Portrait of Jamie Choi

by Jamie Choi

Partner, Han Group

Noncompliance by subrecipients has led to millions in clawed-back federal funds. Could it happen to your organization?

If your nonprofit receives federal funding and passes some of those funds to partner organizations (subrecipients), you are responsible for ensuring that those funds are used properly and in accordance with the Uniform Guidance (2 CFR 200).

This article helps you understand your responsibilities to strengthen grant compliance and avoid common pitfalls, as well as highlight the essential components of Subrecipient Risk Assessment and Monitoring, so you can stay compliant—without unnecessary administrative burden.


Why It Matters

The Uniform Guidance requires pass-through entities to evaluate each subrecipient’s risk of noncompliance and to monitor them accordingly. Failure to do so could jeopardize your federal funding and trigger audit findings.


Step 1: Conduct a Risk Assessment

Before issuing a subaward, assess each subrecipient’s risk level. Consider factors such as:

  • Prior experience with federal awards
  • Results of previous audits
  • Financial and management systems
  • Personnel qualifications and turnover
  • History of compliance issues
  • Size of the award and complexity of activities

Follow up with appropriate actions based on each subrecipient’s risk classification: high, medium, or low.

For example, a subrecipient with no prior federal award experience and recent audit findings may fall under “high risk”, requiring more frequent reviews and mandatory training than lower risk ones.

Document a consistent, practical risk assessment process that’s tailored to your grant programs.


Step 2: Implement Risk-Based Monitoring

Monitoring is not one-size-fits-all—it should reflect your risk assessment. Common approaches include:

  • Regular review of performance and financial reports
  • Desk reviews or site visits
  • Review of audit reports and corrective action plans
  • Technical assistance or training

Monitoring should be clearly documented and include appropriate remedies for subrecipient noncompliance, when necessary.

Use a standardized monitoring plan that aligns with federal requirements and fits your organization’s capacity.


Avoid Common Pitfalls

  • Assuming one risk assessment covers all subawards
  • Treating risk assessment as a one-time task—it’s a continuous process
  • Failing to update risk ratings as circumstances change
  • Lacking documentation or written policies
  • Treating vendors/contractors and subrecipients the same

What Success Looks Like

Successfully managing subrecipient relationships isn’t just about avoiding audit findings—it’s about building strong partnerships that deliver on your mission. With a risk-based approach, clear documentation, and ongoing monitoring, you can confidently navigate federal compliance while empowering your partners to succeed.

A proactive strategy builds trust with funders, strengthens internal capacity, and protects your organization’s reputation.

Need Help Navigating Risk and Compliance?

Whether you’re new to federal funding or looking to improve your practices, we can help.

Our team specializes in helping nonprofits implement practical, compliant systems for subrecipient oversight.  Let us simplify the process so you can focus on your mission. Contact us.

Endcap

Let's Work Together

Submit RFP