Federal grants management update: Understanding new guidelines
Over the last year, the federal government has implemented several significant changes to grants management regulations that are typically only seen once in a generation and will affect almost every organization. To ensure compliance, your organization must understand these changes to federal grants management guidelines and evaluate the sufficiency of current controls. Implementing effective controls and a strong culture can help your systems achieve their objectives, and help ensure a smooth audit process and successful examinations from the federal government and grantors.
RSM US LLP recently held the 2016 federal grants management update webcast to detail key changes and help organizations understand how to stay in compliance and avoid risks such as returning funds to the government. This article provides a summary of typical issues faced by nonprofit federal award recipients and emerging issues your organization must be aware of.
Uniform Guidance (UG), Subpart F (formerly known as OMB Circular A-133)
Some organizations are confused about when UG, Subpart F applies to the awards their organization receives versus when it relates to audits. Awards issued on or after Dec. 26, 2014, fall under UG, and you should use the administrative and cost principles associated with those. The audit requirements under Subpart F apply to audit years ending on or after Dec. 31, 2015.
With the new guidelines, the threshold for an audit has increased from $500,000 in aggregate federal award expenditures to $750,000. Some organizations that were caught in between those two numbers now receive some relief. However, the vast majority of organizations that required a Circular A-133 audit before, still need a UG audit now.
Auditees still have significant responsibilities in the audit process, just like under Circular A-133. You are required to determine whether you must have an audit for Subpart F, understand what qualifies as a federal award and track the aggregate expenditures throughout the year. You also must submit the audit to the federal Audit Clearinghouse on time, and prepare financial statements. Your organization is also required to prepare the Schedule of Expenditures of Federal Awards (SEFA) in accordance with UG guidance; treat that like any other financial statement and how it is composed.
Your organization is responsible for following up on any findings, and preparing a schedule of prior audit findings for inclusion into the report, as applicable. If you have any findings, a corrective action plan is required, either attached within the UG report or an outside attachment that accompanies the report when it is uploaded to the clearinghouse. The UG requirements also include providing the auditor with access to the information.
Pursuant to the SEFA, your organization must have the proper controls to ensure the schedule is completed correctly. Many organizations struggle with accuracy and completeness, leading to frequent audit findings in compliance audits. Organizations also face difficulty with defining grants and awards versus programs. Grants are individual award actions and fall under a Catalogue of Federal Domestic Assistance (CFDA) number. Programs, at a minimum, are the grants that fall under the same CFDA number.
After your controls identify which awards fall under the SEFA, a template for the schedule should include the federal agency name, pass-through agency (if applicable), the federal program title and the CFDA number. It can also include any other identification numbers, as well as expenditures from direct awards and pass-throughs and any additional footnotes. It is important to note that the federal program title is not the name of the grant, it relates to the specific CFDA number found on www.CFDA.gov.
Minimum major program coverage thresholds have also been reduced. For low-risk auditees the auditors need 20 percent coverage while nonlow-risk auditees would require 40 percent coverage. That number is defined by major program expenditures divided by total expenses in the SEFA. Those thresholds were previously 25 and 50 percent, respectively.
In addition, Type A thresholds for large programs have increased. The new threshold is $750,000, with total expenditures between $750,000 and $25 million as the first category, and formulas expanding beyond that amount. Be aware that large loan programs may skew these numbers or become excluded from calculations.
Auditors perform risk assessments and any high-risk Type A program will need to be audited in that year, and no program that has not been audited in the last two years will qualify for low-risk treatment. Other criteria that will cause a program to become high risk include modifications, material weaknesses or compliance concerns, or if likely or known question costs exceed 5 percent of the total federal awards. The criteria of 200.519 in the UG lists other situations where a program can become high risk even if it has been successfully audited recently.
If a program is less than 25 percent of the Type A threshold ($187,500 with the Type A threshold is $750,000), then it is considered a small Type B program, and no risk assessment is required. However, Type B programs above that threshold are subject to risk assessments, based on the same criteria in 200.519 and auditor discretion.
Once the auditor has made the selection of major programs, the auditing begins. Applicable compliance requirements are identified, and internal controls over applicable compliance requirements are evaluated and ensured that they have been placed into service, utilizing the Green Book or COSO model. Tests of controls and compliance are then performed, findings are summarized, reports are prepared, and the auditor performs its portions of the data collection form and certification.
2016 Compliance Supplement
The June 2016 Compliance Supplement is part of the UG in Appendix XI, and is effective for UG audits for fiscal years ending between June 30, 2016, and May 31, 2017.
Major changes for this year’s supplement include:
- Integrating guidance from the Council for Financial Assistance Reform (COFAR) FAQs that should be utilized by auditors and organizations
- Removing Circular A-133 references in favor of UG considerations
- In Part 2, utilizing an “N” for “No” instead of the conventional gray, shaded box
- Adding sections 3.1 and 3.2
o 3.1 – Guidance for programs still covered by the OMB Circulars (Pre-UG, i.e. awards issued prior to Dec. 26, 2014)
o 3.2 – Guidance for programs covered by UG
- In Part 4, some programs were added and deleted
- In Part 5, new clusters were added, and ARRA clusters were deleted
- In Part 6, a new section was added on internal control based on the Green Book and COSO
New advisories include guidance on the implementation of Subpart F, and its impact on major program determination. Another details the due date for audit reports and impact on low-risk auditee status, recognizing the extensions given due to the clearinghouse being offline. Finally, all NSF and NIH awards are presumed to fall under the R&D cluster.
Procurement standards under UG
A two-year deferral was introduced in the last year for the UG Procurement Standards (200.318), but technically, to take advantage of the second year, organizations should prepare a memo declaring adoption of the deferral. You must have new standards firmly in place and applied to federal expenditures on the first day of fiscal years that fall after Dec. 26, 2016. In addition, your procurement policies must be documented in writing, and controls must maintain oversight of contractors to make sure the goods meet your standards.
Groups are pushing for further delays and increases to the micro-purchase level, which requires price analysis and documentation for goods and services over $3,000. The Federal Acquisition Regulation (FAR) recently increased the threshold to $3,500, but the Council on Government Relations (COGR) and the Association of Independent Research Institutes (AIRI) recently sent letters to the OMB representing their collective memberships to express concern about the low level of the threshold and the burden it could create.
COGR and AIRI estimate the collective burden at over $50 million to its members. The organization requested another extension until June 30, 2018, and COGR previously requested for the threshold to be increased to $10,000. Currently, no action has been taken by the commission; the new threshold may be delayed or raised, but your organization must be prepared to adopt the new rules if they go into effect in the coming year.
Internal controls under UG
You must establish and maintain effective internal control over the federal award that provides reasonable assurance that you are managing the award in compliance with federal statutes, regulations and the terms and conditions of the award.
For internal control guidance, your organization should follow either the Government Accountability Office’s (GAO) Green Book or the COSO internal control framework. Either will provide a proper framework to design and implement internal controls, with insights into your control environment, risk assessments, control activities, information and communication, and monitoring.
Your organization must be prepared for scrutiny over internal controls, as some agencies have begun to ask for internal control documentation during the application process. That trend is expected to continue.
In addition, your organization should review Part 6 of the new Compliance Supplement to understand internal control expectations. For instance, objective setting is the first step in proper control design. Per Part 6, transactions should be properly recorded and accounted for in order to:
- Permit the preparation of reliable financial statements and federal reports
- Maintain accountability over assets
- Demonstrate compliance with federal statutes, regulations, and the terms and conditions of the federal award
Also, per Part 6, transactions should be executed in compliance with:
- Federal statutes, regulations, and the terms and conditions of the federal award that could have a direct and material effect on a federal program
- Any other federal statutes and regulations that are identified in the Compliance Supplement
Ultimately, your organization must determine how robust your controls are in terms of risk identification and evaluation. That must be top of mind moving forward.
Other hot topics in federal grants management
Federal agencies have been working diligently to set data standards and improve the visibility into where federal funding is going. To that end, the government enacted the Digital Accountability and Transparency Act (DATA Act) on May 9, 2014. The DATA Act identified 57 data standards, and federal agencies must report spending data in accordance with new guidelines by May 2017 and publicly post spending data in machine-readable formats by May 2018.
The federal government will leverage the Federal Funding Accountability and Transparency Act (FFATA) to gather information, and once government agencies meet their deadlines, additional guidance will likely come to the grant community about what agencies are looking for to meet their responsibilities. Additional data-gathering requirements or more frequent reporting may be on the horizon.
In addition, the new UG data collection form has been released for use in all UG audits issued for Dec. 31, 2015, and later. The new process includes many new automated features such as CFDA name auto-populate, as well as automated data checks to reduce errors.
A key OMB official is pushing for an alternative to the Data Universal Numbering System (DUNS) for federal awards, suggesting a unique entity identifier number. This proposal may gain traction in the future, but continue using your DUNS number for now.
Finally, the GAO has found several issues with the grant close-out process after finding almost $1 billion in expired grants in the payment management system. The OMB plans on issuing guidance to federal agencies to do better with closing out grants and working with grantees.
New federal grants management guidelines will have a significant effect on many organizations and require a close look at your internal controls and processes. However, your culture is the most important aspect to successful compliance. Developing a strong culture that clearly conveys what you are trying to achieve, what can derail your progress and what you can implement to keep you on track will help you understand and avoid risks and better manage federal grants.