What Compliance Actually Is
The rules governing federal awards are more specific than most organizations expect
Federal grant compliance means managing awards in accordance with the terms set by the funder, the statutes authorizing the program, and, in almost every case, the Uniform Guidance: 2 CFR Part 200. The Uniform Guidance establishes the administrative requirements, cost principles, and audit requirements that apply to all non-federal entities receiving federal financial assistance.
Compliance is not a one-time event. It runs from the moment an opportunity is identified, running through application, award acceptance, financial management, procurement, subrecipient oversight, reporting, and closeout, and it continues through the records retention period after the award ends. For most federal awards, that window is at least three years post-closeout.
The organizations that manage compliance well do not do so because they have more staff. They do it because they have built systems: clear ownership of each function, documented policies that match what they actually do, and a defined process for reviewing obligations before accepting funds.
"Compliance is not what you do when the auditor calls. It is what you build before you accept the award."
The Uniform Guidance was substantially revised in 2024, and a new proposed rulemaking published in May 2026 signals additional changes ahead, with stronger emphasis on internal controls, procurement documentation, subaward visibility, and leadership-level governance. The direction of travel is toward higher accountability expectations, not lower ones. Organizations that build the right systems now will meet those expectations as routine, not emergency.
Free Resource
Read the complete 2026 2 CFR 200 proposed rule analysis.
On May 29, 2026, OMB published the most significant proposed overhaul to 2 CFR 200 since the Uniform Guidance was established in 2013. The proposed changes affect how every local government and nonprofit pursues, accepts, and manages federal awards. The Grant Project analyzed the full proposed rule so your organization does not have to. Every significant proposed change, what it means for your organization, and what to do before the final rule takes effect.
Read the AnalysisThe Compliance Lifecycle
Compliance obligations begin before you apply and end years after closeout
Every federal award moves through the same lifecycle. Compliance obligations attach at each stage. Missing a step early rarely surfaces immediately. It surfaces at audit, at closeout, or when a specific condition is imposed mid-award because the agency found a gap.
Stage 01
Pre-Award
Evaluating the opportunity against organizational capacity. Confirming active SAM.gov registration. Reviewing the NOFO for compliance obligations, including match requirements, procurement constraints, reporting burden, and subrecipient involvement, before committing to apply. Budget development that accounts for allowable costs and indirect cost rate authority.
Stage 02
Award Acceptance
Reading the award document fully before accepting. Reviewing all terms and conditions, including termination and suspension provisions. Confirming the organization understands and can meet every obligation. Establishing internal systems, including budget codes, reporting calendars, procurement plans, and ownership assignments, before spending begins.
Stage 03
Financial Management
Tracking costs by award using an accrual-based accounting system. Reviewing every expenditure against the allowable cost standard before it is charged. Managing drawdowns with supporting documentation. Tracking match and cost-share contributions. Maintaining segregation of duties over financial functions.
Stage 04
Procurement
Following 2 CFR 200 procurement standards for every purchase charged to a federal award. Selecting the correct method based on dollar thresholds. Documenting the basis for selection, conflict of interest certifications, and cost or price analysis. Reviewing domestic preference and Buy America requirements before soliciting.
Stage 05
Subrecipient Monitoring
Correctly distinguishing subrecipients from contractors. Conducting risk assessments. Establishing monitoring plans matched to risk level. Reviewing financial and performance reports. Confirming subaward reporting in SAM.gov. Addressing findings or concerns before they become audit findings at the prime recipient level.
Stage 06
Reporting and Closeout
Submitting accurate financial and performance reports on schedule. Certifying report accuracy only after reviewing underlying documentation. Completing closeout procedures, including final reconciliation, equipment review, subrecipient closeout, and records retention confirmation, within the funder's required window. Retaining complete grant files for the required period.
The Allowable Cost Standard
Every cost charged to a federal award must pass the same four-part test
2 CFR 200 establishes a specific standard for allowable costs. A cost must be necessary and reasonable for the performance of the award, allocable to the award, consistent with policies applied uniformly across the organization, and in conformance with any limitations in the Uniform Guidance or the award terms. All four conditions must be met. Meeting three is not enough.
This standard applies to every expenditure, including salaries, fringe benefits, travel, supplies, contracts, and indirect costs. The most common compliance failures in financial management are not fraud. They are costs charged without adequate documentation, costs allocated inconsistently, or costs incurred outside the period of performance.
Commonly Allowable
- Salaries and wages for award-related work, documented with time records
- Fringe benefits consistent with the organization's written policies
- Travel at rates consistent with organizational policy and reasonable by federal standards
- Materials and supplies directly used in award performance
- Contractual services procured under 2 CFR 200 standards
- Indirect costs recovered under a NICRA or the de minimis rate
- Training directly related to award activities
Always Unallowable
- Entertainment, regardless of whether it supports the program
- Alcoholic beverages
- Lobbying and political activities
- Fundraising costs
- Bad debts and contingency reserves
- Contributions to other organizations
- Fines and penalties
- Costs incurred outside the period of performance
Unallowable costs must be tracked and segregated in the general ledger. They cannot be included in the indirect cost pool or charged, directly or indirectly, to a federal award.
Internal Controls
2 CFR 200 requires documented internal controls over federal funds, and the proposed 2026 rule would strengthen that expectation
Internal controls are the policies, procedures, and practices that protect federal funds from misuse, error, and waste. The Uniform Guidance requires non-federal entities to establish and maintain effective internal controls that provide reasonable assurance that awards are managed in compliance with federal statutes, regulations, and award terms.
The proposed 2026 revisions to 2 CFR 200 would clarify and elevate internal control expectations, including more explicit treatment of confidential business information, stronger linkage between payment requests and documented work, and clearer leadership-level accountability for award oversight. Organizations with existing documented controls will absorb these changes as refinements. Organizations without them will face a more significant build.
Effective internal controls over federal awards cover six core areas:
Authorization and Approval
Defined authority levels for committing funds. Documented approval requirements before expenditures are incurred or payments are made. No one person should authorize and record a transaction.
Segregation of Duties
Separating the functions of authorization, custody of assets, and record-keeping across different individuals. In smaller organizations, compensating controls such as supervisory review substitute where full segregation is not feasible.
Budget Controls
Award budgets established in the accounting system. Expenditures tracked by award and budget line. Alerts or review processes triggered when spending approaches limits or when a budget modification may be needed.
Procurement Controls
A written procurement policy consistent with 2 CFR 200 thresholds. Documentation standards applied consistently. Conflict of interest certifications obtained for every procurement. Cost or price analysis completed where required.
Reporting Accuracy
A defined review and certification process before financial and performance reports are submitted. Reports reconciled against underlying records. Subaward reporting status confirmed before certifying. No report submitted without a named reviewer.
Records and Information Security
Grant files complete and organized. Access to sensitive information limited to authorized staff. Electronic records stored securely with backup systems tested. Retention periods confirmed and tracked per 2 CFR 200 requirements.
Procurement
Every purchase charged to a federal award is subject to 2 CFR 200 procurement standards
Procurement is one of the most frequently cited areas in federal grant audits. This is not because organizations are acting in bad faith, but because the documentation requirements are specific, and because the thresholds change. The 2024 revision to 2 CFR 200 restructured procurement into three method types and renamed "small purchases" as "simplified acquisitions." The dollar thresholds were then raised again for federal awards made on or after October 1, 2025. Organizations working from older policy manuals are often operating on numbers that no longer apply.
The Uniform Guidance now organizes procurement into three method types, each with its own competition and documentation requirements. The thresholds below reflect the current figures in effect for awards made on or after October 1, 2025.
| Method | Threshold | Requirements |
|---|---|---|
| Informal: Micro-Purchase | Up to $15,000 | No competitive quotes required if the price is reasonable based on research, experience, or purchase history. Distributed equitably among qualified suppliers to the maximum extent practicable. A recipient may self-certify a higher threshold up to $50,000; above $50,000 requires approval from the cognizant agency for indirect costs. |
| Informal: Simplified Acquisition | Above micro-purchase, up to $350,000 | Price or rate quotes from an adequate number of qualified sources. The recipient may exercise judgment in determining what number is adequate. Quotes must be documented and retained. No formal solicitation required. |
| Formal: Sealed Bids or Proposals | Above $350,000 | Formal solicitation required. Sealed bids award to the lowest responsive and responsible bidder. Proposals award on evaluation criteria stated in the solicitation, not price alone. Cost or price analysis required. Full procurement file retained. |
| Noncompetitive | Any amount | Permitted only in limited circumstances defined in 2 CFR 200.320(c), such as a single available source or a public emergency. Requires written justification. Cognizant agency approval may be required depending on award terms. |
These are the federal maximums. An organization must set its own thresholds based on internal controls, risk, and documented procedures, and must apply the most restrictive of local, state, or federal requirements. Across all methods, the procurement file must document the method selected and the basis for that selection, conflict of interest certifications, cost or price analysis where required, and any domestic preference or Buy America determination. This documentation must be retained for the full records retention period.
The proposed 2026 rulemaking would further strengthen procurement documentation expectations, particularly for higher-risk contract types such as time-and-materials and cost-reimbursement contracts, and would clarify domestic preference and Buy America review requirements. Organizations that already document procurement decisions thoroughly will find the changes manageable. Those that rely on informal processes will face the most adjustment.
Indirect Costs · NICRA
Indirect cost recovery is a compliance issue, not just a budget line
How your organization recovers indirect costs on federal awards, whether through a Negotiated Indirect Cost Rate Agreement (NICRA), the de minimis rate, or a direct allocation, has compliance implications that go beyond the rate itself. The method must be documented, consistently applied, and defensible under audit. For organizations managing significant federal award portfolios, a NICRA is often the strongest and most sustainable approach.
Subrecipient Monitoring
The subrecipient versus contractor distinction carries significant compliance weight
When a recipient passes federal funds to another organization, the nature of that relationship determines the compliance obligations that follow. A subrecipient carries out a portion of the federal program and is subject to the same compliance requirements as the prime recipient. A contractor provides goods or services and is subject to procurement standards only. Getting this distinction wrong is one of the most consequential errors a pass-through entity can make.
Subrecipient
Federal program participant
Determines who is eligible for assistance. Has performance measured against federal program objectives. Is responsible for programmatic decision-making. Must comply with 2 CFR 200 requirements passed down from the prime. Subject to monitoring, risk assessment, and audit obligations.
Contractor
Goods or services provider
Provides goods or services within its normal course of business. Operates under the procurement standards of 2 CFR 200, not program compliance requirements. Subject to contract terms, not federal award terms. Does not carry programmatic responsibility.
Pass-through entities are responsible for: conducting risk assessments before issuing subawards, establishing monitoring activities matched to the risk level, reviewing financial and performance reports, and confirming that subawards over the applicable threshold are reported in SAM.gov. The proposed 2026 rulemaking would strengthen subaward reporting confirmation requirements, making it more important than ever to have a defined tracking process in place before awards go out the door.
Single Audit
Organizations that expend $1,000,000 or more in federal awards in a fiscal year must have a Single Audit
The Single Audit, governed by 2 CFR 200 Subpart F, is an organization-wide financial statement and federal award audit required for non-federal entities that expend $1,000,000 or more in federal awards in a fiscal year. It is not the same as a program audit conducted by a specific federal agency. It is a broader review of financial management, internal controls, and compliance across the organization's federal award portfolio.
$1M
Federal expenditure threshold triggering Single Audit, effective October 1, 2024
9 months
Deadline to submit Single Audit results after fiscal year end
3+ years
Minimum records retention after award closeout per 2 CFR 200
The audit produces findings when an organization's financial management, internal controls, or compliance with federal requirements falls short of the standard. Findings are categorized as material weaknesses, significant deficiencies, or instances of noncompliance. They are publicly reported in the Federal Audit Clearinghouse and can affect an organization's standing with federal agencies, including its ability to receive future awards.
The organizations with the cleanest audit histories are not necessarily the largest or the most sophisticated. They are the ones that built their compliance infrastructure before they needed it: documented controls, consistent procedures, and complete records that hold up when reviewed.
What's Changing · May 2026 Proposed Rule
The federal grant rules are changing. The direction of travel is toward higher expectations, not lower ones.
The Office of Management and Budget published a proposed rulemaking on May 29, 2026 that would revise 2 CFR Part 200. The rule is proposed. Nothing is final until OMB publishes a final rule after the public comment period closes. But the direction is consistent and worth understanding now.
The organizations that will handle this change best are the ones that are already building systems. A rule change is much easier to absorb as a policy refinement than as a full compliance build from scratch.
Leadership Governance
Oversight of federal awards treated as an enterprise responsibility shared across leadership, finance, procurement, legal, and program staff.
Internal Controls
Clearer expectations for documented internal controls, with new attention to confidential business information and appropriate scaling to recipient size.
Payment Integrity
Stronger linkage between payment requests and award-related work. Eligibility verification before disbursement. More explicit documentation standard.
Procurement Documentation
Additional documentation for higher-risk contract types. Clearer domestic preference and Buy America review requirements before procurement begins.
Subaward Visibility
Stronger subaward reporting confirmation requirements. Clearer expectations for oversight of downstream entities and their compliance obligations.
Termination and Suspension
Termination provisions incorporated more explicitly into award documents. Defined temporary suspension procedures with written stop-work orders.
The Grant Project submitted formal public comments on this proposed rule, focused on scaling expectations to recipient capacity, providing implementation lead time, and stating obligations clearly at the award level. The comment period and final rule timeline are confirmed in the published Federal Register notice (document 2026-10817).
Grant Governance System
Ready to build the system, not just understand it?
The Grant Project's Grant Governance System turns everything on this page into an adoptable compliance infrastructure for your organization: a fill-in-the-blank policy manual, a companion guide explaining the reasoning behind each policy, and six packets of ready-to-use forms covering governance, pre-award, award acceptance, financial controls, procurement, subrecipients, reporting, records, and closeout. Built for local governments and nonprofits. Built to hold up under scrutiny.
Catherine Riggs, PhD
View our Privacy Policy and Terms and Conditions here. © 2026. All Rights Reserved.