Organizations receiving Federal awards (i.e., grants or cooperative agreements) are required by 2 CFR 200.303(a) to “[e]stablish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.” This section goes on to provide that the internal controls should comply with the guidance in:

  • Standards for Internal Control in the Federal Government (Green Book) issued by the Comptroller General of the United States or
  • Internal Control Integrated Framework, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).

Both the Green Book and COSO are defined around five components of internal control:

  • Control Environment,
  • Risk Assessment,
  • Control Activities,
  • Information and Communication, and
  • Monitoring.

What is an Internal Control?

Both the Green Book and COSO define internal control relatively the same:

  • Green Book – “Internal control is a process used by management to help an entity achieve its objectives.”
  • COSO – “Internal control helps entities achieve important objectives and sustain and improve performance.”

What are the Important Objectives?

For an organization with Federal awards, 2 CFR 200.303 spells out the following overarching important objectives:

  • Establish and maintain a system of internal controls providing reasonable assurance the organization is properly managing its Federal awards.
  • Evaluate and monitor compliance with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards.
  • Taking prompt action when instances of noncompliance are identified including noncompliance identified in audit findings.
  • Taking reasonable measures to safeguard protected personally identifiable information and other information the Federal awarding agency or pass-through entity designates as sensitive or the non-Federal entity considers sensitive regarding privacy and responsibility over confidentiality.

As outlined in the Green Book an organization must perform the following steps to achieve its objectives through internal controls:

  • Identify the objectives the organization should be achieving.
  • Design efficient, yet effective, controls to ensure the objectives are achieved.
  • Put the controls in place as part of the day-to-day activities of its personnel.
  • Verify the controls are operating and ensuring the objectives are achieved.

This requires continuous risk assessment and monitoring. As stated in COSO “[a]n effective system of internal controls demands more than rigorous adherence to policies and procedure: it requires the use of judgment.” The organization’s management must “use judgment to determine how much control is enough.”

Your Internal Controls will be Tested

2 CFR 200.501 requires all organizations expending more than $750,000 during its fiscal year on Federal awards to have either a single or program-specific audit conducted in accordance with 2 CFR 200.514, Scope of audit. 2 CFR 200.507(b)(3)(ii) requires auditors performing a program-specific audit to “[o]btain an understanding of internal controls and perform tests of internal controls over the Federal program” and 2 CFR 200.507(b)(4)(ii) requires auditors to provide “[a] report on internal control related to the Federal program, which must describe the scope of testing of internal control and the results of the tests.” 2 CFR 200.514, 515, and 516 provides specific details as to the internal control testing and report requirements placed on the auditors.

How Can Redstone Help?

Redstone can assist organizations with federal grants and cooperative agreements to ensure compliance with the 2 CFR 200. 303 internal control requirements by:

  • Assisting with the 2 CFR 200 internal control requirements (Green Book or COSO)
  • Providing assessment of your current internal control compliance
  • Assisting in responding to audit findings and developing corrective action plans
  • Supporting implementation of corrective action plans related to audit findings
  • Providing policy and procedure templates
  • Drafting or reviewing organization specific policies and procedures
  • Providing training to your staff related to key 2 CFR 200 compliance objectives

Redstone GCI is available to assist organizations in developing accounting policies and procedures, checklists, accounting support and reviews of invoices, and government reports for compliance with 2 CFR 200. Redstone GCI assists organizations throughout the U.S. and internationally with understanding the Government’s expectations in applying the 2 CFR 200 Uniform Administrative Requirements, Cost Principles, and Audit Requirements for federal grants.

2 CFR 200 Consulting Brochure DOWNLOAD NOW

Written by John C. Shire, CPA

John C. Shire, CPA John is a Director with Redstone Government Consulting, Inc. providing government contract consulting services to our clients primarily related to the DFARS business systems, CAS Disclosure Statements, and DCAA/DCMA compliance preparation, advisory, and defense. Prior to joining Redstone Government Consulting, John served in a number of capacities with DCAA/DCMA for more than 30 years. Upon his retirement, he was based in Texas as an SES-level Corporate Audit Director for DCAA, managing a staff of 300 auditors at one of the largest DOD programs. Professional Experience John began his career in the late 80s working in the Clearwater, FL audit office and over the next three decades he progressed through a number of positions within both DCAA and DCMA with career highlights as DCAA Program Manager at Ft. Belvoir, Chief of Technical Programs Division, Deputy Assistant Director-Policy, Director of the DCMA Cost and Pricing Center, the SES-level Lockheed Martin Corporate Audit Director, and Director of Integrity and Quality Assurance. John’s three decades of experience in performing and leading DCAA auditors and DCMA reviewers provides a wealth of expertise to our clients. John’s role, not only in the performance of audits, but also in the development of audit policy affords him unique insights into the defense of audit findings and the linkage of audit program steps to the underlying regulatory framework. He is an expert in FAR, DFARS, and other agency acquisition regulation, as well as a subject matter expert in the Cost Accounting Standards having reviewed and provided audit feedback on many of the largest and most complex cost accounting practices during his tenure with the DCAA. John’s tenure with DCAA and DCMA came at a critical time during each agency’s history where a number of changes were occurring such as the response to the ICS backlog, development of audit approaches to the DFARS Business Systems and implementation of new audit initiatives as a result of Congressional oversight through the NDAA process. John’s leadership at the DCMA Cost & Pricing center saw oversight of all major DOD pricing actions, leadership of should cost review teams, the Commercial Pricing group and many other areas of strategic value to our clients. His involvement in these and other Agency initiatives is of great value to our clients due to his in depth understanding of DCAA and DCMA’s internal policy directives. Education John holds a Master of Business Administration and a B.A. in Accounting from the University of South Florida. Certifications Certified Information Systems Auditor State of Alabama Certified Public Accountant

About Redstone GCI

Redstone GCI is a consulting firm focused on fulfilling the needs of government contractors in all areas of compliance. With a singular mission to help contractors through the multiple layers of “red tape,” we allow contractors to focus on what they do best – support their mission with the U.S. Government. We are home to a group of consultants made up of GovCon industry professionals, CPAs, attorneys, and retired government audit and acquisition professionals.

Our focus and knowledge of audit and compliance functions administered by DCAA and DCMA will always be at the heart of what we do. However, for the past decade, we’ve strategically grown to support other areas of the government contractor back-office with that same level of focus and expertise. We’ve added expertise in contracts management, subcontract administration, proposal pricing, various software systems, HR and employment law, property administration, manufacturing, data analytics/reporting, Grant specialists, M&A, and many other areas. When we see a trend in the needs of contractors, we act to ensure we can provide the best expertise in the market to fulfill those needs.

One thing our clients can be certain of is that with the Redstone GCI Team in your corner, there is no problem too big and no issue too technical for our team to tackle.

Topics: Government Regulations, Grants & Cooperative Agreements (2 CFR 200)