§ 99.525 Criteria for Federal program risk.
(a) General. The auditor's determination should be based on an overall evaluation of the risk of noncompliance occurring which could be material to the Federal program. The auditor shall use auditor judgment and consider criteria, such as described in paragraphs (b), (c), and (d) of this section, to identify risk in Federal programs. Also, as part of the risk analysis, the auditor may wish to discuss a particular Federal program with auditee management and the Federal agency or pass-through entity.
(b) Current and prior audit experience. (1) Weaknesses in internal control over Federal programs would indicate higher risk. Consideration should be given to the control environment over Federal programs and such factors as the expectation of management's adherence to applicable laws and regulations and the provisions of contracts and grant agreements and the competence and experience of personnel who administer the Federal programs.