Page History
...
"Contract" is defined in § 200.22 and means a legal instrument by which a non-Federal entity purchases property or services needed to carry out the project or program under a Federal award. The term as used in this part does not include a legal instrument, even if the non-Federal entity considers it a contract, when the substance of the transaction meets the definition of a Federal award or subaward.
"Pass-Through Entity" is defined in § 200.74 and means a non-Federal entity that provides a subaward to a subrecipient to carry out part of a Federal program.
"Recipient" is defined in § 200.86 and means a non-Federal entity that receives a Federal award directly from a Federal awarding agency to carry out an activity under a Federal program. The term recipient does not include subrecipients.
"Subaward" is defined in § 200.92 and means an award provided by a pass-through entity to a subrecipient for the subrecipient to carry out part of a Federal award received by the pass-through entity. It does not include payments to a contractor or payments to an individual that is a beneficiary of a Federal program. A subaward may be provided through any form of legal agreement, including an agreement that the pass-through entity considers a contract.
"Subrecipient" is defined in § 200.93 and means a non-Federal entity that receives a subaward from a pass-through entity to carry out part of a Federal program; but does not include an individual that is a beneficiary of such program. A subrecipient may also be a recipient of other Federal awards directly from a Federal awarding agency.
...
(c) Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in § 200.207 Specific conditions.
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
...
(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision.
(e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals:
...
(3) Arranging for agreed-upon-procedures engagements as described in § 200.425 Audit services.
...
Frequently Asked Questions
...
WSFR completes a risk assessment annually on each of our prime recipients (state fish and wildlife agencies). Pass-through entities should complete a risk assessment of their subrecipients according to their established and documented policies and procedures.
§ 200.331(b) requires pass-through entities to conduct an assessment of risk of their subrecipients, but does not specify that such assessments must be done prior to issuing the subaward or the subsequent disbursement of funds to the subrecipient. COFAR addressed this question in its FAQs (updated July 2017). Their response is: "No. While section § 200.331(b) requires risk assessments of subrecipients, there is no requirement for pass-through entities to perform these assessments before making subawards. Under the Uniform Guidance, the purpose of these risk assessments is for pass-through entities to determine appropriate subrecipient monitoring. Pass-through entities may use judgement regarding the most appropriate timing for these assessments. Regardless of the timing chosen, the pass-through entity should document its procedures for assessing risk. § 200.331(b)(1-4) includes factors that a pass-through entity may consider when assessing subrecipient risk. While § 200.205 imposes requirements for a Federal awarding agency to review the risk posed by applicants prior to making a Federal award, there are no corresponding requirements for a pass-through entity; however, it is a best practice for pass-through entities to evaluate risk prior to making a subaward."
...
What criteria or factors should a pass-through entity evaluate when conducting a risk assessment on a potential subrecipient?
§ 200.331(b)(1-4) provides some factors that pass-throughout entities may review when evaluating a subrecipient's potential risk of noncompliance. These factors should not limit a pass-through entity from evaluating additional factors that are above and beyond those listed in § 200.331.
The Service has developed its own official form for satisfying its requirements of evaluating their prime recipients potential risk of noncompliance. May we use their risk assessment form to evaluate the risk of our subrecipients?
Pass-through entities who have not specifically developed and implemented their own official risk assessment form are welcome to review the Service's official risk assessment form that it uses for evaluating its prime recipients potential risk of noncompliance. This form may provide a great starting point for pass-through entities as they begin to develop their own risk assessment forms that meet their specific requirements. Pass-through entities should be aware that the Service's risk assessment form was developed specifically to satisfy its requirements under § 200.205 Federal awarding agency review of risk posed by applicants. This form was not developed, nor was it ever intended to be used by pass-through entities to meet their risk assessment requirements under § 200.331(b). Pass-through entities who use the Service's risk assessment form do so completely voluntarily and the Service accepts no responsibility or liability should auditors determine that this risk assessment fails to meet the requirements set forth for pass-through entities conducting risk assessments of their subrecipients.
...
Yes there are differences in the requirements. § 200.205 requires that Federal awarding agencies, for competitive grants and cooperative agreements, must have in place a framework for evaluating the risk posed by applicants before they receive Federal awards. In evaluating such risk, the Federal awarding agency may use a risk-based approach and may consider any items such as the following: (1) Financial stability; (2) Quality of management systems and ability to meet the management standards prescribed in 2 CFR 200; (3) History of performance; (4) Reports and findings from audits performed under Subpart F - Audit Requirements of this part or the reports and findings of any other available audits; and (5) The applicant's ability to effectively implement statutory, regulatory, or other requirements imposed on non-Federal entities.
§ 200.331 requires that pass-through entities evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in § 200.331(d-e). In evaluating such risk, pass-through entities may consider such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F - Audit Requirements, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g. if the subrecipient also receives Federal awards directly from a Federal awarding agency).
...
Pass-through entities should use the results of the risk assessment to help determine the appropriate level of subrecipient monitoring to ensure that the Federal award is used properly and the subrecipient remains in compliance with Federal statutes, regulations, and terms/conditions of the Federal award. Based on the results of the risk assessment, the pass-through entities monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity; (2) Following up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means; and (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision.. Pass-through entities may also use the results of the risk assessment to place additional, special conditions on the Federal award to help aid with the mitigation of elevated risk posed by the subrecipient. The pass-through entity should advise the subrecipient of the need for additional, special conditions and should also advise the subrecipient on what courses of action need to be successfully implemented to properly mitigate for such risk. Once the subrecipient has successfully met the conditions to offset for this risk, then the special conditions should be removed from the Federal award.
Additionally, pass-through entities may find the following tools useful to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters; (2) Performing on-site reviews of the subrecipient's program operations; and (3) Arranging for agreed-upon-procedures engagements as described in § 200.425 Audit services..
What happens if a pass-through entity rates their subrecipient as low risk, but then determines the subrecipients is a higher risk entity?
...
What happens if a subrecipient is rated as higher risk, but the pass-through entity fails to follow through on any special requirements?
2 CFR § 200.331 describes the requirements of pass-through entities whenever they enter into a subrecipient relationship with another non-Federal entity (subrecipient) using Federal funds. One of the requirements is to conduct a risk assessment of the subrecipient prior to issuing the Federal award to evaulate that entities risk potential as it relates to Federal laws, regulations, ect. 2 CFR § 200.331(a)(2) describes describes the requirements of pass-through entities to include information in the contractual document with the subrecipient concerning, "all requirements imposed by the pass-through entity to ensure that the Federal award is used in accordance with Federal statutes, regulations, and terms/conditions of the Federal award."
The purpose of the risk assessment is to allow pass-through entities to develop monitoring protocols and special terms/conditions to mitigate for potential risk posed by subrecipients and help to ensure that Federal funds are used effectively. 2 CFR § 200.338 provides guidance to Federal awarding agencies to remedy noncompliance of their prime recipients.
Can pass-through entities allow their subrecipients to fill out the risk assessment?
2 CFR § 200.331(b) describes the requirements of a pass-through entity having to complete a risk assessment on their subrecipients. It does not go into detail about what exactly must be included in the risk assessment because it allows recipients to develop their own risk assessment to meet their needs, expectations, and comfort levels. It also allows pass-through entities to perhaps develop grant specific risk assessments to meet the needs of their various grants. It does not specifically address whether the form may or may not be completed by the subrecipient and subsequently certified by the pass-through entity.
States are granted an enhanced level of autonomy by OMB in the Uniform Guidance. A BMP suggested by the training branch is not to allow subrecipients to complete the risk assessment, because this could potentially create a conflict of interest as subrecipients may inaccurately complete the assessment in order to enhance their ability to do business with the State. As a point of reference, some Service programs initially allowed their subrecipients to complete the Service's risk assessment form, and has subsequently informed those programs to cease this practice. Now all Service programs complete the risk assessment themselves (no subrecipients complete the risk assessment).
What is the role of the USFWS in overseeing implementation of any requirements as result of the risk assessment?
What is the role of the USFWS in overseeing implementation of any requirements as result of the risk assessment?
The ServiceThe Service's role in overseeing implementation of the risk assessment is to ensure that its prime recipients follow the requirements of 2 CFR 200 when they are issued Financial Assistance . Our awards. Department of the Interior OIG auditors may, during their reviews, test whether prime recipients are following the requirements of 2 CFR § 200.331 when it has been determined that they are subawarding Federal funds to subrecipients. If prime recipients are found to not comply with the requirements of 2 CFR 200, then the Service may impose additional conditions on prime recipients as outlined in 2 CFR § 200.338 in in order to meet our Federal stewardship responsibilities.
...
Subrecipient vs Contractor Determination
...
Resources
...
References
§ 200.205 Federal awarding agency review of risk posed by applicants.
§ 200.331 Requirements for pass-through entities.
§ 200.521 Management decision.