Federal Grant Subrecipient Monitoring Under 2 CFR 200

Grants

Scope & Methodology: This article is based on publicly available sources including 2 CFR 200, federal guidance documents, and OJP resources. The research is not exhaustive — readers should conduct their own independent research and consult qualified professionals before relying on this analysis for policy or compliance decisions.

Federal Grant Subrecipient Monitoring Under 2 CFR 200

Executive Overview

When a government receives federal grant funds, a responsibility that frequently draws scrutiny and questions is determining whether entities that will receive those funds are "subrecipients" or "contractors"—and if they are subrecipients, ensuring monitoring of their compliance with federal requirements. Under 2 CFR Part 200 (Uniform Grant Guidance), pass-through entities (the primary grant recipient) bear ultimate responsibility for ensuring that subrecipients spend federal funds in compliance with all applicable federal requirements. Inadequate subrecipient monitoring is a frequent audit finding noted in OJP guidance and federal audit summaries. This article provides a guide to subrecipient identification, risk assessment, and monitoring procedures.

Subrecipient vs. Contractor: The Fundamental Distinction

The first step in subrecipient management is determining whether an entity is a subrecipient or a contractor. This distinction affects oversight and responsibility.

Subrecipient Definition

A subrecipient is a non-federal entity that receives a subaward (a federal award) from a pass-through entity. In simpler terms, a subrecipient receives federal funding to carry out a portion of the federal program. The subrecipient is responsible for compliance with federal requirements, and the pass-through entity is responsible for monitoring the subrecipient's compliance.

Contractor Definition

A contractor is a vendor or supplier that provides goods or services to the pass-through entity in exchange for payment. The contractor is not considered a subrecipient, even if the contract is funded with federal money. The distinction is based on whether the contractor is implementing the federal program or merely providing services to support the pass-through entity's program operations.

The Key Distinction: Programmatic vs. Transactional

A practical way to distinguish between the two:

  • Subrecipient: The entity carries out the federal program on behalf of the pass-through entity. Example: A state awards a federal education grant to a school district to provide tutoring services to low-income students. The school district is a subrecipient because it is implementing the federal program.

  • Contractor: The entity provides goods or services that support the pass-through entity's operations. Example: A state hires a consulting firm to develop a curriculum for its education program. The consulting firm is a contractor because it is providing services to the state, not implementing the federal program itself.

Borderline Cases

Some relationships are less clear:

Research institution receiving grant funds to conduct research — In recent practice, research institutions receiving grant funds to conduct research are classified as subrecipients implementing the federal award (see NIH Grants Policy Statement, 2024).

Evaluation contractor hired to evaluate a federal program — This is a contractor. The evaluator is providing a service (evaluation) to support the pass-through entity's administration of the program.

Fiscal agent for a partnership program — Based on federal audit cases from 2022–2024, entities acting solely as fiscal agents have generally been classified as contractors, unless they also implement program activities (see OJP 2024 guidance).

Documentation and Communication

2 CFR 200.331 requires that pass-through entities determine whether a recipient of a subaward is a subrecipient or contractor. This determination should be documented in writing and communicated to the subrecipient or contractor clearly before the agreement takes effect.

Requirements for Pass-Through Entities

Once the pass-through entity has determined that an entity is a subrecipient, specific requirements take effect:

1. Risk Assessment

2 CFR 200 requires the pass-through entity to evaluate each subrecipient's risk of non-compliance with federal requirements. Factors specified in federal guidance for risk assessments include:

  • Prior experience with federal awards — Has the subrecipient successfully received and managed federal awards in the past? What was the outcome of previous awards?

  • Prior audit findings — If the subrecipient has been audited, did the audit identify any findings related to federal compliance or internal controls?

  • Changes in personnel or systems — Does the subrecipient have new personnel responsible for grant management or new financial systems that have not been tested?

  • The complexity of federal requirements — Some grants have straightforward requirements; others are complex. A new subrecipient receiving a complex grant is higher-risk than a new subrecipient receiving a straightforward grant.

  • The dollar amount of the subaward — Higher dollar amounts may warrant more intensive monitoring per 2 CFR 200.332.

  • Results of prior monitoring — If the pass-through entity has monitored the subrecipient in prior years, what issues were identified? Were corrective actions implemented?

2. Monitoring Based on Risk Assessment

The pass-through entity's monitoring activities should be scaled to the risk posed by the subrecipient:

High-risk subrecipients might receive:

  • Quarterly financial and performance reviews
  • Semi-annual or annual site visits
  • Detailed review of material transactions
  • Enhanced internal control testing
  • Increased communication with program staff, as recommended in OJP guidance (2024)

Low-risk subrecipients might receive:

  • Annual desk review of financial statements and grant reports
  • Periodic phone calls to check on progress
  • Reliance on the subrecipient's own audit if one was conducted

3. Monitoring Tools

Useful monitoring tools include providing training and technical assistance on program-related matters, performing site visits, and arranging for agreed-upon-procedures engagements. Specific monitoring activities might include:

  • Desk reviews — Review financial reports, grant compliance documentation, time records, and other documents submitted by the subrecipient
  • Site visits — Visit the subrecipient's location to observe program operations, review supporting documentation, and interview staff
  • Interviews with subrecipient staff — Discuss program implementation, compliance procedures, and any challenges or concerns
  • Review of single audits — If the subrecipient conducted a single audit, review the audit report and management letters for findings related to your federal award
  • Technical assistance — Provide training, guidance, or assistance on compliance requirements, grant accounting, or program implementation
  • Agreed-upon-procedures engagements — Hire an independent accountant to perform specific audit procedures on the subrecipient's grant-related transactions

4. Verification of Eligibility

Pass-through entities must verify that subrecipients are not suspended, debarred, or otherwise excluded from receiving federal funds. This verification is done by checking the System for Award Management (SAM), a federal database of excluded parties.

Subaward Agreements: Documentation

Every subaward must be documented in a written agreement. 2 CFR 200.331 requires that subawards include specific information and compliance requirements. The subaward agreement should clearly communicate:

  • The federal award identification and amount
  • Applicable federal requirements and compliance obligations
  • The allowable period of performance
  • Applicable procurement standards (if the subrecipient will make subawards or procure goods and services)
  • Requirements for accounting, record retention, and financial reporting
  • The pass-through entity's right to audit, monitor, and require corrective action
  • Whether the subrecipient must obtain a single audit and the timing for submission
  • Any specific program requirements (earmarking, service population restrictions, outcome measures)
  • The process for requesting no-cost extensions or budget modifications

A subaward agreement template that incorporates these federal requirements may be useful. Some pass-through entities use generic templates without federal compliance language, which can lead to misunderstandings and audit findings when subrecipients discover unanticipated obligations.

Record Access and Enforcement

Pass-through entities have the right to access subrecipient records and financial statements. The subaward agreement must require that subrecipients:

  • Permit the pass-through entity and its auditors to access all records related to the federal award
  • Provide financial reports, program reports, and other documentation on request
  • Cooperate with monitoring activities and audits

If a subrecipient is not in compliance with federal requirements, the pass-through entity may take enforcement action, including:

  • Requiring corrective action and establishing a timeline for corrective action completion
  • Withholding payments pending corrective action
  • Terminating the subaward and requiring return of funds
  • Reporting the subrecipient to the federal awarding agency

Frequent Audit Findings

Examples of findings from federal audits include:

Assumption that single audit is sufficient — A subrecipient's single audit, if it covers the federal award, provides important information about compliance and internal controls. However, while single audits provide compliance information, 2 CFR 200.332 requires pass-through entities to conduct additional monitoring (e.g., desk reviews, site visits) when risk factors are present. If a single audit identifies findings, the pass-through entity should follow up on corrective actions. If no single audit exists (e.g., for a small subrecipient under the audit threshold), the pass-through entity may conduct additional monitoring, consistent with 2 CFR 200.332.

Lack of a monitoring plan — Many organizations develop and document a monitoring plan specifying risk assessment processes, monitoring frequency, and procedures, as recommended in OJP guidance (2024).

Monitoring documents not retained — When monitoring activities are performed, audit guidelines recommend retaining documentation such as memos summarizing the scope and findings of monitoring activities, any follow-up actions, and the date of the monitoring. Without documentation, the auditor cannot verify that monitoring occurred.

Inadequate subaward agreements — Some subaward agreements may omit required federal compliance clauses. Subrecipients may lack awareness of compliance obligations, potentially limiting recourse options.

Failure to ensure subrecipient audit requirements are met — If a subrecipient spends $750,000 or more in federal expenditures annually (2 CFR 200.501, as amended through 2024) from one or more pass-through entities, a single audit is required. The pass-through entity should verify that the subrecipient is aware of this requirement and obtains an audit within the required timeframe.

Developing a Subrecipient Monitoring Program

A formal monitoring program is often established in organizations with multiple subrecipients. A common approach includes:

Step 1: Inventory Subrecipients Maintain a complete list of all subrecipients, including the amount of federal funds awarded, the grant program, and the fiscal year.

Step 2: Risk Assess Each Subrecipient Use the factors outlined in 2 CFR 200.332 to classify each subrecipient as high, medium, or low risk.

Step 3: Develop Risk-Appropriate Monitoring Procedures For each risk category, develop a monitoring plan specifying the frequency and nature of monitoring activities.

Step 4: Document All Monitoring Maintain a log or file for each subrecipient documenting all monitoring activities, findings, and corrective actions.

Step 5: Follow Up on Findings If monitoring identifies non-compliance, organizations may ask the subrecipient to develop a corrective action plan, consistent with 2 CFR 200.339. Follow up to verify that corrective actions were effective.

Step 6: Report to Leadership Pass-through entities may provide periodic reports to governing boards or leadership on subrecipient monitoring results and any material findings or corrective actions.

Summary

Effective subrecipient monitoring supports federal grant compliance, as required by 2 CFR 200.332, and is a responsibility of pass-through entities. The federal regulations in 2 CFR 200 provide the framework outlined in this article: assess risk, monitor based on risk, document the monitoring, and take corrective action when needed. Pass-through entities that invest in developing and implementing a subrecipient monitoring program may reduce their audit risk, as suggested by OIG summaries of entities with documented monitoring programs, and ensure that federal funds are used appropriately by their subrecipients.

This content was prepared with AI-assisted research using exclusively publicly available sources. No confidential or proprietary data from any client engagement was used. It is provided for informational purposes only and does not constitute legal, financial, or investment advice. All data should be independently verified before use in any official capacity. © 2026 DWU Consulting. All rights reserved.

This article was prepared with AI-assisted research by DWU Consulting. It is provided for informational purposes only and does not constitute legal, financial, or investment advice. All data should be independently verified before use in any official capacity.