About This Toolkit

The Office of the Inspector General (OIG/IG) plays a critical role in safeguarding the integrity of public programs. Rather than being an adversary, the IG is a partner in promoting accountability, transparency, and lawful administration.

In some cases, the Compliance Officer (CO) is the safeguard for the integrity and the compliance of both public and private programs.

This toolkit is designed for public sector compliance professionals responsible for certification, contracting, workforce standards, Airport Concession compliance, American Disability Act (ADA) compliance and more. Use it to:

• Anticipate and prevent compliance pitfalls
• Prepare for common triggers of OIG inquiries
• Implement defensible documentation practices
• Improve internal compliance protocols
• Respond confidently and effectively to IG requests

This guide includes actionable insights, risk indicators, sample scenarios, and real-world lessons to help your agency avoid missteps and establish a proactive compliance culture. We will deploy this toolkit in our help center to add and update information in order to ensure we continue to support your agency.

B2Gnow and eComply can help you implement these strategies and strengthen your program’s resilience. Please contact us to help you set up any of the solutions listed below. This toolkit was developed with the support from ABR Advisory Consultants (ABR).

If you’d like to explore any of the solutions and strategies described in this toolkit, you can reach out to our expert team at: www.b2gnow.com/lets-connect

Section 1: Understanding the Inspector General / Compliance Officer (CO)

What Is the IG’s Role?

The Inspector General serves as an independent watchdog, overseeing program operations and ensuring funds are used legally and ethically. Their functions include:

• Fraud Prevention: Investigating misuse of public funds
• Auditing: Reviewing records for compliance and accuracy
• Enforcement: Taking corrective action when violations occur
• Whistleblower Protection: Responding to internal and external concerns or complaints
• Oversight: Ensuring adherence to federal, state, local and internal requirements and policies

When Does the IG Get Involved?

The IG often becomes involved when irregularities surface through audits, complaints, or pattern recognition in data. Many investigations begin with missing documentation, inconsistent records, or whistleblower tips.

The Compliance Officer (CO) serves as an agency watchdog, overseeing program requirements and ensuring contract compliance. They are the first line of oversight and compliance on contracts. Their functions include:

• Auditing: Reviewing records for compliance and accuracy
• Enforcement: Taking corrective action when violations occur
• Oversight: Ensuring adherence to federal, state, local and internal requirements and policies

Pro Tip: Your best defense is timely, accurate, and complete documentation.

Pro Tip: Adhere to the warnings and recommendations of the CO and address them. Do not let issues rise to the IG level.

Section 2: Internal Agency Responsibilities

1. Records Management

Agencies should maintain complete, organized, and easily retrievable documentation. This includes:

• Records retention policies aligned with legal requirements
• Centralized access to certification, contract, and payment data
• Systems that prevent duplicate or inconsistent records

2. Internal Controls & Audits

• Conduct periodic internal audits for high-risk areas like subcontracting, prompt payment, payroll, and joint ventures
• Use findings to implement corrective action and policy updates
• Maintain a compliance calendar and audit log

3. Training & Policy Awareness

• Regularly train staff on responsibilities and red flags
• Document attendance and understanding of training content
• Ensure staff knows how to escalate issues internally

Pro Tip: Centralize most/all of your record management into a software technology that automates all, most or a large portion of the agency requirements (e.g. prompt payment reporting). Having a centralized repository of contract, prompt payment, payroll, Site visits, comments, communication, etc. ensures the program is better prepared for audits and other inquiries.

Pro Tip: A centralized repository of information can simplify the process of transparency in public dashboards.

Pro Tip: Conduct training and educate staff and leadership from the other internal departments such as construction, engineering, project delivery, legal, procurement, etc. about the civil rights requirements and red flags.

B2G Mitigation Solutions: You can be better prepared for audits and inquiries by centralizing your record management with our solutions. Our B2Gnow set of solutions for contract compliance and certification management, along with eComply for prevailing wage compliance, can help you automate and centralize your documentation. 

Section 3: Certification Assessment

Certification starts with trust, but that trust must be earned and verified.

Missteps during the certification process are a foundational risk for agencies and can significantly undermine program credibility.

Key Risk Areas

• Superficial Document Reviews: Rushing through applications or failing to fully assess supporting documentation (ownership, control, experience) can result in the certification of firms that do not meet eligibility criteria. A detailed checklist should be used for each application type.

• Personal Net Worth Oversight: Failure to thoroughly review Personal Net Worth (PNW) statements, including footnotes, supporting documents, and debt structures can lead to improper certifications and undermine program integrity.

• Pass-through Indicators Ignored: Early warning signs that a firm may be a front for a non-certified entity are often overlooked. These include business arrangements that suggest excessive dependency, inconsistent resumes, or financial activity not aligned with the firm's claimed scope.

• Inconsistent Site Visits: Inadequate or skipped visits often result in missed red flags around control, staffing, and operations.

• Informal Follow-Up Processes: When clarification or additional information is needed, ad-hoc or inconsistent communication can lead to gaps in documentation and unequal treatment across applicants.

• Poorly Documented Denials: A denial without comprehensive documentation or clear justification makes the decision vulnerable to appeal, and puts the agency at risk if reviewed.

Mitigation Best Practices

• Conduct Structured, Thorough Reviews: Develop and use standardized checklists for each certification type to ensure all eligibility components are reviewed consistently and thoroughly. Digitizing these forms provide an additional layer of strength.
• Standardized Process for Requesting Additional Information: Implement templated language and automated workflows for follow-up questions and requests to applicants. This reduces bias and ensures consistency.
• Take Site Visits Seriously: Conduct comprehensive site visits before finalizing certification. Use a standard digitized template to document operations, control, equipment, and staffing.
• Flag and Track Risk Indicators: Consistently flag portions of applications with pass-through warning signs or incomplete narratives. Route these to senior staff for additional review when appropriate.
• Write Clear, Detailed Denial Memos: For every denial, document the specific eligibility criteria not met, referencing supporting regulations and application evidence. This protects your agency and supports transparency.
• Thoroughly confirm certification with other agencies: When certifying using interlocal agreements or similar fast track processes, do not accept certification copies without confirming yourself with the certifying agency.

B2G Mitigation Solutions: Our Online Application Module streamlines the initial intake process of certification applications. The Certification Management Modules and Reviews Module can help you conduct structured, thorough reviews by digitizing forms and standardizing the process for requesting additional information. This helps you avoid missteps and ensure consistency.

Section 4: Contract Compliance

Missteps in compliance handling is a common trigger for IG/CO reviews.

Key Risk Areas

• Commercially Useful Function (CUF): Certified firms must perform meaningful, independent work. Red flags include pass-through arrangements or reliance on non-certified partners for staff, equipment, or decision-making. Ensure you equip your team with a list of CUF determinants, red flags and documents needed by the type of vendor.
• Commodity Code Alignment: Certifications must align with the actual scope of work. If the commodity code doesn’t match the service provided, participation may be disallowed. Make sure to thoroughly review, not only the certification status of the vendor, but of their commodity codes prior to approval of a Subcontractor Utilization Plan.
• Loss of eligibility during a contract: Agencies have different guidelines as to whether certified vendor participation counts if the company is no longer eligible for DBE or other certification during the life of the contract. Some agencies count the participation throughout the life of the contract if the vendor is certified at the moment of award, others will only count it for a period after the loss of eligibility and others stop immediately, depending on the program requirements. Be mindful of your program policies and set procedures to identify these situations in a timely manner.
• Termination/Substitution Procedures: Removing a certified vendor without proper  justification, or replacing them with a non-certified firm, is a violation in most programs. Ensure you have a standard workflow for the request of termination, substitution and even addition of new subs. A simple, streamlined process minimizes the likelihood of missing information.

Mitigation Best Practices

• Document CUF reviews and site visits thoroughly. Ensure they are recorded in the appropriate
• Do not accept certification copies without confirming yourself with the certifying agency
• Do not allow vendors/prime contractors to self-perform project site visits or CUF reviews
• Require prime contractors to submit supporting documentation with participation reports (e.g. Sub participation confirmation)
• Review commodity codes certification during pre-award and post-award to ensure work performed by the certified contractor aligns with the certification work scopes of the firms
• Train project managers and the industry including prime contractors and subcontractors on substitution & removal protocols
• Consistent monitoring and tracking of participation performed and payments based on the commitments at contract award and any subsequent modifications
• B2G Mitigation Solutions: Our Contract Compliance Module and Workforce Management Module help you monitor participation and payments based on contract commitments. The Subcontractor Utilization Plan Module ensures certification status, sub confirmation, and that work performed by certified contractors aligns with their work codes. It will also allow you to collect Good Faith Efforts if goals are not being met. The Goal Setting Module can also help agencies set standardized and defensible goals for their contracts.  The Reviews Module helps you document CUF reviews and site visits thoroughly, as well as other documentation around OSHA, prompt payment and more, providing a centralized location for all records.

Section 5: Concessions & Joint Ventures

Joint ventures (JVs), particularly in airport and concessions projects, can trigger scrutiny if not properly structured.

What to Evaluate in a JV:

• Operational Control: The certified firm must have real authority in staffing, purchasing, vendor selection, etc.
• Financial Contribution: Certified firms must contribute proportionately to capital and startup costs.
• Use of Shared Resources: Over-reliance on the non-certified partner (staff, software, equipment) raises red flags.
• Profit Distribution: Returns must match ownership percentages and not involve complex or disguised arrangements.

Mitigation Best Practices

• Review operating agreements thoroughly before execution
• Require disclosure of capital contributions
• Ensure certified firms maintain separate bank accounts and payroll systems
• Request periodic operations logs showing day-to-day decision-making
• Request additional information from Jurisdiction of Original Certification when red flags arise during a Joint Venture review, even if it causes delays.
• Centralize where documentation, audits, ACDBE site visits, concession reviews and Joint Venture reviews are kept.

B2G Mitigation Solutions: Our Concessions Compliance Module and Reviews Module help centralize all documentation, audits, and reviews related to concessions and joint ventures. This ensures all the necessary information is collected and easily retrievable in case of an inquiry.

Section 6: Prevailing Wage & Workforce Compliance

Wage and workforce violations are easy to detect and highly visible, making them a common point of inquiry for IGs.

Key Violations

• Incomplete Certified Payroll Reports: Missing hours, signatures, classifications, or Social Security Numbers
• Worker Misclassification: Skilled labor reported under general labor codes
• Discrepancies in Headcounts: Payroll doesn’t match jobsite observations
• Use of Independent Contractors: 1099s used for roles requiring W-2 employment
• Fringe Benefit Misreporting: Benefits are reported but not provided or understood by workers

Mitigation Best Practices

• Conduct surprise site visits and compare feedback to payroll reports
• Do not allow vendors to self-perform site visits
• Educate contractors on classification rules
• ALWAYS interview the workers without the Prime or subprime present
• Require supporting documentation for fringe benefits
• Audit CPRs monthly and keep a flagging system for errors
• Work with the technical project team to support oversight and compliance to performance and work performed

B2G Mitigation Solutions: Our eComply Prevailing Wage Management system to manage compliance with the Davis Bacon Act, and other prevailing wage requirements. The Workforce Module allow you to audit certified payroll reports monthly and maintain a flagging system for errors. The On The Job Training Module can help you track and manage training programs to ensure compliance.

Section 7: Title VI and ADA Compliance

Ensuring accessibility and equity is not only legally required, it’s also a frequent source of public complaints.

Risk Areas

• Inaccessible facilities or communication especially in public facilities
• Lack of multilingual or assistive services
• Ignoring public complaints, poor complaint filing mechanism, or failing to document resolutions

Mitigation Best Practices

• Conduct regular physical audits of ADA accessibility
• Provide alternate formats and language access based on community needs
• Maintain a centralized public complaint log with documented follow-up and automated response acknowledging receipt of complaint
• Maintain records of responses, resolution and follow-up in a centralized location that links it to the original complaint.
• Include Title VI and ADA in staff and contractor training

B2G Mitigation Solutions: Our Reviews Module can help you maintain a centralized complaint log with documented follow-up and responses, ensuring you have a centralized location to track responses and resolutions. 

Section 8: General Mitigation Strategies

✅ 1. Build a Document-Ready Culture

• Create centralized, searchable digital folders for all key compliance areas: certifications, contracts, payroll, ADA documentation, audits, complaints, etc.
• Use a system with controls to track changes to files over time
• Retain meeting notes and informal communications for all major decisions in a centralized location alongside the project records

✅ 2. Conduct Internal Mock Audits

• Test your ability to respond to a hypothetical IG request
• Try pulling documentation from the past 3 years, how fast can your team locate it?
• Ask internal auditors or compliance officers to evaluate how well staff understand CUF reviews, Certified payroll reports, Concessions agreements, ADA complaint review process.

✅ 3. Assign Request Response Teams

• Designate a small group of staff trained to coordinate any IG or audit response
• Maintain a response playbook with sample templates, escalation steps, and timelines

✅ 4. Require Staff Training and Acknowledgment

• Provide onboarding and annual training on compliance requirements
• Cover topics such as procurement protocols, prevailing wage, contract/concession compliance, certification rules, documentation best practices, and red flags
• Have staff sign an acknowledgment of training to show awareness

✅ 5. Use Checklists and Standard Digitized Templates in a centralized location

• Reduce room for error by standardizing what documentation is required at each stage (e.g., subcontractor onboarding, payroll review, joint venture review)
• Include forms like CUF Review Forms, compliance Audit Summary, Document Submission Logs, IG Request Response Templates
• Have Project Site Visit / CUF Reviews determinants, red flags and required documents per type of vendor included as part of the standard CUF Review forms.

✅ 6. Promote a Speak-Up Culture

• Encourage staff to report inconsistencies or concerns internally before they escalate externally
• Track and act on internal red flags, even if they seem minor
• Document your response to each concern and include outcomes

Bottom Line

Most agencies don’t get in trouble for what they did, they get in trouble for what they can’t prove they did.
 

By creating a system where documentation is:

• Complete
• Consistent
• Centralized
• Contemporaneous and
• Collected

you create an environment where inquiries can be handled quickly, confidently, and transparently.

Section 9: Certification and Prompt Payment Exercise

Case

The following image is the compliance audit summary of an Architectural project. Please note what relevant information can be obtained by reviewing the audit summary.

Section 10: Real Life Scenario

An airport compliance officer was overseeing the approval process for a new joint venture involving an out-of-state ACDBE-certified firm. The agency had not originally performed the certification and needed to ensure that the certification was legitimate before the agency moved forward with contract execution.

Phase 1: Pre-Contract Caution

“In this case, I did not perform the certification, and the firm was out of state, so I asked our certifying agency to review the certification. This slowed down our contract process, as we needed an answer as to whether this was a bona fide ACDBE firm and we had to wait for the certifying agency to confirm. They did and we were able to proceed, but I would advise you get ALL of the questions – joint venture, sublease, certification, supplier info answered before the agreements with the agency are found.”

✅ Lesson: Document the story while it’s happening. Memory fades, and contemporaneous notes carry more weight than retroactive explanations.

Phase 2: Documenting the Process

Then, after we got confirmation that the firm was cool, I put notes on the file. What we did, who we asked, what the results were. Document the story while it’s happening. It’s too hard to remember later.

✅ Lesson: Document the story while it’s happening. Memory fades, and contemporaneous notes carry more weight than retroactive explanations.

Phase 3: Inspector General Inquiry

IG came calling about 4 years later, with questions about the certification status of the firm. They didn’t ask me about my previous suspicions, and I didn’t tell them. I answered exactly the questions that they asked and gave them exactly the documents they requested. In this case, my notes about the previous investigation made it pretty clear what I thought, and I provided all of that.

✅ Lesson: Stick to the facts. Don’t offer speculation. Let your documentation do the talking.

Phase 4: Litigation and Legal Support

This particular issue came up in litigation later and I also had to provide attorneys with a timeline. I wasn’t as good at keeping track of what happened by this point, but I was able to go back to the notes and provide a very detailed account of everything that happened. Create a timeline of problem files. You never know when you’ll have to refer back to it.

✅ Lesson: For files with unresolved questions or known risks, create and maintain a timeline. You may need to reconstruct events years later for court, audit, or compliance review.

Section 11: Contacts & Questions

Turn Oversight into Opportunity: Let B2G & eComply Help You Prepare, Comply, and Excel

When the Inspector General comes knocking, whether it’s a routine check or a more in-depth review, your agency’s ability to respond thoroughly and effectively makes all the difference. The strategies shared in this toolkit are just the beginning.

The real opportunity lies in putting those strategies into action, and that’s where we come in.

From document management to compliance tracking and audit readiness, B2G’s suite of tools is designed to help agencies like yours build strong systems that not only meet regulatory requirements but stand up to scrutiny.

From program development and training to contract compliance monitoring and audit readiness, B2G’s suite of tools and ABR Advisory’s expert advisory services are designed to help agencies like yours build strong systems that not only meet regulatory requirements but stand up to scrutiny.

We can help.

Let’s explore what’s possible.

Use the link below to discuss your needs and schedule a personalized walkthrough. We’ll show you exactly how B2G & eComply can support your goals, not just the strategies in this toolkit, but your broader compliance mission.

Let’s make oversight a strength, not a stressor.

Connect with us at: http://www.b2gnow.com/lets-connect  

If you still require additional assistance, close this tab and return back to the system and submit a support ticket.