How to Minimize Risk Throughout Your Grant Cycle

There are millions of wonderful nonprofit organizations working to make this world a better place. And as a grantmaker, you’ve had the privilege of supporting many of them.

But on occasion, a person will make a mistake or doesn’t follow the restrictions for the grant. Or even more rare, a bad actor will intentionally try to impede your impact—either by posing as a grantee or by stealing from your grantee.

Even though these instances are few and far between, your grantmaking organization needs to be prepared. To mitigate risk throughout your grant cycle, you need to know your grantees through relationships and documentation, support their internal controls, and set up a process for whistleblower complaints.

Mitigate Risks by Knowing Your Grantees

The more you know about your grantees, the better decisions you can make. In addition to building relationships with the organizations you support, there is some documentation you should ask for, especially for new applicants. Here is a list of key information grantmakers should, at a minimum, obtain when completing the due diligence process:

  • List of board members to make sure there aren’t any conflicts of interest
  • Internal Revenue Service (IRS) Determination Letter to verify they are recognized by the IRS
  • IRS Federal Form 990 to make sure the organization is compliant with its required IRS filings
  • Audited financial statements to verify the organization’s financial health
  • Organizational budget to get an idea of the organization’s financial strategy for its fiscal year and beyond

It’s also important to understand how the grantee would respond to unexpected revenue shortfalls or cost overruns. Depending on how your application is set up, you can add an open-ended question or discuss it during a follow-up conversation.

Encourage Grantee Internal Controls

All well-run organizations have standard best practices that employees follow. These internal controls provide consistency and security. Most of your established grantees will have documented internal controls, but it’s always good to verify and help them establish these practices if they aren’t already in place.

Here are some of the internal controls your grantees should have:

Formal Written Policies and Procedures

You want to make sure your grantees have documented and defined ways of managing and tracking the funds they receive. Here are some questions you can ask potential grantees, either as part of the application or as a follow-up conversation:

  • Who at your organization can approve grant spending? Do you have tiered approvals for different amounts?
  • How do you track time and effort?
  • What are your procurement standards?
  • How do you minimize the time between requesting grant funds and paying vendors?

As a grantmaker, be sure to review all your grant terms and conditions to ensure any additional policies that you require are in writing and easily accessible by your grantees.

Adequate Monitoring

Having great written policies is key, but how do your grantees ensure that they are followed? Suggest that they monitor the following activities, and provide support if your grantees don’t have the systems in place:

  • Confirm that applicable grantee staff understand and adhere to existing policies and procedures
  • Ensure charges to all grants are reasonable, allocable, and allowable
  • Make sure the grantee is applying organizational policies uniformly to all grants
  • Verify that spending is adequately documented


This is a common area of weakness we see across grantees, large and small.

As a grantmaker, it is important that you ensure your grantees do the following:

  • Reconcile their general ledger account on a regular and current basis
  • Match property records for equipment purchased with grant funds with accounting records
  • Reconcile physical inventory of property purchase with property records

Many of your repeat or more mature grantees will already have the documented internal controls and reporting in place so these questions will simply be a box to check. But for younger organizations, you may need to guide them on how to use their fund accounting software to automate these controls or set them up with a mentor organization to help establish them.

Create a Policy to Handle Whistleblower Complaints

Even when you have an established relationship with a grantee and they have documented controls in place, there can still be problems. Whistleblowers who call attention to possible wrongdoing can save you significant time, resources, and reputational damage if you catch issues early. If you receive a whistleblower complaint, it is crucial to maintain transparency and accountability. Here are a few tips to consider:

  1. Develop a whistleblower protection policy that encourages employees, volunteers, and other stakeholders to come forward with credible information about any illegal practices or violations.
  2. Ensure that your policy outlines that the individual who reports the violation will be protected from retaliation.
  3. Determine who the complaint should go to, such as a staff member, a board member, or an external party. Create a separate email address, telephone number, and fax number to report violations.

Your whistleblower policy should be broad in scope so that it includes not only financial concerns but also complaints about a wider variety of activities and operations. Make sure you are complying with federal and state laws that protect whistleblowers from retaliation. Consider obtaining outside legal counsel when drafting your policy. Establish an internal process for handling complaints and make sure these are posted on an internal intranet site and your employee handbook.

Investigate complaints promptly and take appropriate corrective action if necessary. Consider outsourcing this function if capacity or appropriate skillset is a concern. Involve the Board of Directors in overseeing the whistleblower process. Regularly review and update your policy to ensure its effectiveness. Review this policy along with all your other policies on an annual basis.

Trust Your Grantees, But Verify

The grand majority of the organizations that apply for funding are well-run, well-organized nonprofits that do great work. And because you are building strong relationships and verifying their internal controls, it’s easy to assume everything will always go smoothly. Establish and rely on your own internal controls, best practices, and documented policies to make sure your grantmaking is less likely to fall prey to the occasional mistake or bad actor.