Risk and Subaward Management under the

Uniform Guidance

U.S. Department of Education

2

Purpose and Use of this PresentationThe Department of Education is providing this presentation to help its grantees understand the contents of the Uniform Guidance and should be viewed after or alongside of the regulations. It is not a substitute for reading the regulations.

To get the most out of this presentation, view this as a notes page. The notes section of each slide provides information to supplement the points on the slide. To change to notes page: Go to View and click on Notes Page.

3

Learning Outcomes Understand concepts of risk and risk-

based monitoring; Understand the risk requirements in 2 CFR

Part 200; Be able to find the relevant regulations in

2 CFR Part 200; and Apply this knowledge in your job.

4

Uniform GuidanceTitle 2 of the Code of Federal

Regulations, Part 200 (2 CFR Part 200)

Accepted by the Department of Education in 2 CFR Part 3474

5

“This guidance does not change or modify any existing statute or guidance otherwise based on any existing statute.”

Authorities to consider when using 2 CFR Part 200

6

When does 2 CFR Part 200 start? Uniform Guidance (2 CFR Part 200) applies to: New and Continuation grants awarded on or after December 26,

2014

Former regulations (EDGAR Part 74 or 80 and OMB circulars) apply to: Grants awarded prior to December 26, 2014

7

Relationships and Key Terms Subaward or Contract?The relationship, rather than the

document title, is the basis for determining which requirements are applicable.

Know the Difference.

8

Definitions: Pass-through entitiesA non-Federal entity that provides a subaward to a subrecipient to carry out part of a Federal program (§200.74).

At ED: State-Administered Formula Grants: SEAs, other grantees

which make subawards Discretionary Grants: under EDGAR 75.708 or authorizing

statute, some discretionary grantees may make subawards. These are not the same as partnerships.

9

Definitions: Subrecipient and ContractorA pass-through entity must determine the relationship and the applicable requirements: Subrecipient means a non-Federal entity that receives a

subaward from a pass-through entity to carry out part of a Federal program (§200.93).

Contractor means an entity that receives a contract as defined in 200.22 Contract (§200.23).

§200.330 explains the roles of subrecipients and contractors

10

Understanding Risk

11

What is Risk? (GAO – The Green Book)

Risk is the possibility that an event will occur and adversely affect the achievement of objectives.

12

What is Risk Management? (GAO)

Risk management can be described as the continuous process of assessing risks, reducing the potential that an adverse event will occur, and putting steps in place to deal with any event that does occur.

13

Risk Management

Risk Assessment

Risk MitigationRisk-BasedMonitoring

14

Risk and Monitoring Key Concepts and Changes in the

Uniform Guidance

Indicates a new requirement or change to existing requirement for pass-through entities.

15

Parallels: ED and Pass-through entities

Whether an ED program office or pass-through entity, the following concepts are the same. The practices and tools, however, may differ. Risk Assessment, Risk Mitigation, and Risk-based Monitoring.

16

Overview (2 CFR 200.331)

Grantees, as pass-through entities, must: Assess risk of subrecipients. (§200.331(b)) Monitor to ensure the subaward is used

appropriately and in compliance with the award and all associated regulations. The monitoring plan should be based on the results of the risk assessment. (§200.331(d))

The risk assessment and monitoring should address both financial and programmatic considerations.

17

Where are the Requirements?

Topic Pass-through entities

Award Notification §200.331(a)Risk Assessment §200.331(b)

Specific Conditions §200.207*

High-Risk Designation §3474.10

Monitoring §200.331(d)-(e)Subpart F*

Non-Compliance §200.338*

*Section 200.331 references these sections for requirements.

18

Pass-Through Risk Review (§200.331(b))

Items that may be part of the Pass-through entity’s review: Prior experience with same or similar

subawards Results of previous audits Whether new or substantially changed

personnel or systems Extent and results of Federal awarding

agency monitoring

19

Risk Rubric

Risk Rubric highlights Risk indicators Risk categories Scoring mechanism Risk designation levels

20

Specific Conditions (§200.207)

If deemed appropriate based on the risk assessment, specific conditions (e.g., increased reporting, reimbursement plan) may be placed on: A subaward from a pass-through entity

(§200.331(c) refers to (§200.207))

In addition, a high-risk designation can be added to a subaward, as per §3474.10.

21

Pass-Through Monitoring Procedures When monitoring subrecipients, the pass-through

entity must (§ 200.331(d)): Review reports required by the pass-through entity Ensure subrecipient takes appropriate action on

deficiencies identified through audits, on-site reviews, and other means

Issue a management decision for single-audit findings pertaining to Federal award

Verify audits of subawards (§ 200.331(f)) Threshold for required audits increased to $750,000

22

Pass-Through Entity Monitoring Tools

The following tools may be useful, depending upon the risk assessment (§ 200.331(e)) Providing subrecipient training and technical

assistance Performing on-site reviews Arranging for agreed-upon-procedures engagements

under § 200.425, Audit services [in Cost Principles]

The pass-through entity determines which tools to use based upon its assessment of risk

23

Risk-Based Monitoring Plan

Monitoring Plan highlights Assessment methodology Last Fiscal Year (FY) assessment &

monitoring activities Current FY assessment & monitoring

strategies Resource constraints

24

Audit Requirements

Single Audit (2 CFR Part 200 Subpart F)Alternatives to Single Audits Program specific audit Agreed-Upon-ProceduresAdditional Audits, as requested by Congress or the Federal Government GAO Audits OIG General Audits

25

Other Pass-through Requirements

The pass-through entity must provide specific information in the subaward (§200.331 (a)), including but not limited to: Federal award identification, e.g., DUNS number Indirect cost rate Requirements imposed by the pass-through entity Requirement to provide access to records for

audit

26

Continuous Improvement Standard

Evaluate annually the risk management process to identify its strengths and weaknesses and refine ability to reduce risk throughout the grant process

27

Responsibilities

28

Compliance: Grantees

Responsibility for subawards: Strong Internal Controls for managing subawards Communication with ED Staff and with subrecipients Documentation of all activities Monitoring subawards Verifying subgrantees are audited, if required