Subrecipients are required to be monitored according to the Office of Management and Budget’s Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (“Uniform Guidance”) by any government or non-profit that passes federal funds to subrecipients. In a previous blog post, we discussed how to determine which entities to which you pass federal funds are subrecipients vs. contractors.
The Uniform Guidance requires pass-through entities to determine the extent of monitoring required of each subrecipient based on the results of a risk assessment. In this post, we go over proposed procedures for assessing subrecipients’ risk of non-compliance with federal regulations and grant provisions, and provide sample questionnaires for determining, quantifying and documenting risk.
Following is the relevant excerpt from Section 200.331 of the Uniform Guidance:
All pass-through entities must:
(b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring…, which may include consideration of such factors as:
(1) The subrecipient's prior experience with the same or similar subawards;
(2) The results of previous audits including whether or not the subrecipient receives a Single Audit…, and the extent to which the same or similar subaward has been audited as a major program;
(3) Whether the subrecipient has new personnel or new or substantially changed systems; and
(4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency)
The Uniform Guidance does not require any particular type or extent of risk assessment. That is left to the judgement of the pass through entity. However, the types of criteria used to evaluate the risk that an organization complies with grant provisions often include:
Evaluating a Subrecipient’s Risk
Working jointly with several of our clients who have a large number of subrecipients, we developed a list of 23 questions designed to evaluate subrecipient risk.
Each of these 23 questions are weighted with a score of 3 to7 points so that there is a maximum available score of 100 for each subrecipient.
The 23 questions are as follows (they are split between 13 financial risk questions and 10 programmatic risk questions):
Financial Risk Questions
Questions that can be answered by reviewing the subrecipient financial statements are included on a Subgrantee Risk Assessment Questionnaire – Financial Risk (click the link to download and view/use the template).
These questions are typically answered by an employee experienced at reading financial reports.
The financial risk questions are:
Programmatic Risk Questions
The remaining questions are placed on a Subgrantee Risk Assessment Questionnaire – Programmatic Risk (click the link to download and view/use the template).
These questions are typically answered by an employee who works with subrecipient management based on their knowledge of the subrecipient, review of files, discussion with other County employees dealing with the subrecipient, and discussion with subrecipient management.
The programmatic risk questions are:
14. Is the subrecipient experienced with the program?
15. Has there been stability in subrecipient key personnel, systems and procedures during the past year?
16. Has the subrecipient been timely during the past three years in the preparation and submission of required reports, reimbursement requests, budgets, etc.?
17. Has the subrecipient had an on-site monitoring visit during the last three years?
18. Was the subrecipient found to be in compliance with regulations during the County’s prior visit, in any County corrective action plan, and/or in audits by other grantors?
19. Is the subrecipient in good legal standing, with no current or recent lawsuit(s) filed against them?
20. Is the subrecipient not included on the U.S. General Services Administration’s suspended /debarred list?
21. Does the subrecipient’s automated accounting system identify the receipts and expenditures of program funds separately for each award?
22. Does the subrecipient have a time and accounting system to track labor costs by cost objective?
23. Any concerns with the subrecipient, unusual complexity in the program or its compliance requirements, or other risks not otherwise noted.
Once both risk questionnaires are completed, answers to the risk questions can be summarized onto a Subgrantee Risk Assessment Summary (click the link to download and view/use the template). This summary visually shows the extent to which each subrecipient is risky and which type of risk criteria is problematic for multiple subrecipients. If multiple subrecipients are having trouble with a particular criterion, the need for additional training and technical assistance may be suggested.
After the initial risk assessment is performed for each subrecipient, it is anticipated that ongoing monitoring is adequate to identify new risks as they arise. Therefore, it is generally not necessary to perform risk assessments each year.
Other Blog Posts Related to Subrecipient Monitoring:
We have previously provided guidance on subrecipient monitoring in these blog posts (this list will get more extensive as new posts are added on):
Watch for upcoming blog posts about the Uniform Guidance requirements:
If you would like hands-on help on how to improve your subrecipient risk management, please contact Kevin directly for a free consultation:
Kevin Harper, CPA
If you'd like to get more free tips, as well as downloadable tools and templates for your agency, please join our mailing list here!
(We send 1-2 emails a month at a maximum, and only send useful information. You can unsubscribe at any time.)