In continuation of our Subrecipient Monitoring series we continue to explore the remaining Pillars.
Pillar 2 – Verification: Trust But Verify Subrecipient Compliance
Once subawards are made (and risk-tiering is in place), the mantra is “trust but verify.” Verification in subrecipient monitoring means continually checking that subrecipients remain in compliance and on track to meet their objectives. Uniform Guidance outlines baseline monitoring activities for pass-through entities, including reviewing subrecipient financial and performance reports and ensuring timely corrective actions on any deficiencies. In practice, a comprehensive verification process should cover:
- Eligibility and Suspension/Debarment Checks: Confirm at the start (and periodically) that the subrecipient is eligible for federal funds (e.g. not suspended or debarred). Verifying the entity’s status via SAM.gov is a simple but critical step to avoid disallowed costs.
- Report Monitoring: Require regular financial and programmatic reports. Review those reports against budgets and deliverables, and follow up on any anomalies or late submissions. This not only catches issues early but also documents your oversight.
- Supporting Documentation & Site Visits: For higher-risk or large subawards, perform desk reviews of supporting documents (like expense receipts or ledgers) and consider on-site monitoring visits. Seeing source documentation or operations first-hand can verify that reported activities and costs are valid.
- Single Audit Verification: Determine if the subrecipient meets the Single Audit threshold (currently $750,000 in annual federal expenditures). Verify that every subrecipient required to have a Single Audit actually undergoes one. This may involve checking the Federal Audit Clearinghouse for their audit submission or obtaining the audit report directly. If a subrecipient is below the threshold, you might instead request financial statements or a program-specific audit as appropriate.
By actively verifying subrecipient compliance through these steps, you create a record that your organization did its due diligence. Should an auditor ask, you can provide evidence of eligibility checks, report reviews, and any issues identified and addressed. Consistent verification builds confidence that subrecipients are using funds properly and meeting program goals – exactly what Single Audit reviewers want to see.
Pillar 3 – CAP Closure: Close the Loop on Findings and Deficiencies
Even with risk-tiering and proactive verification, issues can surface – whether through your monitoring or in the subrecipient’s own audits. That’s where Corrective Action Plan (CAP) closure comes in. Federal rules explicitly require pass-through entities to follow up on all subrecipient deficiencies and ensure timely, appropriate corrective actions, including addressing any Single Audit findings related to your subaward. In other words, if a subrecipient has an audit finding or you discover noncompliance, you must track it to resolution. Key steps for effective CAP management include:
- Require CAP Submission: Prompt the subrecipient to develop a Corrective Action Plan for any identified issue, laying out how and when they will remedy the problem. This could range from improving policies and procedures to repaying misspent funds, depending on the finding.
- Provide Guidance and Deadlines: Especially for smaller subrecipients, you may need to offer technical assistance on crafting an adequate CAP. Set clear deadlines for milestones and final resolution. A documented timeline shows auditors you didn’t ignore the issue.
- Monitor CAP Implementation: Treat the CAP like a mini-project – check in regularly on progress. Request evidence of implementation (for example, new policies, training records, or corrected financial reports). Keep notes of these follow-ups.
- Closure and Management Decision: Once satisfied that the subrecipient has addressed the issue, formally close out the CAP. Uniform Guidance calls this issuing a “management decision” on the audit finding, typically done via a closure letter to the subrecipient. The closure letter should state whether you accept the subrecipient’s corrective action and that the issue is considered resolved. Retain this documentation.
Closing the loop on findings is crucial. If an auditor sees open issues with no documented resolution, your organization could receive a finding for lack of subrecipient monitoring. By contrast, a paper trail showing prompt follow-up, subrecipient accountability, and closure letters demonstrates strong oversight. It’s evidence that your monitoring process doesn’t stop at detecting problems – it ensures they get fixed.
In Conclusion
By incorporating risk-tiering, diligent verification, and thorough CAP closure into your subrecipient monitoring, you build a compliance program that can withstand the scrutiny of a Single Audit. These practices not only keep you aligned with 2 CFR 200 requirements, but also protect your federal funding and program outcomes. Remember, the goal is to catch and address issues on your terms before auditors do – turning potential findings into success stories of risk managed and problems solved.
Whether you’re looking to enhance your subrecipient monitoring framework or need guidance navigating Uniform Guidance nuances, our experts are here to help. Ready to strengthen your subrecipient oversight and ensure audit readiness? Reach out to IntegrityM to implement proven, risk-based monitoring strategies that safeguard your program’s integrity and funding. Let’s work together to build a stronger, more accountable grants management process that confidently survives any Single Audit.
