Uncategorized

The Complete 2 CFR 200 Compliance Checklist for Small Governments and Nonprofits [2026 Updated]

March 22, 2026

If your organization receives federal grants, you are subject to 2 CFR Part 200 — the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards. Compliance is not optional, and the consequences of noncompliance range from questioned costs to suspension and debarment.

This checklist covers every major compliance area that auditors test during a Single Audit. Use it as a self-assessment tool to identify gaps before your next audit cycle. Each item maps to a specific regulatory section so you can trace the requirement to its source.

Organizational Infrastructure

Written grant management policies and procedures that address 2 CFR Part 200 requirements (200.303)
Designated grants management staff with defined roles and responsibilities (200.303)
Current SAM.gov registration with active UEI (200.332, renewal required annually)
Documented conflict-of-interest policy covering procurement, personnel actions, and grant-related decisions (200.318(c)(1))
Annual conflict-of-interest disclosures on file for all key personnel (200.318(c)(1))

Financial Management and Internal Controls

Financial management system that tracks expenditures by individual federal award (200.302)
Documented internal controls including separation of duties for authorization, custody, recording, and reconciliation (200.303)
Written cost allocation plan or methodology documented and consistently applied (200.405)
Current indirect cost rate agreement (NICRA) or documented election of the 15% de minimis rate (200.414)
Time-and-effort documentation for all personnel charged to federal awards — semi-annual certifications for single-cost-objective employees, personnel activity reports for split-funded staff (200.430)
Written procedures for determining cost allowability before committing expenditures (200.403)
Cash management procedures minimizing time between federal fund receipt and disbursement (200.305)

Procurement and Contracting

Written procurement procedures addressing all four procurement methods: micro-purchase (up to $10,000), small purchase ($10,001-$250,000), sealed bids/competitive proposals (above $250,000), and noncompetitive/sole-source (200.318-200.327)
SAM.gov exclusion verification before every contract award, with documentation retained in the procurement file (200.214)
Competition requirements documented for each procurement above the micro-purchase threshold (200.319)
Written sole-source justification for every noncompetitive procurement (200.320(c))
All federally-funded contracts include required clauses from Appendix II to Part 200 (200.327)
Evaluation criteria documented before solicitation for competitive procurements (200.320)

Award Management and Reporting

Award file for each grant containing all terms, conditions, and special provisions (200.334)
Reporting calendar with deadlines for financial reports (SF-425) and performance reports (200.328-200.329)
Period of performance dates tracked with controls preventing charges outside the authorized period (200.310)
Equipment purchased with federal funds tracked in an inventory register with biennial physical inventory (200.313)
Prior-approval procedures for budget revisions, scope changes, and no-cost extensions (200.308)
Records retention schedule: minimum 3 years from final expenditure report submission (200.334)

Subrecipient Monitoring (Pass-Through Entities Only)

Subrecipient vs. contractor determination documented for each arrangement (200.331)
Pre-award risk assessment conducted for each potential subrecipient (200.332(b))
Subaward agreements include all required data elements per 200.332(a)
Written monitoring plan with desk review schedule, site visit triggers, and management decision procedures (200.332(d))
Subrecipient Single Audit reports reviewed and management decisions issued within 6 months (200.332(d)(3))

Audit Readiness

Annual federal expenditure calculation documented to determine Single Audit applicability ($1,000,000 threshold per 200.501)
Schedule of Expenditures of Federal Awards (SEFA) maintained and reconcilable to the general ledger (200.510)
Prior audit findings tracked with corrective action plans including responsible parties, deadlines, and evidence of closure (200.511)
Auditor engagement initiated within first quarter of fiscal year for organizations subject to Single Audit

Data Security and Technology Controls

Written information security policy covering federal grant data and personally identifiable information (200.303(e))
Role-based access controls restricting grant financial data to authorized personnel (200.303(e))
Incident response plan for data breaches involving federal grant data or PII (200.303(e))
Periodic user access reviews for grant financial systems (200.303(e))

How to Use This Checklist

Print this checklist and mark each item as Complete, In Progress, or Not Started. Any item marked Not Started is a potential audit finding waiting to happen.

For a scored, personalized version of this checklist that identifies your specific gaps and produces a remediation roadmap, take the free Grant Readiness Assessment. It evaluates your organization across all 7 compliance domains in approximately 15 minutes and produces a prioritized action plan ranked by audit risk.

This checklist reflects 2 CFR Part 200 as revised October 1, 2024. Thresholds and requirements may change in future regulatory updates. Always verify current requirements at ecfr.gov.

How Ready Is Your Organization?

Take our free Grant Readiness Assessment and see where you stand across seven compliance domains.

Start Free Assessment

Organizational Infrastructure

Written grant management policies and procedures that address 2 CFR Part 200 requirements (200.303)

Designated grants management staff with defined roles and responsibilities (200.303)

Current SAM.gov registration with active UEI (200.332, renewal required annually)

Documented conflict-of-interest policy covering procurement, personnel actions, and grant-related decisions (200.318(c)(1))

Annual conflict-of-interest disclosures on file for all key personnel (200.318(c)(1))

Financial Management and Internal Controls

Financial management system that tracks expenditures by individual federal award (200.302)

Documented internal controls including separation of duties for authorization, custody, recording, and reconciliation (200.303)

Written cost allocation plan or methodology documented and consistently applied (200.405)

Current indirect cost rate agreement (NICRA) or documented election of the 15% de minimis rate (200.414)

Time-and-effort documentation for all personnel charged to federal awards — semi-annual certifications for single-cost-objective employees, personnel activity reports for split-funded staff (200.430)

Written procedures for determining cost allowability before committing expenditures (200.403)

Cash management procedures minimizing time between federal fund receipt and disbursement (200.305)

Procurement and Contracting

Written procurement procedures addressing all four procurement methods: micro-purchase (up to $10,000), small purchase ($10,001-$250,000), sealed bids/competitive proposals (above $250,000), and noncompetitive/sole-source (200.318-200.327)

SAM.gov exclusion verification before every contract award, with documentation retained in the procurement file (200.214)

Competition requirements documented for each procurement above the micro-purchase threshold (200.319)

Written sole-source justification for every noncompetitive procurement (200.320(c))

All federally-funded contracts include required clauses from Appendix II to Part 200 (200.327)

Evaluation criteria documented before solicitation for competitive procurements (200.320)

Award Management and Reporting

Award file for each grant containing all terms, conditions, and special provisions (200.334)

Reporting calendar with deadlines for financial reports (SF-425) and performance reports (200.328-200.329)

Period of performance dates tracked with controls preventing charges outside the authorized period (200.310)

Equipment purchased with federal funds tracked in an inventory register with biennial physical inventory (200.313)

Prior-approval procedures for budget revisions, scope changes, and no-cost extensions (200.308)

Records retention schedule: minimum 3 years from final expenditure report submission (200.334)

Subrecipient Monitoring (Pass-Through Entities Only)

Subrecipient vs. contractor determination documented for each arrangement (200.331)

Pre-award risk assessment conducted for each potential subrecipient (200.332(b))

Subaward agreements include all required data elements per 200.332(a)

Written monitoring plan with desk review schedule, site visit triggers, and management decision procedures (200.332(d))

Subrecipient Single Audit reports reviewed and management decisions issued within 6 months (200.332(d)(3))

Audit Readiness

Annual federal expenditure calculation documented to determine Single Audit applicability ($1,000,000 threshold per 200.501)

Schedule of Expenditures of Federal Awards (SEFA) maintained and reconcilable to the general ledger (200.510)

Prior audit findings tracked with corrective action plans including responsible parties, deadlines, and evidence of closure (200.511)

Auditor engagement initiated within first quarter of fiscal year for organizations subject to Single Audit

Data Security and Technology Controls

Written information security policy covering federal grant data and personally identifiable information (200.303(e))

Role-based access controls restricting grant financial data to authorized personnel (200.303(e))

Incident response plan for data breaches involving federal grant data or PII (200.303(e))

Periodic user access reviews for grant financial systems (200.303(e))

How to Use This Checklist

Print this checklist and mark each item as Complete, In Progress, or Not Started. Any item marked Not Started is a potential audit finding waiting to happen.

This checklist reflects 2 CFR Part 200 as revised October 1, 2024. Thresholds and requirements may change in future regulatory updates. Always verify current requirements at ecfr.gov.

The Complete 2 CFR 200 Compliance Checklist for Small Governments and Nonprofits [2026 Updated]

Organizational Infrastructure

Financial Management and Internal Controls

Procurement and Contracting

Award Management and Reporting

Subrecipient Monitoring (Pass-Through Entities Only)

Audit Readiness

Data Security and Technology Controls

How to Use This Checklist

How Ready Is Your Organization?

More Insights

Single Audit Preparation Checklist: A Step-by-Step Guide for First-Time Auditees Under $5M

How to Write a 2 CFR 200 Procurement Policy Template That Satisfies Federal Auditors

What Are the Compliance Requirements for Federal Grants?

The Complete 2 CFR 200 Compliance Checklist for Small Governments and Nonprofits [2026 Updated]

Organizational Infrastructure

Financial Management and Internal Controls

Procurement and Contracting

Award Management and Reporting

Subrecipient Monitoring (Pass-Through Entities Only)

Audit Readiness

Data Security and Technology Controls

How to Use This Checklist

How Ready Is Your Organization?

More Insights

Single Audit Preparation Checklist: A Step-by-Step Guide for First-Time Auditees Under $5M

How to Write a 2 CFR 200 Procurement Policy Template That Satisfies Federal Auditors

What Are the Compliance Requirements for Federal Grants?