Monitoring vs. Auditing
Knowing the Difference Protects Your Program
What if the Federal government demanded your agency return $3 million in grant funding for findings of unallowable costs? What if your agency’s oversight of $900 million was determined ineffective, requiring your monitoring process to be overhauled?
Failing to monitor subrecipients, poor internal controls, insufficient documentation, and improperly conducted risk assessments are common findings of watchdog agencies, like the U.S. Department of Housing and Urban Development’s Office of the Inspector General. The Inspector General’s office cited all of these findings in audit reports like the ones referenced above—reports which are now part of the public record.
For pass-through agencies, requiring simple financial auditing isn’t enough. Even ensuring that Single Audits (formerly called A-133 audits) are conducted doesn't fulfill the legal requirement to monitor Federally funded programs, as laid out in 2 CFR Part 200 (also called the Uniform Guidance).
Subpart D of the Uniform Guidance states that non-Federal entities—for example, state agencies—that receive and distribute Federal grants (“subawards”) to subrecipients—such as municipal governments and nonprofit organizations—are responsible for monitoring the use of those funds. But what does that require, and how is it different from auditing?
To answer that question, we’ll examine three types of oversight: monitoring, Single Audits, and financial audits.
For an abbreviated copy of this resource, download our oversight comparison chart.
They're Sisters, Not Twins
At the Vander Weele Group, we like to say that monitoring is the preventative medicine that keeps you out of the emergency room (i.e. being subject to audit findings, or worse, being required to return funds). Put another way, monitoring and Single Audits can be viewed as sisters—they have a lot in common, but they are distinct practices conducted at different times and governed by different sets of rules and expectations. Both require assessments of risk, internal controls, and whether funds are allowable. The major difference is in the standards used to measure compliance and what the purpose of each approach is.
The most important distinction between monitoring and any form of auditing is this: monitoring includes both fiscal compliance and programmatic performance and, through the use of tools such as technical assistance, is intended to guide grantees in best practices. Monitoring is designed “to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations,
Fiscal compliance means a grantee:
has the financial management systems necessary to properly manage a grant,
has implemented effective internal controls to protect against fraud and mismanagement, and
uses the funds only for “allowable” purposes, as defined by governing laws, regulations, guidance, or the grant application itself.
Programmatic compliance means the grant-funded program operates as proposed in the grant application and achieves its stated goals.
and the terms and conditions of the subaward; and that subaward performance goals are achieved” (2 CFR 200.332(d)).
Single Audits, by contrast, focus solely on fiscal compliance. Other types of financial audits—which are not mandated by the Uniform Guidance—are frequently conducted to determine whether an organization’s financial statements are accurate. Auditing is typically not concerned with whether a program achieved its goals, its impact on end users, or the strategic value of one type of expenditure vs. another.
To illustrate an example, an auditors might ask, “Does the amount expended on science textbooks fall within the budgeted allotment, and is there sufficient documentation to confirm payment and receipt” while Monitors have the flexibility to be more probing and ask, “Why didn’t students have a copy of the science textbooks—books purchased with grant funds—at the beginning of the year?”
The terms of the Uniform Guidance are clear: monitoring is mandatory. Monitoring must encompass both fiscal compliance and programmatic performance. Programs should be monitored using the requirements of the Uniform Guidance and other applicable Federal, state, and local policies, guidance, and regulations, as well as the grant award terms and conditions and any additional subaward conditions imposed by the pass-through agency. Beyond that, significant flexibility is granted in the design, methodologies, and tools of the monitoring program. This allows monitoring standards to be tailored to the unique circumstances of each agency, subrecipient, and grant program.
Audits are required when a subrecipient expends $750,000 or more in a single fiscal year. If the combined total comes from expenditures in more than one grant program, a Single Audit is required. If the expended funds were awarded under a single Federal program (excluding R&D) and the program's statutes, regulations, or the terms and conditions of the Federal award do not require a financial statement audit, the auditee may elect to have a program-specific audit conducted instead (2 CFR 200.501(c)). Audits make use of precise auditing standards and risk methodologies and are governed primarily by the OMB “Yellow Book” (Generally Accepted Government Accounting Standards). Certain supplemental guidance, such as Program-Specific Audit Guides, may also apply, depending on the program and funding agency.
Though it’s commonly misunderstood, Federal grants are not subject to SEC regulations or corporate accounting standards. Audit findings should be grounded in the documented legal requirements of the Uniform Guidance, rather than the auditor’s opinion or best practices informed by the GAAS/GAAP. We discuss this problem in more detail in our article “How Auditors Get It Wrong on Risk Assessments”.
A word of warning: simply tracking the distribution of funds doesn’t meet the Federal requirements for monitoring.
It isn’t enough to know where the money is or even how the funds are spent; your agency is liable for confirming that subrecipients have the policies, processes, and internal controls in place to protect them, and that the money is being used to best advantage as measured through tools such as sampling of procurement files, reviews of inventory lists, and site visits.
Direct recipients and subrecipients of Federal grants—as well as ground level grantees, such as schools and nonprofits—are subject to monitoring requirements under the Uniform Guidance. However, not every grantee ends up being monitored. Instead, pass-through agencies are required to perform risk assessments to determine which subrecipients are at the greatest risk for non-compliance, then focus monitoring efforts on those grantees.
Indicators of risk can include:
1. The subrecipient's prior experience with the same or similar subawards;
2. The results of previous audits, including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of the
Uniform Guidance, and the extent to which the same or similar subaward has been audited as a major program;
3. Whether the subrecipient has new personnel or new or substantially changed systems; and
4. The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency).
As described above, Single Audits (or, alternatively, program-specific audits) are performed when an entity at any level (state, local, tribal, etc.) expends a combined total of $750,000 in Federal grant funds in a single fiscal year.
Audits follow a familiar formula. They are conducted annually after the close of the fiscal year by professional third-party auditors or CPAs. They employ precise methodologies and strictly defined standards for observations, sampling, and evidence testing. In addition, Single Audits require performing a risk assessment of the grantee, testing account balances, studying the Schedule of Expenditure of Federal Awards (SEFA), and comparing the SEFA to an entity’s financial statements.
In the case of monitoring, the Uniform Guidance deliberately does not prescribe set methodologies, areas of expertise, or tools.
Monitoring programs may:
Be conducted by CPAs or subject matter experts in the grant’s field of impact (Education, Health and Human Services, Disaster Recovery, etc.);
Use tools such as questionnaires, interviews, observations, comparisons of field conditions with laws, rules, and regulations, and verification of files and transactions, and
Include a discussion of findings/areas of concern, training, and technical assistance to help grantees improve performance.
Despite this flexibility, there are some mandated requirements. Subrecipient monitoring must be risk based, measure both fiscal compliance and program performance, and cover each program, function, or activity. It must also include:
Assessments of internal controls
Reviews of required financial and performance reports
Reviews of expenditures for allowability
Verification that every subrecipient that expends $750,000 or more in a fiscal year is audited as required by Subpart F—Audit Requirements
Pass-through entities are also responsible for following-up and ensuring that subrecipients take timely and appropriate action on all identified deficiencies to mitigate ongoing risks.
Finally, unlike audits, monitoring takes place during the grant cycle, usually every three to five years.
Federal requirements give monitoring programs flexibility for an important reason: to allow pass-through agencies to design monitoring methodologies that ensure the grant program operates as planned. Philip A. Maestri, the former Director of Risk Management Services for the U.S. Department of Education who co-chaired the task force that created the Uniform Guidance, said, “Monitoring should look very different than it did 20 years ago, when it was focused on compliance.” During an interview with Vander Weele Group CEO Maribeth Vander Weele, he added, “You can have a program that is technically compliant and still an utter failure.”
This is perhaps the best way to describe the difference between monitoring and auditing: auditing is focused on compliance, while monitoring measures compliance and success, and when necessary, offers a roadmap for improvement. To quote our CEO and former Inspector General of Chicago Public Schools, Maribeth Vander Weele, “A great grants oversight program shouldn't be punitive; it should make it easier for agencies and organizations to fulfill their missions and serve their communities.”
As you’ve just read, monitoring is time consuming, complicated, and places the burden of developing policies, assessments, and standards directly on an agency’s shoulders. When you’re already busy trying to run your program, adding monitoring on top can easily max out employee bandwidth and your budget . That’s where the Vander Weele Group can help.
To talk with a monitoring professional or to learn more about what the Vander Weele Group can do for your organization, email us at email@example.com or call 773-929-3030.