The COSO Framework defines risk assessment as “…the identification and analysis of relevant risks to achievement of the [entity’s] objectives, forming a basis for the determination of how the risks should be managed.” This means:
DETERMINING WHAT NEEDS TO BE DONE (OBJECTIVES/GOALS)
Grant Program Compliance
A to-do list for grant programs will depend on what is significant for these programs. The federal Office of Management and Budget (OMB) has identified 13 areas that are common to most federal grant programs. These areas can be found in OMB Circular A-133 Compliance Supplement, Part 6. Although this guidance is aimed at federal grants and programs, it covers areas that are generally applicable to any grant program.
While Part 6 of the Compliance Supplement has a helpful list of objectives and risks that should be considered for all grants, this list is very generic. Relying solely on Part 6 of the Compliance Supplement can result in an incomplete list of objectives and risks. On the other hand, not every area addressed by Part 6 of the Compliance Supplement is applicable to every grant program. A comprehensive list of objectives and risks for a grant is best developed independently, with Part 6 forming a backstop to the risk identification process.
The areas addressed by Part 6 of the Compliance Supplement include the following objectives which can be thought of as the “what” needs to be done. To prepare a to-do list (and later the fleshed out process narrative or flowchart), list or describe “how” each applicable objective will be achieved, e.g., how does the agency ensure funds are spent only on allowable activities?
- Activities Allowed or Unallowed—Ensuring that awards are expended only for allowable activities,
- Allowable Costs/Cost Principles—Ensuring the costs of goods and services charged to awards are allowable and in accordance with the applicable cost principles,
- Cash Management—Ensuring that the (1) drawdown of federal cash is only for immediate needs, (2) reimbursement is requested only after costs have been incurred, (3) states comply with applicable treasury agreements, and (4) recipients limit payments to sub-recipients to immediate cash needs,
- Davis-Bacon Act—Ensuring that contractors and subcontractors were properly notified of the Davis-Bacon Act requirements and the required certified payrolls were submitted to the non-Federal entity,
- Eligibility—Ensuring that only eligible individuals and organizations receive assistance under award programs, that sub-awards are made only to eligible sub-recipients, and that amounts provided to or on behalf of eligible individuals or groups of individuals were calculated in accordance with program requirements,
- Equipment and Real Property Management—Ensuring that proper records are maintained for equipment acquired with awards, equipment is adequately safeguarded and maintained, disposition or encumbrance of any equipment or real property is in accordance with award requirements, and the awarding agency is appropriately compensated for its share of any property sold or converted to non-federal use,
- Matching, Level of Effort, Earmarking—Ensuring that matching, level of effort, or earmarking requirements are met using only allowable funds or costs which are properly calculated and valued,
- Period of Availability of Funds—Ensuring that funds are used only during the authorized period of availability,
- Procurement and Suspension and Debarment—Ensuring that procurement of goods and services are made in compliance with the provisions of the A-102 Common Rule or OMB Circular A-110, as applicable, and that covered transactions (as defined in the suspension and debarment common rule) are not made with a debarred or suspended party,
- Program Income—Ensuring that program income is correctly earned, recorded, and used in accordance with the program requirements,
- Real Property Acquisition and Relocation Assistance—Ensuring compliance with the real property acquisition, appraisal, negotiation, and relocation requirements,
- Reporting—Ensuring that reports of awards submitted to the awarding agency or pass-through entity include all activity of the reporting period, are supported by underlying accounting or performance records, and are fairly presented in accordance with program requirements, and
- Sub-recipient Monitoring—Ensuring that award information and compliance requirements are identified to sub-recipients, sub-recipient activities are monitored, sub-recipient audit findings are resolved, and the impact of any sub-recipient noncompliance on the pass-through entity is evaluated. Also, the pass-through entity should perform procedures to provide reasonable assurance that the sub-recipient obtained required audits and takes appropriate corrective action on audit findings.
It may be helpful to review the suggested controls in the control activities section for each of the (A through M) areas above.
State Programs—Minnesota’s Department of Administration’s Office of Grants Management has collected various statutes, policies, and procedures that are applicable to state grants. There is considerable overlap between the objectives and risks noted in OMB Circular A-133 Compliance Supplement, Part 6 and the state statutes, policies, and procedures listed by the Office of Grants Management. Both aim to improve the administration of grant programs by suggesting or requiring best practices in grant administration. The list of policies referenced by the Office of Grants Management includes:
- Grants Conflict of Interest—Avoid both actual and perceived conflicts of interest related to grant-making at both the individual and organizational levels,
- Rating Criteria for Competitive Grant Review—Ensuring fairness, precision and consistency in competitive grant awards, including having review criteria published in the request for proposal or notice of grant opportunity,
- Publicizing Grant Notices and Requests for Proposals—Ensuring sufficient information is included in notices of grant opportunities and requests for proposal (RFPs) so that potential applicants may make informed decisions about applying for and managing state grants,
- Use of Grant Agreements—Ensuring Minnesota state agencies have written grant agreements for all grants made by the agency, that conform to Minnesota Statute 16 B.98 subd. 5, "Creation and Validity of Grant Agreements."
- Public Comments Concerning Fraud and Waste in State Grants—Ensuring the Office of Grants Management (OGM) serves as the central point of contact for questions and comments about fraud and waste in state grants and about the violation of statewide grants policies,
- Financial Review of Non-governmental Organizations—Ensuring that grants are made to nongovernmental organizations that are financially stable enough to carry out the purpose of the grant, including (a) assessing a recent financial statement from any non-governmental organization awarded a grant of over $25,000, (b) discussing any significant concerns with the grant applicant and (c) ensuring such concerns are resolved to the satisfaction of state agency staff before a grant is awarded,
- Single and Sole Source Grants—Ensuring that grants are competitively awarded as much as possible and that single and sole source grants are to be used when only one entity is reasonably able to meet a grant’s intended purpose and objectives, due to their geographic location, specialized knowledge, relationships or specialized equipment,
- Grant Payments—Ensuring that grant agreements (a) specify the method and schedule of payments for each grant in the grant agreement, (b) grant payments are not issued until the funds are encumbered and the grant agreement is fully executed, and (c) reimbursement is the preferred method for making grant payments,
- Grant Progress Reports—Ensuring (a) state agencies monitor progress on state grants by requiring grantees to submit written progress reports at least annually until all grant funds have been expended and all of the terms in the grant agreement have been met, and (b) grant payments are not made on grants with past due progress reports unless the state agency has given the grantee a written extension,
- Grant Monitoring—Ensuring the state agency (a) conducts at least one monitoring visit per grant period on all state grants of over $50,000 and at least annual monitoring visits on grants of over $250,000, and (b) conducts a financial reconciliation of grantees' expenditures at least once during the grant period on grants of over $50,000,
- Legislatively Mandated Grants—Ensuring agencies manage legislatively mandated grants with the same level of oversight (including monitoring activities) applied to other state grants, while respecting and maintaining the legislative intent,
- Policy on Grant Amendments—Ensure any changes to grant agreements are made using fully executed grant agreement amendments,
- Grant Closeout Evaluation—Ensuring that state agencies consider a grant applicant’s past performance before awarding subsequent grants of over $5,000 to them.
As with the suggested control objectives in OMB Circular A-133 Compliance Supplement, Part 6, when using the Department of Administration policies, the grant risk assessment should describe how the required objective is being achieved.
Department Policies—Many departments have policies that were formulated to facilitate important goals or prevent undesired activities for occurring. Departmental policies should be reviewed where applicable.