OMB's Uniform Grant Guidance: A deeper dive into pass-through entities' responsibilities for subrecipient monitoring and risk assessment
This article focuses on the requirements related to the area of pass-through entity responsibilities for its subrecipients.
Are you a pass-through entity?
A pass-through entity is a non-federal organization that receives federal dollars and passes those dollars along to subrecipients. Fortunately, the definition of a subrecipient stays the same under the current guidance and the Super Circular. According to § 200.93 of the grant guidance, a subrecipient is defined as a non-federal entity that receives a subaward from a pass-through entity to carry out part of a federal program, but does not include an individual that is a beneficiary of such program. A subrecipient may also be a recipient of other federal awards directly from a federal awarding agency. A pass-through entity doesn't necessarily have to receive direct federal funding; even an entity receiving federal funding from another pass-through entity could itself be a pass-through entity.
So, how do you know if the organization you are providing federal funding to is a subrecipient? As defined by OMB Circular A-133, a subrecipient relationship exists when funding from a pass-through entity is provided to perform a portion of the scope of work or objectives of the pass-through entity's award agreement with the awarding agency. The characteristics that define a subrecipient versus an entity that is just hired to perform services but isn't subject to compliance requirements (called a vendor or a contractor) remain unchanged. The chart below comes from § 200.330 of the Uniform Grant Guidance which identifies the characteristics of a subrecipient versus a contractor.
|Characteristics of a Subrecipient||Characteristics of a Contractor/Vendor|
|Determines who is able to receive what federal assistance||Provides the goods and services within normal business operations|
|Has its performance measured in relation to whether objectives of the federal program are met||Provides similar goods and services to many different purchasers|
|Has responsibility for programmatic decision making||Normally operates in a competitive environment|
|Has responsibility to adherence to compliance requirements applicable to the federal program||Provides goods and services that are ancillary to the operations of the federal program|
|Uses federal funds to carry out the program of the entity as compared to providing goods and services for a program of the pass-through entity||Is not subject to the compliance requirements of the federal program as a result of the agreement, though similar requirements may apply for other reasons|
What are the responsibilities of pass-through entities for their subrecipients?
When an organization is a pass-through entity, that organization has significant responsibilities to ensure that its subrecipients are in compliance with the applicable federal and grant requirements. The grant reforms spell out explicit pass-through entity requirements for subrecipients both during the pre-award process as well as during the post-award period. All pass-through entities need to understand these requirements, and how they have changed from the existing grant standards.
The very first step for a pass-through entity is to determine whether the organization you are providing federal dollars to is a subrecipient or a contractor, using the above guidance and the guidance in the Super Circular. If you determine that the organization is a contractor/vendor, the remaining responsibilities do not apply.
- For awards to subrecipients over $25,000 — prior to issuing the award, the pass-through entity should ensure that the subrecipient is not suspended or debarred by the federal government.
- The pass-through entity should ensure that the agreement with the subrecipient includes specific data elements. The data elements that are required to be listed in a subrecipient agreement are included in § 200.331.
Under the Super Circular, pass-through entities will now be required to perform the following to ensure that subrecipients are adequately monitored after the initial award is made:
- Perform risk assessments (NEW!) to tailor your subrecipient monitoring activities (extent and magnitude) to each subrecipient based on the assessed risk (See risk assessment section below.)
- Perform appropriate and ongoing monitoring of each subrecipient, including:
- Review any reports that the pass-through entity requires of the subrecipient
- Verify subrecipients have audits, as needed
- Consider how to address subrecipient noncompliance
- Issue a management decision for audit findings of the subrecipient within six months
- Perform on-site reviews
- Provide training and technical assistance to subrecipients
- Contract for an agreed-upon procedure engagement for monitoring
Subrecipient risk assessment and monitoring (post-award)
Performing risk assessments on each subrecipient is a new concept introduced by the Super Circular. Not every subrecipient would or should get the same level of attention. A risk-based approach should be focused on the risk of noncompliance for that entity and its overall impact on the award managed by the pass-through entity.
Pass-through entities need to develop a process for each grant that is passed through and for each subrecipient to determine the adequacy and appropriateness of its subrecipient monitoring.
There are many ways to accomplish this risk assessment requirement. The following contains only suggestions as to how to implement the required risk assessment process.
Risk assessment process
As is required under the new grant reforms, the pass-through entities must perform a risk assessment related to their subrecipients. The results of this risk assessment should drive the extent of the monitoring activities performed by a pass-through entity on its subrecipients.
Risk Assessment Questions: Performing a risk assessment for each subrecipient is a new concept under the grant reforms. There are various aspects that will need to be considered in order to assess risk. The grant reforms identify a few examples but generally leave it open. In order to perform risk assessments of subrecipients to determine the appropriate level of monitoring to be performed, a number of different criteria could be considered. Items the pass-through entity may want to consider when performing these risk assessments include:
- General assessment:
- Is the entity new to managing grant funds?
- What is the rate of staff turnover at the entity?
- What is the extent of new personnel, particularly in the grants area?
- To what extent has the subrecipient developed or implemented new or substantially changed systems?
- Is the entity involved in any active lawsuits?
- Is the entity currently suspended or debarred or have they been suspended or debarred in the past?
- Were there any findings or violations from a prior audit?
- Has any on-site monitoring been performed in the recent years and, if so, what were the results of those monitoring visits?
- Has there been any federal awarding agency monitoring and, if so, what were the results, even if related to a different award?
- Does the entity have an effective financial management system in place?
- Does the accounting system identify the receipts and expenditures of program funds separately for each award?
- Is the specific grant large in terms of percentage of overall funding for the entity?
- Has the entity been untimely in the drawdown of funds?
- Has the state or any other authority placed the entity in a special financial status?
- Has the entity been able to meet its cash needs?
- How complex is the scope of work being performed by the entity? Some items to consider are:\
- Is the entity determining eligibility?
- Is the entity performing any construction activity?
- Based on the work performed does the entity need to comply with procurement requirements?
- Is the entity meeting current reporting requirements?
- Is the entity meeting its annual measurable objectives and/or performance objectives?
The results of this risk assessment process will provide the basis for developing a work plan and individual subrecipient monitoring strategies. This includes identifying which grantees will be monitored, the method of monitoring (on-site or remote), programs and areas to be monitored, type of monitoring (in-depth or limited), areas of technical assistance and training needed, resources needed, and projected timeframes.
Risk assessment and monitoring tools
Once the pass-through entity has determined the process to assess risk, the pass-through entity should consider developing tools to help with the risk assessments. These tools could include:
- Subrecipient Monitoring Plan: The pass-through entity could establish a grant-based subrecipient monitoring plan. Such a plan would document the following components:
- Monitoring plan objectives
- Description of the risk analysis and results
- Classification of each subrecipient's risks
- Monitoring activities and monitoring schedule for each subrecipient based on assessed risks
- Pass-through entity's planned response to any findings, including anticipated actions to be taken in response to findings, and individual's responsibility to ensure proper action is taken, and the expected timeframe
- Trainings that the pass-through entity intends to provide to subrecipients
- Subrecipient Checklists: These checklists, unique to each subrecipient, would address and document the process of subrecipient management and monitoring. This checklist would be used to track the various to-do items the pass-through entity would need to complete in order to accumulate information during both the pre-award process and the post-award phase. The checklist could also serve as documentation for having performed the required monitoring activities. For example, the checklist could cover the following items (this is not an all-inclusive list):
- Name of the client
- CFDA number
- Suspension and debarment check
- Agreement – the 15 data elements included in the Super Circular
- Scope of work to be performed by the subrecipient
- Monitoring plan
- Monitoring activities documentation (dates, who performed)
- Monitoring results
- Follow-up documentation
- Risk Assessment Checklist: The pass-through entity should consider developing a checklist to document the risk assessment process and record the rationale for assigning subrecipients into certain risk categories. The pass-through entity would need to create a document to accumulate all the risks assessed for each subrecipient to be able to determine the particular level of monitoring for each subrecipient. The pass-through entity could use a point system for the various assessed risks and create a document similar to the table below using some of the risk assessment questions identified. The results of this process will help pass-through entities determine the appropriate monitoring activities for each subrecipient. The higher risk-rated subrecipients should be monitored more extensively than the lower risk-rated subrecipients.
While the aforementioned processes and risk considerations are not all inclusive, they should give the pass-through entity a starting point for how to perform these new risk assessments.