The Regulation That Controls Every Dollar of Your Federal Grant
Every year, the federal government distributes over $1.2 trillion in grants and cooperative agreements to organizations across the country.1 A single regulation governs how every recipient must manage that money. It is called 2 CFR Part 200, formally known as the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, and commonly referred to as the Uniform Guidance.2
Most organizations first encounter this regulation as a footnote buried in an award notice or a reference on a checklist during a site visit. By that point, the compliance obligations have already been in effect for months. This is a problem because the consequences of non-compliance are severe, measurable, and public. A single audit finding can trigger questioned costs ranging from $22,000 to $144,000 or more per finding, repayment demands, corrective action requirements, and in serious cases, suspension from all future federal funding.3 Understanding what this regulation requires before an auditor asks is not optional. It is the baseline condition of receiving federal money.
What 2 CFR Part 200 Actually Is
The “2 CFR” refers to Title 2 of the Code of Federal Regulations, which covers grants and agreements. “Part 200” is the specific section within that title. The Office of Management and Budget (OMB) issued this regulation in 2014 to replace a fragmented patchwork of earlier guidance documents, including OMB Circulars A-21, A-87, A-110, A-122, and A-133, under a single unified framework.4 Before 2014, a nonprofit, a university, and a local government each followed different circulars for the same basic compliance obligations. The consolidation eliminated that confusion, but it also raised the bar: one comprehensive set of requirements now applies to everyone.
The most recent significant revision took effect on October 1, 2024, introducing changes to audit thresholds, procurement standards, and internal control requirements.5 If your organization is working from a compliance checklist or policy template that predates this revision, it may already be out of date.
Who Must Comply
The regulation applies to any non-federal entity that receives a federal award. That includes:
- Nonprofit organizations, including 501(c)(3) entities
- State and local governments
- Tribal governments and tribal organizations
- Institutions of higher education
- Hospitals and other healthcare entities receiving federal funds
Here is where many organizations make a critical mistake: they assume that because they receive funding through a state agency or a larger nonprofit (a pass-through arrangement) rather than directly from a federal agency, the full weight of federal compliance does not apply to them. It does. Section 200.332 requires pass-through entities to include all applicable Uniform Guidance requirements in subaward agreements.6 If you are a subrecipient, you are bound by the same regulation as the organization that passed the money to you. Many subrecipients learn this for the first time during an audit.
One important distinction: the regulation does not apply to contractors providing goods or services in exchange for payment. Whether your organization qualifies as a subrecipient or a contractor is a determination with significant compliance implications, and section 200.331 addresses it explicitly.7 Getting this classification wrong can mean either failing to comply with requirements that apply to you, or imposing requirements on vendors that do not apply to them.
The Six Subparts: What the Regulation Requires and Why It Matters
2 CFR Part 200 is organized into six subparts. Each one addresses a distinct area of compliance, and each one has specific failure modes that generate audit findings. Here is what each covers in practical terms.
Subpart A: Definitions That Carry Legal Weight
Subpart A defines the terminology used throughout the regulation. Terms like “federal award,” “pass-through entity,” “subrecipient,” “indirect costs,” and “program income” all carry specific regulatory meanings that differ from their colloquial usage. Misreading a definition can cause you to misapply a requirement entirely. For example, “program income” has a precise definition under section 200.1 that determines whether revenue generated during a grant period must be deducted from your award, added to it, or used to meet cost-sharing requirements.8 Before interpreting any other part of the regulation, verify how it defines the term you are working with.
Subpart B: Scope and Applicability
Subpart B establishes who the regulation covers and how it interacts with agency-specific requirements. When a federal agency has its own supplemental rules, those apply in addition to the Uniform Guidance, not instead of it.9 This means compliance is always a floor, never a ceiling. Your actual obligations are the Uniform Guidance plus whatever your specific awarding agency requires on top of it.
Subpart C: What Happens Before the Award
Subpart C governs the pre-award process: how agencies advertise funding, evaluate applications, and structure award terms. For recipients, the practical relevance is understanding what representations you made during the application process, because those representations become binding obligations once the award is made. This subpart also addresses pre-award risk assessments that agencies conduct on applicants.10 If your organization has prior audit findings or a history of late reporting, those factors directly affect how an agency evaluates your application and what additional conditions it may impose on your award.
Subpart D: The Operational Core
This is the subpart where most compliance failures occur. Subpart D covers the ongoing administrative requirements that apply from the moment you receive an award through closeout. It addresses financial management systems and internal controls, payment and cash management procedures, matching and cost-sharing obligations, budget modifications requiring prior approval, procurement standards (including competition thresholds, conflict of interest policies, and documentation requirements), subrecipient monitoring, record retention (generally six years from submission of the final expenditure report), property standards for equipment purchased with federal funds, and closeout procedures.11
Two areas within Subpart D generate a disproportionate share of audit findings: procurement and subrecipient monitoring.12 Many organizations have purchasing policies that were written for their own operational needs but do not meet the federal thresholds for competitive bidding or documentation. Similarly, many organizations that pass federal funds to other entities do not have the formal written agreements, risk assessments, or monitoring procedures that sections 200.332 through 200.333 require. These are not obscure technicalities. They are among the most frequently cited deficiencies in single audits nationwide.
Subpart E: What You Can and Cannot Charge
Subpart E defines cost allowability. For any cost to be charged to a federal award, it must satisfy four conditions simultaneously: it must be necessary and reasonable for the performance of the award, allocable to that specific award, consistent with your organization’s own policies, and compliant with the specific cost principles in the regulation.13 Failing any one of those conditions makes the cost unallowable, which means you either absorb it with non-federal funds or face a questioned cost finding during audit.
The regulation includes a detailed list of over 50 specific cost categories, from advertising to travel, each with rules about when charges are or are not allowable.14 It also covers indirect costs and two paths for recovering them: a negotiated indirect cost rate agreement (NICRA) with your cognizant agency, or a de minimis rate of 10 percent of modified total direct costs available to organizations that have never had a negotiated rate.15
Personnel costs deserve special attention because they are typically the largest line item on a federal award. The regulation requires documentation that supports the distribution of each employee’s salary across federal and non-federal activities.16 Time-and-effort reporting, the process of maintaining these records, is one of the most common sources of audit findings across all entity types. The reason is straightforward: if you cannot demonstrate how an employee’s time was allocated, an auditor cannot confirm that the salary charges to your award were accurate.
Subpart F: The Single Audit
Any non-federal entity that expends $1,000,000 or more in federal awards during a fiscal year must undergo a single audit. This threshold was raised from $750,000 in the 2024 revision.17 A single audit is an independent examination covering both the entity’s financial statements and its compliance with the requirements of each major federal program.
The results are not private. Single audit reports are submitted to the Federal Audit Clearinghouse and are publicly available.18 Federal agencies, pass-through entities, and the general public can review your findings. Repeated findings or findings that go unresolved trigger escalating consequences: increased monitoring, additional reporting requirements, or referral to the awarding agency’s Office of Inspector General. Your audit history follows you into every future grant application.
The Real Cost of Non-Compliance
Non-compliance with 2 CFR Part 200 produces consequences that scale with the severity of the finding. At the lower end, questioned costs require you to justify expenditures to the awarding agency, and if you cannot, to repay them from non-federal funds. In the middle, significant deficiencies require formal corrective action plans with timelines, responsible parties, and follow-up reporting. At the upper end, material non-compliance gives the awarding agency authority to suspend or terminate your award entirely.19
The most severe consequence is suspension and debarment: exclusion from receiving any federal awards, across all agencies, for a defined period. This outcome is reserved for serious or willful misuse of funds, but it is not theoretical. The System for Award Management (SAM.gov) maintains a public list of excluded entities.20
Beyond direct financial exposure, there is the administrative burden. Responding to audit findings, developing corrective action plans, submitting to increased monitoring, and rebuilding credibility with awarding agencies consumes staff time and organizational attention that could otherwise be directed toward mission delivery. Prevention is not just less expensive than remediation; it is less disruptive to every other priority your organization is trying to advance.
Where to Start
If you are managing federal grant compliance for the first time, the volume of requirements in 2 CFR Part 200 can feel overwhelming. The most practical starting point is an honest assessment of where your organization currently stands against the specific requirements most likely to surface in an audit: financial management systems, procurement procedures, personnel activity documentation, subrecipient monitoring, and internal controls. These five domains account for the majority of single audit findings nationwide.
Our free diagnostic assessment scores your organization across all five domains in about 10 minutes. You will receive a domain-level readiness score and a clear summary of where the gaps are, so you know exactly what to address first.
Take the free compliance assessment.
Notes
1 USASpending.gov, “Award Data Archive,” federal obligations data for FY2024. Total includes grants and cooperative agreements to non-federal entities.
2 2 CFR Part 200, “Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards.” Available at ecfr.gov.
3 Cost-per-finding estimates derived from Federal Audit Clearinghouse data, single audit questioned cost distributions for entities expending $1M-$10M in federal awards.
4 78 FR 78590 (Dec. 26, 2013), “Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards,” final rule consolidating OMB Circulars A-21, A-87, A-110, A-122, and A-133.
5 89 FR 30046 (Apr. 22, 2024), “Guidance for Federal Financial Assistance,” final revisions effective October 1, 2024.
6 2 CFR 200.332, “Requirements for pass-through entities.”
7 2 CFR 200.331, “Subrecipient and contractor determinations.”
8 2 CFR 200.1, definition of “program income”; 2 CFR 200.307, “Program income.”
9 2 CFR 200.101, “Applicability”; 2 CFR 200.102, “Exceptions.”
10 2 CFR 200.206, “Federal awarding agency review of risk posed by applicants.”
11 2 CFR 200.300-200.346, Subpart D, “Post Federal Award Requirements.”
12 Government Accountability Office (GAO), reports on single audit quality and common findings; see also AICPA Government Auditing Standards guidance on compliance testing.
13 2 CFR 200.403, “Factors affecting allowability of costs.”
14 2 CFR 200.420-200.476, “General Provisions for Selected Items of Cost.”
15 2 CFR 200.414(f), de minimis indirect cost rate of 10 percent of modified total direct costs.
16 2 CFR 200.430, “Compensation, personal services,” including standards for documentation of personnel expenses.
17 2 CFR 200.501, “Audit requirements”; single audit threshold raised from $750,000 to $1,000,000 effective October 1, 2024.
18 Federal Audit Clearinghouse, facweb.census.gov. Single audit reports are publicly accessible.
19 2 CFR 200.339-200.343, “Remedies for Noncompliance,” including suspension, termination, and withholding of support.
20 2 CFR Part 180, “OMB Guidelines to Agencies on Governmentwide Debarment and Suspension”; SAM.gov Exclusions database.
Leave a Reply