Grants Management: Identifying 10 Internal Control Gaps
By Rachel Werner
Principal, MyFedTrainer

Sometimes, we get lost in the jargon of internal controls and grant management and forget the role of vigorous checks and balances in increasing trust with our funders, employees, and the public.
 
Grant recipients can help keep funders happy by ensuring the organization has strong internal controls that prevent good grants from going bad and ensure compliance with the Uniform Guidance, which requires recipients and subrecipients to maintain robust internal controls.
 
Here are some common grants management risks that allow grant fraud to occur and examples of what should alert you to dig deeper into what is happening at your organization.
How many of these 10 common risks have you run into?

Risk #1: Unethical Leadership
Examples of signs that management does not place a high value on ethical practice include:

• Lacking clear policies

• No clearly defined lines of authority

• Limited separation of duties

• Little individual accountability

•  Missing mechanisms to report fraud

Risk #2: Tolerance of Risky Behaviors
Risky behavior can happen at the highest levels, and the following demonstrate some high-risk behaviors (even at the highest levels):

• Aggressive accounting

• Poor oversight in the preparation of financial statements

• Inadequate comparison of budgets with performance

• Lack of Human Resources oversight in hiring, pay scales, and bonuses

• Missing or substandard personnel appraisals and reviews

Risk #3: Inadequate Technology Security
Information technology (IT) is an area that has historically been far removed from the grants management function, and these substandard IT security missteps can put your organization at risk:

• Easy access and lack of restrictions on computer usage

• Missing record retention policies for electronic records

• Lack of formal data backup and recovery plans

Risk #4: Poor Protection of Assets
Assets include cash, equipment, and other property types, from office supplies to electronics, and these assets can sometimes go missing due to:

• Substandard physical security of assets for facilities, records, computers, cash, and data files

• No consistent and periodic audit comparing existing assets with records of assets

• Weak monitoring of asset movement between locations and people

 
Risk #5: Weak Accounting Controls
Substandard or inadequate accounting controls and security can also play a role in the opportunity for fraud to blossom, including:

• Inadequate separation of duties

• Ineffective monitoring of duplicate payments and vendors

• Incomplete or late reporting

• Missing review of journal entries, new vendors, and account reconciliations

Risk #6: Insufficient Project Monitoring
While managing funded projects can be a busy, even chaotic time, it should be recognized that the period of performance is where opportunity is created for potential fraud. Signs of fraud risk include:

• Unusually large reliance on students or volunteers

• Multiple sources of governmental funding

• Special requirement projects (i.e., eligibility requirements)

• Projects that demonstrate little or no results

•  Slow or no project reporting

Risk #7: Incomplete Cash Controls
Because cash is the most easily converted type of asset, incomplete cash controls create a massive opportunity for fraud. Practices to look out for are:

• Separate accounts for things like cost share or matching, other donations, or departmental expenses exist without adequate controls

• Linked infrastructure between nonprofit and for-profit counterparts makes separating and auditing transactions difficult

• Use of cash or wire transfers for payments

• Lax monitoring of cash deposits

Risk #8: Lack of Monitoring
The role of monitoring is to determine if what you think is happening is happening…or NOT!
Without monitoring, the opportunity for frauds to go undetected is increased:

• Unusual, complex, or new transactions at the end-of-year or reporting period without sufficient review and approval

• Inadequate credit card or expense report oversight

• Unexplained discrepancies between the budget and the actual costs

• Shifting expense line items or accounts without proper justification

Risk #9: Conflicts of Interest
Conflicts of interest can happen with any organization, but a lack of a transparent process for dealing with them can lead to expensive cost disallowance for federal grant recipients and a public relations nightmare for many organizations:

• Principal Investigators (PI) or Program Directors with one or more outside businesses are not required to disclose interests

• Inadequate formal oversight by boards of management relationships

• Unclear reporting process

• Untrained staff on how to handle potential conflicts of interest

• Lack of multiple reporting paths for whistle-blowers

Risk #10: Ignoring Staffing and Payroll Difficulties
Finally, the opportunity for fraud is accelerated by staffing and payroll problems:

• Inadequate payroll system

• Lack of monitoring of payroll discrepancies

• Vague consultant or subcontractor agreements

• High staff turnover

Watch for Warning Signs!
While these risks have historically been associated with fraud, they do not prove fraud is occurring. But like the old saying goes, “Where there is smoke, there can be fire!”
 
Treat these common missteps as an early warning system that alerts you to carefully investigate the circumstances to reduce the risk of fraud at your organization.

Need to refresh your compliance knowledge? Join one of our upcoming trainings.

Rachel Werner is the principal of MyFedTrainer, a provider of training and ongoing support to grants administrators.