Grantmaking in a Remote Environment – Risk Mitigation

The COVID-19 pandemic has necessitated one of the most pervasive adjustments that a business has to face: operating in a remote environment. No enterprise is immune. Private foundations have played a critical role in the global economy for decades, often carrying out their charitable purposes and mission through grantmaking or direct charitable activities.

While private foundations can vary tremendously in size, scale and reach, there generally remains a consistent goal among all private foundations – to make the most effective and impactful grant possible in accordance with their stated mission. In this article, we hope to provide the guidance needed to mitigate risks in grantmaking taking into account that both the foundation and the grantee are operating remotely.


As many in the grantmaking networks already know, achieving an effective and impactful grant is no easy task, and often involves a significant investment of time and effort made by the foundation before awarding a grant and executing a grant agreement with a grantee. And much like making an investment in a profit-seeking enterprise, a private foundation’s grantmaking process typically involves a robust due-diligence model.

Due-Diligence Model and the Remote Environment Risk

A good starting point for foundations is to consider some of the traditional elements of an organizational risk assessment framework and question how the remote business environment might or might not impact its due diligence on a grantee. Using a combination of organization-wide and activity-level elements of a risk assessment framework, here are some important questions that might be considered by a private foundation as it incorporates elements of remote environment risk into its grantee due diligence model.

Structure and Governance
    • Does the grantee’s governance and management structure possess the skills, knowledge and expertise to operate in a remote environment?
    • Does the grantee’s geographic location pose significant risk, e.g. travel restrictions?
    • Does the grantee’s location also pose significant political risk, e.g, Office of Foreign Assets Control (OFAC) restrictions?
Activity and Regulatory
    • How have the grantee’s programs been affected by the global pandemic: have they suffered disruptions in supply or access to resources necessary to support their programs?
    • Are there new regulatory and compliance requirements the grantee must adhere to?
Information and Communication
    • Can the grantee sufficiently communicate program results accurately and timely in the remote environment?
    • How does the foundation exercise its presence in the remote environment: Zoom, Webex, Teams video conferences?
    • Does the foundation have access to the grantee’s board or those charged with governance?
IT Environment and Controls
    • How does the grantee extend cyber security to employees working remotely?
    • Does the grantee no longer have access to software support necessary to support their programs?
    • To what extent does the grantee rely on the controls of service organizations: does the grantee have a requirement for SOC II reports?
    • Does the grantee have a Disaster Recovery Plan and has it been tested?
    • What preventative measures does the grantee employ to secure their assets and resources (including private foundation grant funds), e.g., education programming such as internal phishing tests sent to their employee base.
Social Environment
      • How has the remote environment impacted a grantee reliant upon volunteering and donated goods and services?
      • Have historical barriers to networks of wealth and/or fundraising been worsened by the remote environment?

Goal: Sound Risk Mitigation

While not all private foundation due diligence models should be considered uniform and one size fits all, the questions posed above are important reminders that the “new normal” of the remote business environment has wide-ranging and often drastic effects on all organizations. And as private foundations continue to exercise sound risk mitigation practices by asking these questions, the answers might yield surprising opportunities to extend support to organizations most affected by the remote business environment.

Contact Us

We welcome the opportunity to answer any questions you may have related to this topic or any other accounting, audit, tax or advisory matters relative to private foundations. Please call 212.286.2600 or email any of the Private Foundation Services team members below: