September 05, 2025

According to the Small Business Association, the Small Business Innovation Research (SBIR) program and the Small Business Technology Transfer (STTR) program are sometimes referred to as “the Nation’s largest source of early stage/high risk funding for start-ups and small businesses.” The SBA reports that there are eleven federal Agencies that participate annually in the SBIR program and five federal agencies that participate in the STTR program.

The benefit of the SBIR and STTR programs is the ability to access seed funding for research and development (R&D) while not diluting a small business’ equity and not giving up its rights to intellectual property (IP).

However, the SBIR and STTR programs come with a few strings attached, including the requirement to perform audits of the program(s). These audits can come in the form of program-specific audits or a much more involved Single Audit, which includes all applicable federal awards.

A non-federal entity that expends $1,000,000 or more in cost-reimbursable federal awards during the non-federal entity’s fiscal year must have a single audit or program-specific audit conducted.

2 CFR 200.501(d) sets forth the requirements for when an organization may elect to have a program audit performed. That election can be made only if the following requirements are met for R&D programs: *

  1. The non-federal entity utilizes federal funds solely from the same federal agency or from that agency along with the same pass-through entity; and
  2. The federal agency or the pass-through entity, in the case of a subrecipient, must give prior approval for a program-specific audit.

* SBIR and STTR programs support research and development. The requirements outlined above apply only to R&D expenses; non-R&D costs are subject to separate rules.

Take away. If an entity expends R&D funds from more than one agency, auditors must perform a Single Audit.

Navigating SBIR or STTR audit requirements?

Rubino helps businesses, meet the complex demands of federal audit compliance with confidence. Whether you’re preparing for a program-specific audit or a full Single Audit, our experienced team will guide you through internal controls, reporting, and documentation, making sure nothing is overlooked.
We support innovators like you, so you can focus on building groundbreaking solutions while we handle the audit side.
If you’re participating in SBIR or STTR programs and aren’t sure what audit path applies or need help getting ready, our team is here to help.

Let’s connect today and get your audit process on track.

What does a program-specific audit entail?

2 CFR 200.507 requires an auditor to perform an audit of the financial statement for the federal program in accordance with generally accepted government auditing standards (GAGAS). The program’s financial statement is generally in the form of a Schedule of Expenditures of Federal Awards but could entail other formats. The audit includes gaining an understanding of internal controls and performing tests of those controls, testing both compliance with program requirements and reporting.

The auditor report must state that the audit was conducted in accordance with 2 CFR 200.507 and include an opinion of whether the program’s financial statements are fairly stated in all material respects in accordance with the applicable accounting principles, presumably GAAP.

In addition, the auditor is required to issue an audit report on internal controls related to the program and an audit report on compliance.

Finally, the auditor must prepare a schedule of findings and questioned costs and a summary schedule of prior audit findings.

What does a Single Audit Require?

A Single Audit requires an audit of the entity’s financial statements (balance sheet, income statement, cash flow statement, statement of stockholder’s equity (or equivalent) and the related notes to the financial statements). In addition, the Single Audit also requires an audit of all the entity’s federal programs as presented on Schedule of Expenditures of Federal Awards, an audit report on internal control, an audit report on compliance, a schedule of findings and questioned costs and a summary schedule of prior audit findings. Auditors are required to use a risk-based approach to determine those federal programs included on the SEFA which are subject to audit procedures.

If your entity is required to have a Single Audit here are a few other takeaways to consider:

  • Cap tables must be up-to-date and accurate.
  • Engage a service to prepare annual 409A valuations.
  • If you sign a licensing agreement with National Institutes of Health for IP, a derivative may have been created. The derivative must be valued at inception and presented at fair value on an annual basis.
  • Consider engaging a firm to provide audit preparation services depending on the sophistication of your in-house accounting team.

Conclusion

The SBIR and STTR programs have very specific audit requirements. Depending on your award mix and the amount of your annual federal expenditures, you may have the option to complete a program audit. If that option is not available, plan on completing a Single Audit. Single Audits are a much more involved process and planning should start long before year-end.

With Rubino, we can help you prepare for your upcoming audits or we can perform your audits. Please give us a call for additional information.