Most grants require that recipients undergo periodic compliance reviews to assure requirements are being met by the grantee. Common items reviewed as a part of this exercise may include the eligibility of reimbursed expenses, adherence to procurement requirements, financial management oversight, civil rights compliance, and more.
The “normal” frequency of these reviews is every two to three years, but it could be more or less, depending on the grantor’s policies and the grantee’s compliance history.
The audit period of compliance reviews can also vary, but five years’ history is generally used as the basis for reviews. For grantees, this means you’re expected to produce five years’ worth of transactions, reimbursement requests, supporting documentation, and other compliance-related records.
Our team recognizes that it can be difficult to remember and locate documentation from so long ago, but it is still your responsibility as a grantee to provide the records and support upon request.
We frequently discover that grantees receive adverse findings on their compliance reviews simply because they were unable to locate supporting documentation. If you cannot provide adequate evidence for expenditures submitted, this could result in your organization owing money back to the awarding agencies, or worse: the loss of future grant funding.
To help assure that your organization is able to successfully complete your grantee compliance reviews, we provide the following five recommendations, and expand on each in more detail below:
- Develop an internal tracking system
- Document what you do, and how you do it
- Make version control a priority
- Obtain and preserve written confirmation of verbal discussions
- Keep all supporting emails as part of your retained documentation
Recommendation #1: Develop an Internal Tracking System
Develop an internal tracking system to ensure you are consistently collecting and providing appropriate documentation. We recommend creating checklists, which should make it easier for you to identify the responsible personnel and the supporting documentation utilized. Checklists should evidence the following:
- Preparer name and date
- Reviewer name and date
- Final approval date
- Reconciliations of what is included in the reimbursement packet.
- This information should contain lists of invoices, including clear documentation of what was determined to be eligible/ineligible.
- Location of paper and electronic files
- Depending on your organization’s filing system, files may be stored by procurement details, grant details, or other accounting/finance classifications.
- Individual responsible for submitting the reimbursement request to the grantor
- Date the reimbursement request was submitted
- Date the reimbursement request was approved and paid
Recommendation #2: Document What You Do and How You Do It
Policies and procedures should be defined for each grant category documenting how to put together applications and reimbursement request packets.
These policies and procedures should include the following:
- Required steps (i.e. what to do and how to do it)
- Grant requirements (i.e. eligible and ineligible expenditure)
- Workflow (i.e. each person’s step in the process including reviews and approvals)
- Explanations for why the tasks need to be performed
Without understanding both the “why” and the “how”, steps can be skipped – including important controls that the organization relies on, resulting in inconsistencies and potentially larger issues. When procedures are followed, there is consistency in processes and output. This helps to ensure that things are done the same way, every time, and that all steps are followed.
By frequently reviewing and updating your organization’s policies and procedures, you will ensure they are accurate and current. Policies and procedures are invaluable for training, and will assist your agency in the event an individual with significant responsibilities unexpectedly leaves.
Recommendation #3: Make Version Control a Priority
As files are being prepared, reviewed, and approved, they will go through multiple iterations. Each new version should be identified in a way that allows all stakeholders to readily access the most recent version, and to avoid inadvertently reverting to an earlier document and losing all subsequent changes.
The final approved file should be marked “Final” with the date it was determined to be final. Older versions can be moved to an “Archive” folder to lessen confusion within your network folder.
Recommendation #4: Obtain and Preserve Written Confirmation of Verbal Discussions
If you had a phone call with the grantor’s Program Manager, and items were discussed that impact reimbursement requests, get it in writing. By following up with an email, you can ensure the organization understands the guidance provided, and also obtain documentation for your file.
Also, if the Program Manager responds, keep this correspondence as well. An email from you to your Program Manager without their acknowledgment or concurrence is not valuable audit evidence.
Recommendation #5: Keep All Supporting Emails as Part of Your Retained Documentation
Every time you have a question or issue that was discussed with the grantor’s Program Manager or a different contact, print it and/or save it electronically, and keep it with the rest of the supporting documentation.
Organizations are continually experiencing change. Some of these changes can impact your ability to successfully respond to grant compliance review documentation requests. Personnel that previously performed grant-related processes may no longer work for the organization. You may be unsure where to the find the requested information, including whether the documentation is paper-based or was retained electronically. Critical reports may not include details like the identity of the preparer, or the specific formulas/inputs used to derive reimbursement amounts.
If you’re tracking the required documentation, recording critical processes, assuring version control, and keeping the grantor responses that may be important for justifying decisions that were made, you should feel confident in your organization’s ability to successfully verify compliance.
To discuss how SC&H Group’s Risk Management team can help with grant compliance reviews as well as policies and procedures documentation, please contact us here.