Guidance on June 25, 2026 at 1 p.m. ET, where Feldesman Managing Partner Edward T. Waters will discuss the potential ramifications of the new AERO program.