Subcontract Risk Assessment

The Subrecipient Risk Assessment Report is intended to provide OGRA with a method for assessing Subrecipient risk and to be applicable across federal granting authorities, as well as across University monitoring authorities.  This report was developed to be as comprehensive as possible.  Some sections may not be applicable to specific programs or subrecipients as it applies to the scope of work or amount of funding. If items are not applicable, “N/A” should be used. The report should also include documentation to support particular risk items as they relate to governing compliance statutes, rules and supplements for the program.

Subrecipient Monitoring Procedures on Risk Analysis

Using the information obtained in the Subrecipient Forms (Audit Certification and Financial Status Questionnaire), each subrecipient will be evaluated by completing a subrecipient risk analysis. The risk analysis determines the level of risk associated with each subrecipient, and subsequently to the Chicago State University. A risk level is assigned to each subrecipient based on the score attained in response to the risk analysis questions. Please see updated risk analysis here:


  1.   Analysis of risk on submitted Subrecipient - Audit Certification and Financial Status Questionnaires provided by CSU.
  2.   Analysis of risk must be applied on all new subaward or modification on an existing award.
  3.   Analysis of risk is needed as an assessment and part of the subrecipient monitoring as stated 2 CFR 200.
  4.   Respective actions are required on the weighted score.
  5.   In case of modification, the financial thresholds are cumulative and may require re-assessment of the risk.
  6.   It is the responsibility of the PI, OGRA Office, the Deans and Department of the responsible colleges to collect information and require additional documentation.
  7.   Additional information not detailed in the risk assessment can be added in the “Notes” section of the form. 

Risk Assessments 

Review of subrecipients internal controls and business practices to mitigate risk in carrying out project objectives and expending federal funds. 

Potential Indicators of High-Risk

  1.   Program Complexity
  2.   Percentage passed-through
  3.   Dollar amount of award
  4.   New subrecipient
  5.   History of non-compliance
  6.   New personnel
  7.   New or substantially changed systems 

Risk Assessments Are Conducted By the Following: 

  1. Federal Audit Clearinghouse
  2. Subrecipient Profile Form
  3. Audit Reports and/or financial statements
  4. Websites
  5. Excluded Parties List System
  6. Interviews
  7. Site Visits
  8. Interactions (Communication via email and over the phone) 

Risk Assessments are conducted 

  1. At the proposal stage
  2. Before the issuance of a subaward
  3. During the life of the subaward
  4. At closeout of the subaward

There are four (4 levels of risk) 

Low, 0-11 - No action necessary.  

Medium, 12-50 - If applicable, require detailed invoicing for subrecipient; as appropriate, seek guidance from PI (Principal Investigator), OGRA (Office of Grants and Research Administration) and Legal Department and/or Risk Management. on complex contract or compliance issues.  

High, 51-83 – If applicable, seek guidance from PI, OGRA, Legal and/or Risk Management on complex contract or compliance issues and the additional monitoring that should be put in place such as more detailed invoices, more frequent/detailed financial and/or programmatic reporting, etc. including how and by whom the monitoring will be done.  

Very High, >=84 - Monitoring and management discussions with PI, OGRA, and Legal and Risk Management are required prior to issuance of a subaward.  

If a subrecipient is found to be high risk, quarterly follow-ups are performed by the PI. Each quarter, an email is sent to the department with a series of questions to determine if the subrecipient is performing in accordance with the terms and conditions of the subaward as follows:  

  1.  Are deliverables and milestones progressing in accordance with the subaward?
  2.  Are invoices being submitted timely?
  3.  Are there any other concerns that you have with this subrecipient?

This process is completed until all identified issues are resolved.

Copies of all correspondence is retained in the subaward file at OGRA  

Remedies for noncompliance §200.338   

If a non-Federal entity fails to comply with Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.207 Specific conditions. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances:

(a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity.

(b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance.

(c) Wholly or partly suspend or terminate the Federal award.

(d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency).

(e) Withhold further Federal awards for the project or program.

(f) Take other remedies that may be legally available.