1 of 21

When a Compliance Issue Arises: Now What?

State Budget Department�Grants Management Office

Mark Gordon, Governor | Kevin Hibbard, Director

Dru Palmer, Grants Integration Manager

Christine Emminger, Administrator for the Grants Management Office

Diana Cabriales, Deputy Administrator for the Grants Management Office

June 23, 2026

2 of 21

Session Objectives

Identify the types of compliance issues that may arise during the grant lifecycle and recognize common sources of detection

Differentiate between minor issues, significant deficiencies, and material findings, and understand escalation expectations

Explain the appropriate response steps when a compliance issue is identified

3 of 21

When a Compliance Issues Arises

4 of 21

Compliance Issues Happen. Now What?

Compliance issues often occur, but they may not be career ending.

The response matters more than the mistake

Transparency and documentation protect you

Early action reduces consequences

Planning in advance mitigates risk

5 of 21

Discussion Question

Who here has encountered a compliance issue before, whether internally, through monitoring, or during an audit?

When the compliance issue happens, what's the first thing that comes to mind:

1) We've got this! or

2) Now what do we do?

6 of 21

Who Identifies Compliance Issues?

Compliance issues may be identified by:

Grant manager or program staff

Internal auditor

Pass-through entity

Federal awarding agency

Single audit

Advocacy groups and community members

7 of 21

Common Types of Compliance Issues

Unallowable or misallocated

costs

Insufficient documentation

Procurement violations

Missed reporting deadlines

Subrecipient monitoring failures

8 of 21

Example 1: Inadequate Monitoring

Context:

2 CFR Part 200 requires risk-based monitoring of subrecipients to ensure compliance with federal requirements. Failure to assess risk or conduct proper monitoring of activities can lead to misuse of funds and noncompliance findings.

Scenario: An audit found that an organization…

  • Did not have a formal risk assessment process to determine the frequency and scope of subrecipient monitoring to be performed
  • Relied on invoices without requiring or reviewing supporting documentation for any expenditures

Based on these findings, what actions might an auditor recommend?

9 of 21

Example 2: Ineligible Participants

Context:

Federal programs often have strict eligibility criteria for program participants. Serving individuals who do not meet these criteria, or failing to document eligibility, can result in disallowed costs and audit findings.

Scenario: An audit found that an organization…

  • Did not maintain documentation verifying participant eligibility under all program requirements

Based on these findings, what actions might an auditor recommend?

10 of 21

Example 3: Insufficient Asset Management Policy and Procedures

Context:

2 CFR Part 200 requires recipients and subrecipients track, manage, and document equipment, property, and supplies purchased with federal funds. Missing records or unclear management and disposition of assets can result in audit findings.

Scenario: An audit found that an organization…

  • Did not maintain a complete inventory
  • Had limited documentation of use, location, and disposition of equipment

Based on these findings, what actions might an auditor recommend?

11 of 21

Example 4: Improper Management of Contractors

Context:

2 CFR Part 180 requires verification that contractors are not suspended or debarred from receiving federal funds. Failing to check or document these statuses can result in audit findings.

Scenario: An audit found that…

  • 8 out of 10 vendor contracts lacked a suspension/ department clause and documentation showing verification through SAM.gov
  • Staff were unaware of the requirement

Based on these findings, what actions might an auditor recommend?

12 of 21

Proper Response Steps

13 of 21

First Response: Pause, Assess, Document

When an issue is identified, your first response should be:

Avoid

immediate defensiveness

1

Identify the

issue clearly

2

Determine scope

and financial

impact

3

Preserve documentation

4

14 of 21

Minor Issue vs. Major Finding

Correctable internally

Limited financial impact

Significant deficiency

Weak control environment

Increased risk

Requires formal corrective action

For more information, see 2 CFR Part 200, Subpart F Audit Requirements

Minor Issue

Material Noncompliance

Material Weakness

Major Finding

15 of 21

Who Needs to Be Notified?

  • Severity
  • Award terms
  • Whether federal funds are impacted
  • Risk of questioned costs

Depends on:

  • Internal leadership
  • Pass-through entity
  • Federal agency

May require:

Note: Proactive communication often reduces penalties

16 of 21

Material Noncompliance

Violation of:

Federal statutes

Regulations

Terms and conditions of Federal award

(Applies to awards related to a major program)

Note: Major findings are significant enough to warrant direct attention from management and there is a high risk that financial statements are misstated, or that controls are not preventing fraud or error

1

2

3

17 of 21

Responding to a Finding

If a finding has been identified, you must respond to the entity that identified the finding, whether a pass-through entity, Federal agency, or single audit.

Note: Repeat findings signal systemic issues

Understand the finding language

Identify the root cause

Provide documentation

Develop Corrective Action Plan (CAP)

Monitor implementation 

Track repeat findings

18 of 21

Building a Corrective Action Plan (CAP)

A CAP is a structured, written document used to identify, address, and resolve deficiencies, nonconformities, or performance gaps, with the aim of preventing their recurrence. A strong CAP includes:

Root cause analysis

Specific action steps

Responsible person

Timeline

Monitoring

plan

CAPs should fix the system, not just the symptom

19 of 21

Root Cause Analysis

Condition (What is)

How are things being done now?

What are the current facts and evidence of what is happening?

Cause (Why it happened)

Why aren’t things as they should be?

What is the reason for the Condition not meeting the Criteria?

Criteria (What should be)

What is the correct way?

What are the requirements?

Effect (So what?)

What is the risk, consequence, or impact caused by the issue?

Is the effect non-compliant with Federal statutes or regulations?

20 of 21

From Risk to Readiness: �Putting Compliance Into Practice

Organizations that manage federal awards, whether as direct recipients or subrecipients, can shift the focus from damage control to prevention by:

Assessing Current Grant Readiness: Where does your organization stand in terms of grant compliance and internal controls?

Identifying Grant Management Strengths: What practices do you already have in place, and how can they be leveraged and built upon?

Uncovering Gaps: Are any policies missing or outdated?

21 of 21

State Budget DepartmentGrants Management Office

Email: sbd-grants@wyo.gov 

Website: https://sbd.wyo.gov/grants

Kevin Hibbard, Director, Wyoming State Budget Department

Christine Emminger, Administrator for the Grants Management Office

Diana Cabriales, Deputy Administrator for the Grants Management Office

Email: dru.palmer@wyo.gov

Dru Palmer, Grants Integration Manager

Governor’s Office�Grants Management Initiative

Hagerty Consulting, Inc