Risk Assessments Under 2 CFR 200
The grants community is under increasing scrutiny and pressure to protect Federal funds from waste, fraud, and abuse. 2 CFR 200 (Uniform Guidance) establishes protections at each part of the grants lifecycle to protect Federal funds from risk. The Uniform Guidance also defines the responsibilities for Federal awarding agencies, pass-through entities, grant recipients, and auditors to guarantee grant funding is used for its intended purposes.
One key provision in the Uniform Guidance is 2 CFR 200.205 – Federal Awarding Agency Review of Risk Posed by Applicants. 2 CFR 200.205 requires Federal awarding agencies to develop and implement a risk assessment framework. Under this provision, Federal awarding agencies are required to evaluate the risk posed by applicants before making an award. The Uniform Guidance provides agencies with the flexibility to develop an agency-based risk assessment framework; however, agencies are required to verify applicant eligibility through the SAM Exclusions Extract and evaluate applicant qualifications through the Federal Awardee Performance and Integrity Information System (FAPIIS). In addition to those two requirements, agencies may evaluate an applicant’s:
- Financial stability
- Quality of management systems
- History of performance
- Audit reports
- Ability to comply with program requirements
2 CFR 200 requires Federal awarding agencies to describe the risk assessment framework in the Notice of Funding Opportunity (NOFO). For example, the Corporation for National and Community Service (CNCS) explains in the NOFO for the FY 2015 Training and Technical Assistance program that the agency may, in addition to the criteria previously identified, also review an applicant’s:
- IRS Tax Form 990
- Annual report
- Website
The Uniform Guidance also requires pass-through entities to conduct a risk assessment. Unlike Federal awarding agencies; however, pass-through entities do not have to conduct the risk assessment prior to making an award. 2 CFR 200.331(b) explains that pass-through entities may consider the subrecipient’s:
- Prior experience in administering similar awards
- Audit reports
- Personnel
- Management systems
- Results from Federal agency monitoring
Federal awarding agencies and pass-through entities should use the results of the risk assessment in developing an appropriate monitoring plan for each award. If the identified risks to Federal funds are significant, Federal awarding agencies and pass-through entities may place specific conditions on the award. 2 CFR 200.207 identifies the conditions that may be placed on a recipient and explains the responsibilities of Federal awarding agencies and pass-through entities when applying specific conditions.
Grant applicants should carefully each agency’s risk assessment framework. Most agencies have information published on their website. Additionally, grant applicants should review a program’s NOFO for the specific risk assessment criteria. It is important that grant applicants are fully aware of how an agency will evaluate an application and to address any issues in their application.
What has been your experience with the new risk assessment requirements in 2 CFR 200? Leave your comments below.