COMPLIANCE RISK SCANNER
Can You Prove Compliance, Or Just Assume It?
Assessment (Score 0–10)
Answer Yes (1) or No (0)
  1. Policies align with current 2 CFR 200 requirements
  1. Internal controls are documented and consistently followed
  1. Procurement processes meet federal standards
  1. Subrecipient monitoring is structured and documented
  1. Required documentation is complete and accessible
  1. Grant expenditures are consistently allowable and allocable
  1. Reporting timelines are consistently met
  1. Prior audit findings have been fully resolved
  1. Roles and responsibilities are clearly defined
  1. Monitoring is proactive—not reactive
Scoring
  • 8–10 → Controlled Environment
  • 5–7 → Moderate Risk
  • 0–4 → High Exposure
If you cannot prove compliance, you do not have compliance.
Get a Strategic Assessment