Skip to main content

Documentation Index

Fetch the complete documentation index at: https://grantmaster.dev/llms.txt

Use this file to discover all available pages before exploring further.

Feature Guide: Compliance & Audit

Overview

The Compliance module provides organization-wide monitoring, policy management, and audit trail capabilities. It ensures your organization meets donor requirements, internal policies, and regulatory obligations. The Auditor Review panel provides a dedicated interface for external auditors.

Key Capabilities

FeatureDescription
Compliance DashboardReal-time health score with trend visualization across all compliance areas
Policy EngineCreate, manage, and apply compliance policies with AI-assisted extraction
Audit Log ViewerChronological log of all critical system events with filtering
Project CompliancePer-project compliance scoring and requirement tracking
Grantor ComplianceDonor-specific rule tracking and adherence monitoring
Expense ComplianceAutomated checking of expenses against grant rules and policies
Journal ComplianceTime-tracking validation against effort certification requirements
AI Processing LogTransparency viewer showing all AI-generated analysis and decisions
Auditor Access ManagementGrant time-boxed access to external auditors
Report GenerationCreate compliance and audit reports for internal and external use

Compliance Dashboard

Who: Admins, Managers (full access), Members (no access), Auditors (read-only) Where: Compliance > Dashboard The dashboard provides a single view of organizational compliance health:
  • Overall Score — aggregated compliance percentage across all active grants and projects
  • Trend Chart — monthly compliance score history
  • By Category — breakdown by financial, operational, reporting, and HR compliance
  • Alerts — active compliance violations requiring attention
  • Upcoming Deadlines — reporting and compliance deadlines across all grants

Policy Engine

Who: Admins, Managers Where: Compliance > Policies

Creating Policies

  1. Click New Policy
  2. Define the policy:
    • Name and description
    • Category: Financial, Operational, HR, Reporting, Procurement
    • Rules: Specific conditions that trigger violations (e.g., “Single expense above $5,000 requires 2 approvals”)
    • Scope: Apply to all projects, specific grants, or specific project types
  3. Activate the policy to begin enforcement

AI-Assisted Policy Extraction

Upload a grant agreement to the Compliance Policy Extractor, and the AI will:
  • Identify compliance requirements from the document
  • Suggest policy rules matching those requirements
  • Create draft policies ready for review and activation

Use Cases

  • Procurement Policy: “All purchases above $10,000 require three written quotes”
  • Travel Policy: “Daily per-diem for international travel must not exceed $250”
  • Reporting Policy: “Quarterly financial reports must be submitted within 30 days of quarter end”

Audit Logs

Who: Admins, SuperAdmins (full access), Managers (read-only), Auditors (full access) Where: Compliance > Audit Logs Every significant action in GrantMaster is recorded in the audit trail:
  • Entity Changes — create, update, delete operations on projects, expenses, journals, documents
  • Approval Workflows — expense approvals, journal submissions, document reviews
  • User Actions — login, role changes, team member additions
  • System Events — automated processes, AI operations, integration syncs

Filtering

Filter audit logs by:
  • Date range
  • User (who performed the action)
  • Entity type (project, expense, journal, etc.)
  • Action type (create, update, delete, approve)
  • Severity (info, warning, critical)

Auditor Access

Who: Admins (grant access), Auditors (use access)

Granting Access

  1. Go to Compliance > Auditor Access
  2. Click Grant Access
  3. Configure:
    • Auditor email — the external auditor’s account
    • Access window — start and end dates (time-boxed)
    • Scope — which modules and data the auditor can view
  4. The auditor receives an email invitation and can log in during the access window

What Auditors Can Access

  • Compliance dashboard (read-only)
  • Audit logs (full access with filtering and export)
  • Financial reports and expense records (read-only)
  • Journal/journal submissions (read-only)
  • Organization settings (read-only)
  • Team information (read-only)

What Auditors Cannot Do

  • Create, edit, or delete any records
  • Approve or reject workflows
  • Access billing or subscription information
  • View data outside their granted time window

Best Practices

  • Activate policies before grant activity begins — retroactive compliance checks are less effective
  • Use AI extraction for every new grant agreement to ensure all donor requirements are captured as policies
  • Review the compliance dashboard weekly — address violations when they are small
  • Grant auditor access with minimal scope — only enable the modules the auditor needs
  • Export audit logs quarterly — maintain offline records for regulatory requirements
  • Document policy exceptions — if a policy is overridden, note the reason in the audit log

Limitations

  • The Policy Engine supports rule-based compliance only — complex conditional logic (e.g., “if Category A exceeds XANDCategoryBexceedsX AND Category B exceeds Y”) requires multiple policies
  • AI policy extraction accuracy depends on the clarity of the grant agreement — poorly formatted documents may need manual review
  • Audit logs are retained for 7 years by default — the retention period is configurable by SuperAdmins
  • Auditor access is time-boxed and cannot be extended after expiry — a new access grant must be created
  • Compliance scores are calculated from tracked data only — activities not recorded in GrantMaster are not reflected