Welcome to Feldesman's Grants Practice Shorts series where we discuss helpful tips and strategies in common areas of federal grant management. Be sure to check out our other installments on our Grants Practice Shorts page.
This week we focus on the concept of internal control, which "is generally defined as a process effected by an entity's oversight body, management, and other personnel that provides reasonable assurance that the objectives of an entity will be achieved." OMB, Compliance Supplement (May 2024), Part 6 (Internal Control) at 6-2.
The Uniform Guidance requires federal grantees to establish and maintain internal control over the federal awards that provide reasonable assurance that the non-federal entity is managing the federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal awards. 2 C.F.R. § 200.303. We discuss key elements to understand internal control over compliance in federal awards.
Internal Control: Objectives
Federal regulations set forth three sets of key objectives of internal control:
- Transactions are properly recorded and accounted for in order
to:
- Permit the preparation of reliable financial statements and federal reports;
- Maintain accountability over assets; and
- Demonstrate compliance with federal statutes, regulations, and the terms and conditions of the federal award;
- Transactions are executed in compliance with:
- Federal statutes, regulations, and the terms and conditions of the federal award that could have a direct and material effect on a federal program; and
- Any other federal statutes and regulations that are identified in the Compliance Supplement; and
- Funds, property, and other assets are safeguarded against loss from unauthorized use or disposition.
See §§ 200.1 (Definition of internal control) and 200.303.
Internal Control: Suggested Best Practices
The Uniform Guidance recommends that grantees establish internal controls aligned with guidance in "Standards for Internal Control in the Federal Government," issued by the Comptroller General of the United States (the "Green Book") or the "Internal Control Integrated Framework" (revised in 2013), issued by the Committee of Sponsoring Organizations of the Treadway Commission ("COSO"). Id.
Grantees possess substantial autonomy and flexibility in implementing those internal controls as are convenient and appropriate to the organization's circumstances, whether drawn from the Green Book, COSO's framework or other sources. Thus, "management exercises judgment in balancing the cost and benefit of designing, implementing, and operating internal controls. In exercising that judgment, management considers both qualitative and quantitative factors, as well as the specific risks of their federal awards and operations." Compliance Supplement at 6-3.
Internal Control: Policies and Procedures
Grantees implement internal controls through written policies and procedures. Policies are management's "statements of what should be done to effect internal control" and procedures "consist of actions that implement a policy." Id.
Federal grant regulations, as well as program-specific conditions, generally require grantees to adopt written policies and procedures supporting compliance in certain areas, such as procurement policies, conflicts of interest policies, and funds drawdown.
Internal Control: Audits
Federal audit requirements ask auditors "to obtain an understanding of internal control over Federal programs sufficient to plan the audit to support a low assessed level of control risk of noncompliance for major programs." § 200.514(c)(2). Generally, if "internal control over some or all of the compliance requirements for a major program are likely to be ineffective in preventing or detecting noncompliance," an auditor "must report a significant deficiency or material weakness... assess the related control risk at the maximum, and consider whether additional compliance tests are required because of ineffective internal control." §§ 200.514(c)(4) and 200.516(a)(1).
Internal control is "a dynamic and iterative process" (Compliance Supplement at 6-2) inextricably bound with strategic planning, performance oversight and, when effective, prompt corrective action to reduce risk of noncompliance and promote effective outcomes in federally-funded activities.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
