Overview of Updates to 2 CFR Part 200 – Uniform Guidance

On April 22, 2024, the United States Office of Management and Budget (OMB) issued the revised OMB Guidance for Grants and Agreements, which is now called the OMB Guidance for Federal Financial Assistance. This is noted as the most significant update to the Uniform Guidance since it was released in 2013.

In this update, there have been significant changes made to 2 CFR Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, commonly known as the “Uniform Guidance”. In our previous article, Proposed updates to 2 CFR Part 200 – Uniform Guidance – What auditees need to know now, we provided an overview of OMB’s objectives for the revisions along with some of the more impactful changes that were proposed, many of which were approved in the final guidance.

When are the changes effective?

As stated in the Federal Register (FR), the revised guidance is effective for awards issued on or after Oct. 1, 2024, except for the revisions to Subpart F – Audit requirements, whose effective date is for fiscal years beginning on or after Oct. 1, 2024. While this is not explicit in the FR, it was clarified in the 2024 Compliance Supplement, Part 8, Appendix VII.

To demonstrate the application of the guidance, assume a recipient has a fiscal year-end of June 30, 2025. In this case, the recipient will review their awards to determine which awards were issued on or after Oct. 1, 2024, and are therefore subject to the revisions in Subparts A – E*. However, the revisions in Subpart F, which are further detailed below, would not apply for the recipients June 30, 2025, year-end since their fiscal year began on July 1, 2024. As such, they would have to wait until June 30, 2026, year-end for the Subpart F provisions to apply.

Several transitional issues have yet to be finalized and OMB has indicated they will be providing further guidance in the coming months.

What is changing?

Change management will be critical for recipients as the updates were pervasive to the entire text of the regulation. While some changes are more significant, such as the increase to the de minimus indirect cost rate, increases to various thresholds, the requirement for an entity to implement cybersecurity measures and the increase to the audit threshold, others are more nuanced and will require a detailed review and gap assessment with existing policies.