Are there red flags that a risk assessment of a nonprofit serving as a subrecipient to a city should uncover, that if addressed might prevent fraud or at a minimum trigger greater scrutiny to prevent fraud or misappropriation of COVID relief funds?

Performing a risk assessment of a potential nonprofit subrecipient (“subrecipient”) for a municipality may provide an opportunity to identify red flags that could lead to fraud or misappropriation of grant funds, if left unaddressed.

When a municipality awards funds to a subrecipient, it is required to evaluate the subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining appropriate subrecipient monitoring.[1] Municipalities should consider performing a SAM.gov debarment check as a part of this risk assessment to ensure that a nonprofit being considered for an award is eligible to receive federal funds.[2]

If the risk assessment identifies red flags or performance concerns and a municipality still awards grant funds to the subrecipient, the municipality should put a monitoring plan in place imposing specific subaward conditions to ensure the subrecipient addresses any concerns.[3]

Below are common red flags that might surface during a risk assessment, including some specific to nonprofits, that could lead to fraud and/or misappropriation of COVID relief funds, if left unaddressed:

1. The nonprofit lacks prior experience with receiving subawards.
2. The nonprofit lacks an understanding of the federal rules surrounding the subaward.
3. The nonprofit lacks experienced staff or does not have enough staff to ensure compliance and oversight of federal awards and mitigate the risk of fraud, waste and abuse.
4. Previous state, local, and/or federal audits noted significant deficiencies.
5. The nonprofit uses new personnel or new or updated systems for the municipality’s program.
6. A separate federal awarding agency has identified concerns with the nonprofit (e.g., if the nonprofit also receives federal awards from a federal awarding agency, who put monitoring in place because of identified vulnerabilities).
7. The nonprofit has a history of past civil, criminal, and/or administrative investigations.
8. The nonprofit has failed to timely file its Form 990 tax documentation.[4]
9. The nonprofit has previous revocation or suspension of nonprofit status.
10.  The nonprofit has a lack of internal controls to monitor distribution of funds and/or services.
11. No documented policy for conducting due diligence on contractors, suppliers, and vendors exists for the nonprofit.
12. There is no central repository for documenting the subaward activities, such as invoicing, procurement, and inventory control.
13. The nonprofit lacks an employee code of conduct or conflict of interest policy.

Identification of the above red flags may indicate vulnerabilities that could lead to fraud and misappropriation of grant funds.  A risk assessment is critical to identify red flags so that they can be addressed prior to the distribution of funds and/or services.

The municipality should apply the following monitoring tools to ensure proper accountability and compliance with program requirements and achievement of performance goals:[5]

1. Providing subrecipients with training and technical assistance on program-related matters
2. Performing on-site reviews of the subrecipient's program operations.
3. Requiring the subrecipient to submit work-in-progress reports at regular intervals.
4. Establishing a point of contact with the subrecipient for questions or concerns.

Monitoring SAM.gov’s exclusion record throughout the course of the subaward to ensure that the subrecipient is eligible for federal funds.

Last Updated: February 2, 2023