A risk assessment is the process of identifying potential hazards an organization may face and analyzing methods of response if exposure occurs.

In regards to compliance, a risk assessment measures two quantities:  Magnitude of the potential non-compliance  Probability that the non-compliance will occur

The overall risk assessment determines:  Frequency of monitoring  Depth of monitoring

There are two levels to the risk requirements in the Uniform Grant Guidance:  Requirements for Federal awarding agencies  Requirements for Pass-through entities

Per CFR , the Federal awarding agency is required to conduct a pre-award review for all awards in order to determine:  Eligibility qualifications  Financial integrity information

Additionally, agency pre-award risk evaluation for competitive grants or cooperative agreements must have risk evaluation framework in place that:  Identifies if risk review incorporates applicant evaluations, results of eligibility, and/or application quality  Risk evaluation criteria must be described in the announcement of funding opportunity

In evaluating risks for applicants, the Federal awarding agency may consider the following items:  Financial stability  Quality of management systems and ability to meet management standards  History of performance  Audit findings  Ability to implement requirements

Pass-through entities can impose requirements on subrecipients in order to:  Ensure the federal award is used in accordance with federal statutes, regulations and terms and conditions of the award  Ensure pass-through entity can meet its own responsibility to the federal awarding agency

Per CFR , pass-through entities must: Evaluate each subrecipient’s risk of non-compliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring

The following factors should be considered when evaluating subrecipient risk: 1. Subrecipient experience with the same or similar subawards 2. Results of previous audits, including whether the subrecipient receives a single audit and the extent to which the subaward has been audited 3. Whether subrecipient has new personnel or substantially changed systems 4. Extent and results of Federal awarding agency monitoring

A pass-through entity must assess risk to determine the best monitoring approach. Monitoring must include:  Review of financial and performance reports  Issuance of management decisions for audit findings on subrecipients  Follow up activities ensuring subrecipients take timely, appropriate action to cure deficiencies

Monitoring may also include:  Providing training or technical assistance  Performing an on-site review  Arranging for agreed upon procedures

Per CFR , special award conditions may be imposed when a recipient and/or subrecipient has failed to:  Comply with general or specific terms and conditions of an award  Meet performance requirements  Be responsible for managing an award

The Federal awarding agency or pass-through entity may impose additional specific award conditions which could include any of the following:  Requiring payments be made as reimbursements rather than advance payments  Requiring approval to move to the next phase of project/activity  Additional detailed financial reports  Additional project monitoring  Technical or management assistance  Additional prior approval

The Federal awarding agency or pass-through entity must notify applicant of special award conditions by identifying:  Nature of additional requirements  Reason for imposition of additional requirements  Action needed to remove additional requirement  Timeframe allowed for completing action  Method or how to request a reconsideration of the imposed additional requirements *Note: Any special conditions must be promptly removed once they have been corrected

Per CFR , if the Federal awarding agency or pass-through entity determines that non-compliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass through entity may take one or more of the following actions:  Temporarily withhold cash payments pending correction of the deficiency  Disallow all or part of the cost activity or action not in compliance  Wholly or partially suspend or terminate the award  Initiate suspension or debarment proceedings  Withhold further Federal awards for the project/program  Take other remedies that may be legally available

Identify and Limit Risk  Understand subrecipients’ familiarity with the program and applicable regulations  Design contracts in accordance with federal regulations to account for all data and reporting requirements  Incorporate contract language that allows your organization to amend contracts as additional guidance from the federal government is received  Review the results of previous audits for any findings that may have resulted

Additional Items to Consider (beyond those in ):  Financial stability  Size of the award  Policies and procedures  Percentage of award vs. total federal awards received by the agency  Complexity of award requirements  Single or multi-year award  Newly formed organization  Complaints against the subrecipient  Timeliness of required reports within the past 12 months

Risk Assessment Documentation:  Be explicit in criteria used to evaluate risks  Customize the risk factors for the program  Update at least annually  Consider multiple levels of risk (beyond high/low)  Match risk assessment conclusion to related monitoring activity

Kansas University- Office of Research Alicia Reed & Kristi Billinger Subrecipient Risk Assessment Matrix