COSaiCOSai

For grant-compliance institutions

Stop scrambling for grant documentation before every audit.

OMB Uniform Guidance requires complete documentation for every federal-award expense. Annual single audits test it. A documentation gap doesn't produce a fuzzy P&L — it produces a federal questioned cost, potential clawback, and a finding that names your institution in publicly-filed audit reports.

The shape of the gap

Federal grant money is spent across inboxes the sponsored-programs office cannot see: the principal investigator's mailbox, the lab manager's, the department procurement coordinator's, the facilities coordinator's, the P-card holder's. Each receipt lives somewhere; few are forwarded; almost none are forwarded with the right metadata to tie back to the grant.

The controller runs the FY24 single-audit prep manually, every cycle, against a population of thousands of P-card transactions and dozens of grant award codes. Every missing receipt is a phone call, an email chain, a "do you remember spending $847 in June on lab supplies?" — and the auditor's fieldwork starts on a date that doesn't move.

What COSai does for the controller

  • Stitches every consented inbox to the ledger. Google Workspace DWD or M365 admin-consent at the org level gives a single completeness view across the PI's mailbox, department staff, procurement, facilities, and the cardholder.
  • Surfaces every transaction with no supporting document. Period-scoped, grant-coded if applicable, ranked by audit risk. The actionable row-level chase list — not just a completeness percentage.
  • Identifies who probably holds the document. Inferred from the transaction's vendor, the department the charge was coded to, the cardholder, prior correspondence — so the chase goes to the right person on the first try.
  • Brokers the access request, with audit-grade chain of custody. Drafts an access-request email, queues it for the controller's approval, logs the ask + the response + the rendered email. Every document touched has a who-saw-it-when-why record.
  • Runs as-of the closing date. The audit isn't of right-now. It's of FY24. Every operation is scoped to the period under review.
  • Reports on T&E, P-card, indirect cost recovery, grant burn. The dashboards the sponsored-programs office checks weekly — certification status by PI, P-card receipt completeness by cardholder, F&A recovery vs. negotiated rate, burn-to-date on each award.

Who this is for

Institutions in the $50M–$2B+ operating budget range with $10M+ in federal grant flows:

  • — Research universities (R1 / R2 / HBCU)
  • — Hospital systems with NIH / HRSA / state research funding
  • — Multi-entity nonprofits with federal and state grant exposure
  • — Municipalities and state agencies running federal pass-through programs

The buyer is the controller, VP Finance, or Director of Sponsored Programs — typically a 2–6 person team carrying the completeness burden today.

Security posture

SOC 2 Type I in progress. GLBA Safeguards baseline shipped. Encryption at rest + in transit, every inbox access logged with a who-saw-what-when-why record, 7-year audit-grade retention on every document, configurable data-deletion workflow.

See our security page for the full posture.

Talk to us before the next audit cycle

We're landing first design partners now. If your institution lives this pain, get in touch directly.

Get in touch