Conducting pre-award subrecipient risk assessments for your research institution

Pre-award subrecipient risk assessments are proactive evaluations conducted by higher education institutions to evaluate the level of experience, compliance history and overall reliability of potential research project partners before entering into a grant or funding agreement. These assessments help institutions identify and mitigate risks, ensuring efficient resource allocation and successful collaboration in research projects and other initiatives.

Why conduct risk assessments?

Recipients of federal awards are required by Uniform Guidance 2 CFR 200.332 to conduct pre-award subrecipient risk assessments. These risk assessments play a vital part in helping an institution become aware of potential legal, reputational and other issues that exist in a potential partner’s institution. Subrecipient risk assessments for potential partners should be completed before entering into any agreements, as required by Uniform Guidance, to ensure the appropriate partners are identified in a timely way to avoid delays with project initiation. Identifying the risk level associated with potential partners is not only important from a compliance standpoint, but it is also integral to safeguarding project success. Risk assessments help evaluate the capabilities and technical expertise of potential partners, minimizing the risk of project failures or delays. In some cases, the results of these risk assessments may reveal it might be too risky to enter into an agreement with the potential partner.

What areas should be assessed?

Key items to assess when performing a risk assessment are financial stability, organizational capacity, compliance and legal issues, risk management policies and general structure of the federal award. The Federal Demonstration Partnership (FDP) provides a helpful template of a Risk Assessment Questionnaire that touches on all the aforementioned areas. While this is a widely accepted standard template, institutions may decide to add additional questions or areas to be assessed based on their own unique needs.

Once risks have been identified after performing the risk assessment, it is important to develop a comprehensive risk mitigation plan. Partners deemed as high-risk (e.g., partners with single audit findings, partners inexperienced in the administration of federal funds, etc.) may require closer monitoring, requiring extensive and/or frequent reporting or imposing specific conditions when passing down federal funds are examples of effective mitigations plans.

Baker Tilly can help

Baker Tilly can review an institution’s subrecipient risk management procedures and deliver recommendations to gaps within the subrecipient risk management process. Our team can provide the following deliverables as a result of our review.

Questions? Contact us!

What we do	What you get
Assess an institution’s policies and resources related to subrecipient risk assessments	A facilitated discussion with key risk management process owners across the institution to identify opportunities for increased communication and awareness as well as a policy gap analysis to determine what documentation needs to be updated, developed and implemented
Identify the roles and responsibilities between departments that are involved in conducting subrecipient risk assessments	A clear understanding and layout of any controls or collaboration efforts in place to conduct effective subrecipient risk assessments
Evaluate current procedures to assess compliance with institutional policies and federal regulations and alignment with industry leading practices	Actionable recommendations to address identified gaps, challenges, risks or enhancement opportunities based on institutional policies, federal requirements and industry leading practices

Case study: subrecipient risk assessment in action

Client background

A research organization was looking to strengthen its internal controls over subrecipient risk assessments and subrecipient monitoring to meet compliance with sponsor and federal regulations and requirements.

Baker Tilly solution

Baker Tilly was engaged to conduct a comprehensive review of the organization’s sponsored research infrastructure. As part of the review, Baker Tilly reviewed risk management policies and procedures currently in place to identify and mitigate risks when evaluating partners’ eligibility. Key process owners were interviewed, and documentation was reviewed to determine risk appetite, current policies and procedures in place and determine roles and responsibilities.

Results achieved

Baker Tilly identified gaps within the client’s policies and procedures. Our review noted that the organization's risk management process did not have clearly defined roles and responsibilities, and inadequate controls were in place to identify and mitigate risk. Our team provided recommendations and enhancement opportunities to not only strengthen their risk management process to achieve compliance with federal regulations, but also be positioned to identify and mitigate risks associated with subrecipients in a prompt manner.

For more information on pre-award subrecipient risk assessments, or to learn more about how Baker Tilly’s higher education internal audit specialists can help your institution, contact our team.

Connect with us