top of page
  • Writer's pictureJillian Helding

What the Uniform Guidance Says about Reporting and Addressing Fraud

As an Illinois-based company, we at the Vander Weele Group took notice when a new state law went into effect on January 1, 2024 that extended the statute of limitations for COVID-19 fraud prosecution. It got us talking about the importance of mitigating the risk of waste, fraud, and abuse before it occurs, and the steps organizations should take to address fraud once it’s been discovered.

In case it’s been a while since you last looked at them, we’ve put together a brief guide to the Uniform Guidance requirements regarding reporting and addressing fraud.

Who is responsible for reporting fraud involving Federal grants?

The Uniform Guidance is clear: the responsibility for reporting fraud involving Federal grants rests with both (1) the entities that apply for or receive awards and (2) the auditors who review their programs.

Section 200.113 states that a non-Federal entity or applicant for a Federal award must disclose, promptly and in writing “all violations of Federal criminal law involving fraud, bribery, or gratuity violations potentially affecting the Federal award.” Disclosures may be made to the Federal awarding agency or (in the case of subrecipients) to the pass-through entity.

Section 200.516(a)(6) requires auditors to report any known or likely fraud impacting a Federal award, unless the fraud is otherwise reported as an audit finding in the schedule of findings and questioned costs for Federal awards.

What happens if fraud is detected?

Section 200.513(c)(3) states that once fraud has been identified as part of an audit, the Federal awarding agency should follow up to ensure the recipient takes appropriate, timely, corrective action. This follow up includes:

  1. Issuing a management decision as prescribed in § 200.521;

  2. Monitoring the recipient’s efforts to implement corrective action;

  3. Using cooperative audit resolution mechanisms; and

  4. Developing a baseline, metrics, and targets to track the effectiveness of the Federal agency's process for following up on audit findings and on (a) the effectiveness of Single Audits in improving non-Federal entity accountability and (b) their use by Federal awarding agencies in making award decisions.

Failure to correct the unfavorable conditions identified by audits—for example, improper payments, waste, fraud, or abuse—may result in penalties, including requiring that the Federal funds be returned to the awarding agency.

Who is responsible for ensuring any findings of fraud by subrecipients are resolved?

Section 200.332 dictates that pass-through entities are responsible for ensuring subrecipients comply with Federal statutes, regulations, and the terms and conditions of the Federal award. This includes:

  1. Following up and ensuring that the subrecipient “takes timely and appropriate action on all deficiencies pertaining to the Federal award…detected through audits, on-site reviews, and written confirmation from the subrecipient”;

  2. Issuing a management decision for applicable audit findings;

  3. Resolving audit findings specifically related to the subaward; and

  4. Considering taking enforcement action against a noncompliant subrecipient.

How can agencies proactively reduce the risk of waste, fraud, and abuse?

In addition to maintaining strong, effective internal control policies and procedures and testing them regularly, one of the best tools for reducing the risk of waste, fraud, and abuse is a good subrecipient monitoring program.

Robust subrecipient monitoring sets programs up to be compliant from day one by identifying potential risk factors and providing a roadmap for addressing them before fraud can occur. In cases of suspected fraud, monitoring can identify the gaps that may have enabled it to occur and provide clues about where to look for hard evidence. Finally, monitoring can provide a framework for pass-through entities to track a subrecipient’s progress towards resolving any audit findings.

Many of the methodologies used in subrecipient monitoring can be adapted for use at the level of the pass-through entity to prevent and detect integrity breaches.


bottom of page