Best Practices in Subrecipient Risk Assessments and Monitoring for Federal Grant Recipients

Subrecipient risk assessments and monitoring are critical aspects of federal grants management. These practices ensure that funds are used in accordance with federal regulations, that grant objectives are met, and that the risk of fraud, waste, and abuse is minimized. The federal government has set forth guidelines in the Uniform Guidance - 2 CFR 200, which outline the requirements and responsibilities of grant recipients and their subrecipients. This article will delve into common pitfalls around performing subrecipient risk assessments and monitoring, and the best practices for organizations looking to improve their processes in these areas.


The Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, found in 2 CFR 200, is the governing regulation for federal grant recipients. More specifically, 2 CFR 200.332 describes the required procedures for performing monitoring and risk assessments to evaluate the likelihood of noncompliance, fraud, or other issues that could impact the performance and success of the grant.

Effective risk assessments and monitoring are crucial for various reasons, including:

  • Compliance with federal regulations: Adhering to 2 CFR 200 requirements is essential to avoid penalties, such as disallowed costs or even suspension or termination of the grant.
  • Mitigating risks: Timely identification and addressing of risks can reduce the potential for mismanagement, waste, or fraud, ensuring that grant funds are used effectively and efficiently.
  • Performance and outcome achievement: Proper monitoring helps grant recipients track progress, confirm that milestones are met, and determine if adjustments are necessary to achieve desired outcomes.

Common Pitfalls

Below are some of the common pitfalls which plague pass-through entities (prime recipients) who work with subrecipients:

  • Inadequate risk assessments: Failing to perform a comprehensive risk assessment prior to executing the subaward agreement or relying solely on historical information may result in an incomplete understanding of a subrecipient's risk profile.
  • Insufficient monitoring: Not allocating enough resources to monitor subrecipients or only relying on self-reporting can leave gaps in understanding which can allow certain risks to go unaddressed.
  • Lack of documentation: Inadequate documentation of risk assessments, monitoring activities, and communications with subrecipients can hinder an organization's ability to demonstrate compliance with federal regulations and address potential issues effectively.
  • Ineffective communication: Poor communication between grant recipients and subrecipients can lead to misunderstandings, missed deadlines, and noncompliance with grant requirements.

Best Practices for Subrecipient Risk Assessments

Below are some of the best practices that BDO recommends to its clients:

  • Develop a risk assessment framework: Create a structured process that outlines risk categories, scoring criteria, and the frequency of risk assessments. This framework should consider factors such as prior audit findings, debarment, financial stability, and the subrecipient's experience managing federal funds.
  • Conduct pre-award evaluations: Before entering into a subaward agreement, assess the subrecipient's capacity to manage the grant, considering their technical expertise, financial management systems, and internal controls. Including the risk assessment in the pre-award phase also allows you to determine and include the monitoring procedures right into subsequent subaward agreement. 
  • Implement ongoing risk assessments: Regularly reassess subrecipient risk throughout the grant period to identify any changes in circumstances that may affect their ability to meet grant requirements.

Best Practices for Subrecipient Monitoring

  • Develop a monitoring plan: Establish a systematic approach to subrecipient monitoring that includes a schedule, tools, and documentation requirements. This plan should consider the risk level of each subrecipient and the nature of the grant activities.
  • Provide training and technical assistance: Offer support to subrecipients in the form of training, resources, and guidance on federal grant requirements, financial management, and performance reporting.
  • Conduct regular communication and site visits: Maintain open lines of communication with subrecipients and schedule site visits to review progress, verify compliance, and address any concerns.
  • Review financial and performance reports: Regularly analyze subrecipient financial and performance data to identify potential issues, ensure compliance with grant terms, and track progress towards grant objectives.
  • Tailor monitoring efforts to risk level: Allocate resources for monitoring based on the risk profile of the subrecipient, with higher risk subrecipients receiving more oversight and attention.
  • As mentioned above, incorporate monitoring procedures directly into subaward agreements.


Effective subrecipient risk assessments and monitoring are essential for federal grant recipients to ensure compliance with 2 CFR 200, mitigate potential risks, and achieve desired outcomes. By implementing best practices and avoiding common pitfalls, organizations can strengthen their grant management processes and ensure the responsible stewardship of federal funds.