Post-award grant management presents significant risks for fraud, with internal control failures, misallocation of funds, and inaccurate reporting becoming increasingly visible after funding is disbursed. Federal regulations under 2 CFR 200 require vigilant oversight to prevent violations related to financial practices, procurement, subrecipient monitoring, and closeout procedures.
Key Insights
- Misallocation of funds, falsified outcome reporting, and unsupported staff charges frequently violate federal cost principles, particularly sections 403 (allowability), 405 (allocable costs), and 430 (time and effort documentation).
- Procurement fraud, including favoritism, improper bidding, and inadequate documentation, is a high-risk area governed by sections 317 to 327 of 2 CFR 200, requiring transparent and competitive practices.
- Closeout procedures under section 344 often reveal hidden issues such as misstated final costs, improper equipment disposition, and missing documentation, emphasizing the need for complete records and strong internal controls throughout the grant lifecycle.
This lesson is a preview from our Grants Management Certificate Course Online. Enroll in a course for detailed lessons, live instructor support, and project-based training.
Post-award is where the majority of grant fraud occurs. The award has been issued, money is available, work is underway, and that's where opportunity and pressure collide. Under 2 CFR 200 section 303 and subsection 331, this is where recipients and pass-through entities must actively monitor activities.
Post-award is where internal control failures become visible. Let's break down the risks listed on this slide. The misallocation of funds between cost objectives.
This is extremely common. One program runs out of money, so staff quietly shifts costs to another grant, or a manager allocates staff time to whichever grant has an available budget. This violates a series of our cost principles, section 405 allocable costs, section 403 allowability, and section 430 time and effort documentation.
I once saw a grantee allocate 50 percent of their receptionist time to a public health emergency grant simply because she answers the phone for everyone. It's a no-no. Number two, false reporting on program outcomes.
Program fraud is massively under-detected. Examples would be inflated participant numbers, mill demonstrations of fabricated services, copy and pasting narrative reports, successful outcomes that never occurred, and backdated sign-in sheets. I've seen programs document 600 participants using sign-in sheets clearly written in the same handwriting.
Unauthorized procurement methods or favoritism. This includes circumventing competitive bidding using expired vendor lists, awarding contracts to relatives, splitting purchases to avoid thresholds, and emergency procurements with no justification. These examples violate the procurement section of 2 CFR 200 sections 317 to 327.
Procurement is one of the highest risk areas for fraud. Weak documentation or unsupported spending. This may include missing receipts, vague invoices, altered invoices, credit card transactions with no backup, and excessive cash draws.
In one case, a fiscal officer submitted identical photocopied receipts for six separate purchases. They claimed the originals were washed in the laundry. Granular, detailed documentation.
That's the backbone of post-award integrity. Subrecipient misconduct. Under Section 331, recipients must monitor subrecipients, and when they don't, fraud flourishes.
Examples can include subrecipients double-billing, falsifying deliverables, charging costs after the period of performance, and inadequate financial controls. Post-award risk is where strong monitoring either prevents fraud or fails to detect it. Closeout is deceptively risky because everyone thinks the grant is done.
But in reality, closeout issues reveal, closeout process reveals issues that were hitting throughout the entire period of performance. Under 2 CFR 200 Section 344, closeout requirements include final financial report, final performance reports, return of any unspent funds, settlement of obligations, and documentation of equipment disposition. Let's break down the risk listed on this slide and expand it.
Misstated final costs or unliquidated obligations. Some organizations rush to spend out their remaining funds at the end of the award. This leads to unnecessary purchases, unallowable costs, made-up obligations, and cost shifting to avoid returning funds.
Closing out grants does not end accountability. Incomplete records or missing documentation. If documentation is missing during closeout, it means it never existed, it was never collected, or it was lost due to weak record retention practices.
Many OIG findings surface because closeout triggers a deeper review. Late invoices. Vendors sometimes submit invoices months after the period of performance ends.
Paying them becomes a violation because they didn't occur during the award, obligations weren't properly recorded, and late documentation undermines transparency. You cannot fix a lack of internal controls at closeout. Improper Equipment Disposition.
Under Section 313, the Equipment section, and subpart D of 2 CFR 200, equipment bought with federal funds must follow disposition rules. Common violations include selling equipment without permission, misreporting its fair market value, failing to track equipment, and claiming lost items without supporting documentation. I once saw an agency declare that a $25,000 generator was missing.
Such large pieces of equipment, missing in disposition, that's a major red flag. Loss of Electronic or Paper Records. Sometimes systems are replaced or staffed apart, and critical records vanish.
This undermines audit readiness, corrective action compliance, and future funding eligibility. Closeout is not only a compliance function, it is a fraud detection moment in process. Red flags are behavioral, financial, or operational indicators that something may be wrong.
They are not proof of fraud, but they demand a deeper investigation. Let's expand the list of red flags, shall we? Frequent Budget Revisions with Minimal Justification. When program staff consistently shifts money around, it often signals poor planning, underperforming objectives, attempts to conceal overspending, and efforts to make unallowable costs appear allowable.
Budget Revisions must align with the standards in Section 308 of 2 CFR 200. Invoices Lack in Detail or Independent Review. Red flags include generic descriptions, such as professional services, no supporting adequate documentation, identical invoice formats from unrelated vendors, invoices approved by the same people who benefit from them, no segregation of duties, and inconsistent performance data across reports.
This includes sudden spikes in outcomes, mismatches between financial and performance reports, participant counts that defy logic, and duplicative narratives across multiple reporting periods. Under Section 329 Performance Reports Requirements, performance must always be verifiable. Round Dollar Invoices.
Round numbers 5,000, 10,000, 15,000, appearing repeatedly, are well-known fraud indicators. Researchers and investigators look for patterns such as evenly rounded invoice totals, identical invoice amounts across different vendors, monthly services with no explanation, fraudsters like round numbers, unusual vendor behavior, new vendors that appear suddenly out of nowhere, vendors with no online presence, vendors using personal email accounts, frequent lost invoice requests, late invoices at closeout, related party vendors not disclosed. This intersects directly with the procurement standards under Sections 317 to 327 and Subpart D of 2 CFR 200.
If something feels off, it usually is.