Subrecipient Monitoring – A Deeper Dive into the Requirements under Uniform Guidance
by Brittney Williams, CPA, CGFM, Audit Partner
Posted on November 6, 2018
As auditors we often see deficiencies in the area of subrecipient risk assessment and monitoring at the pass-through entity level. If your entity is subject to a Single Audit and acts as a pass-through entity of federal funds to subrecipients there are Uniform Guidance requirements that you should be familiar with to ensure compliance.
The first step in effectively complying with this requirement is to properly determine whether an entity is a subrecipient or a contractor. Below are some of the factors to consider while assessing the most appropriate treatment. Each situation is different and requires judgement in properly assessing the relationship.
|
Subrecipient |
Contractor |
|
Determines who is eligible to receive what Federal Assistance |
Provides the goods and services within normal business operations |
|
Has its performance measured in relation to whether objectives of a Federal program were met |
Provides similar goods or services to many different purchasers |
|
Has responsibility for programmatic decision making |
Normally operates in a competitive environment |
|
Is responsible for adherence to applicable Federal program requirements specified in the Federal award |
Provides goods or services that are ancillary to the operation of the Federal program |
|
In accordance with its agreements, uses the Federal funds to carry out a program for a public purpose specified in authorizing statute, as opposed to providing goods or services for the benefit of the pass-through entity. |
Is not subject to compliance requirements of the Federal Program as a result of the agreement, though similar requirements may apply for other reasons. |
As a pass-through entity, there are required elements that are specifically described in 2 CFR 200.331 which are mainly administrative in nature. These requirements help to specifically identify the federal award and also help the subrecipient to properly comply with any requirements given by the pass-through entity. These requirements must include disclosure of an approved indirect cost rate that has been negotiated between the subrecipient and the Federal government, or, if no such rate exits, a rate negotiated between the pass-through entity and the subrecipient, or a de minimis indirect cost rate. In addition, there is a requirement that the subrecipient permit the pass-through entity and auditors to have access to all financial records as deemed necessary.
As part of the post federal award requirements, the pass-through entity is also required to evaluate each subrecipient’s risk of noncompliance with the Federal statutes, regulations, and the terms and conditions of the subaward. Please note this requirement is not prior to award but rather after an award has been passed through to the subrecipient. The risk assessment can include considerations such as whether or not they have previous experience with the subrecipient, if there have been any previous deficiencies reported for lack of compliance with the federal grant award in the subrecipient’s audits, whether there are any new personnel or system changes, and the results of any Federal monitoring that has been done.
Based on the results of the risk assessment, the pass-through entity can then determine what they feel is the best approach for monitoring the subrecipient. The pass-through entity monitoring of the subrecipient must include:
- Reviewing financial and programmatic reports
- Following up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided
- Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient
Depending on the results of this risk assessment, the pass-through may choose to provide training and technical assistance, conduct on-site reviews, or arrange for an audit of specific elements.
It is imperative that a pass-through entity follow up on their monitoring process. Specifically if the pass-through entity had audit findings while monitoring the subrecipient, they must issue management decisions and the subrecipient must implement corrective actions, as is now explicitly prescribed under Uniform Guidance.
As an auditor, one of the tools I have seen used by pass-through entities is a risk assessment checklist with a determination of the risk posed by a subrecipient being high, medium or low. Dependent on whether the subrecipient is high, medium or low risk, there is a corresponding checklist of procedures used to monitor that specific subrecipient.
The COFAR issued a document for frequently asked questions regarding compliance with Uniform Guidance. Some of the items related to subrecipient monitoring are included here and may help shed some light on the previously detailed discussion points.
Question #1
Under the UG, is the subrecipient risk assessment required for an existing subrecipient who is entering into a new UG funded award?
Yes. Per UG 200.331 (b) the pass-through entity must evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring. Part of the risk assessment can consider the prior experience with same or similar awards.
Question #2
Are pass-through entities required to assess the risk of noncompliance for each applicant prior to issuing a subward?
No. Per UG FAQ 200.331.10 there is no requirement for pass-through entities to perform risk assessments before making subawards. Under the UG, the purpose of the risk assessments is for the pass-through entities to determine the appropriate subrecipient monitoring. Pass-through entities may use judgment regarding the best timing for the assessment.
Question #3
Can a pass-through entity meet the UG requirements of verifying that the subrecipient was audited as required by Subpart F and follow up on subrecipient findings by simply asking the subrecipient to provide written notification to the pass-through entity as to whether a single audit was performed and whether or not that audit disclosed audit findings relating to the subaward provided by the pass-through entity?
Yes. A confirmation from the subrecipient is sufficient. In addition, the pass-through can view and verify the Single Audit reporting packages that are now publicly available via the Federal Audit Clearinghouse (FAC).
There are many new and specific requirements under this topic in Uniform Guidance and further audit instructions in the Compliance Supplement. As a result it is important to take some time to become familiar with all of the various required elements. Pass-through entities should have at least one person well versed in grants management who is familiar with all of the Uniform Guidance requirements related to subrecipient monitoring and who ensures they remain compliant.
Happy Monitoring!